Soldato
- Joined
- 18 May 2010
- Posts
- 23,609
- Location
- London
Bitlocker vulnerable to hacking!
- Thread starter opethdisciple
- Start date
Your chosen headline is a little misleading. The onboard encryption on some hard drives has an exploit. Bitlocker will default to using the on-board encryption if it is available and current but can be configured to use its own software encryption based on TPM (normally) or non-TPM if you specifically enable that. (It's off by default).
Windows does this because if there's equivalent encryption quality from a drive but it uses less power and has a slightly lower performance hit because it's in the disk's hardware, then it wouldn't make sense not to. Basically this is a case of vulnerable hardware just the same as if Windows were accessing a network chip or router or a TPM module (as happened early this year). So it's not really in Bitlocker. You'll hit the same problem with any method that uses the flawed hardware.
Flashing the SSD (or HD) wont necessarily help as the drive will still have the same vulnerability as before. If they got through it last time, they'll get through it this time. What you'd actually want to do is configure Bitlocker NOT to use that drive's in-built encryption. Which does require re-encrypting the entire drive, admittedly.
Windows does this because if there's equivalent encryption quality from a drive but it uses less power and has a slightly lower performance hit because it's in the disk's hardware, then it wouldn't make sense not to. Basically this is a case of vulnerable hardware just the same as if Windows were accessing a network chip or router or a TPM module (as happened early this year). So it's not really in Bitlocker. You'll hit the same problem with any method that uses the flawed hardware.
Flashing the SSD (or HD) wont necessarily help as the drive will still have the same vulnerability as before. If they got through it last time, they'll get through it this time. What you'd actually want to do is configure Bitlocker NOT to use that drive's in-built encryption. Which does require re-encrypting the entire drive, admittedly.