Scoop has an Ethical Paywall
Kiwi Hacker Unlocks Microsoft's BitLocker
New Zealand security expert Denis Andzakovic has
released a tool that steals the encryption keys for drives
encrypted with Microsoft's BitLocker encryption.
Users who use BitLocker with the default settings, and do not use pre-boot authentication are vulnerable to this attack.
Andzakovic, a Principal Security Consultant at New Zealand infosec firm Pulse Security says, "An attacker can perform this attack with a $40 tool purchased from DigiKey and physical access to the device".
The issue was reported by Andzakovic to Microsoft's Security Response Centre (MSRC). MSRC is quoted with saying "BitLocker documents that this attack is not in scope for the default configuration. BitLocker recommends that if customers care about this level of attack, that they use Pre-boot authentication."
"Most users tend to stick with default configurations, which this attack applies to." says Andzakovic
Users concerned about this attack are advised to enable pre-boot authentication, such as a PIN code, USB key or smart card.
Business Canterbury: Urges Council To Cut Costs, Not Ambition For City
Wellington Airport: On Track For Net Zero Emissions By 2028
Landcare Research: ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
NZ Anti-Vivisection Society: Auckland Rat Lovers Unite!
University of Canterbury: $1.35 Million Grant To Study Lion-like Jumping Spiders
Federated Farmers: Government Ends War On Farming
