I write a lot about security, and about Microsoft’s Bitlocker drive encryption technology. Frankly I really like Bitlocker because it is easy to deploy and because its tied to a TPM (Trusted Platform Module) chip on a computer’s motherboard, it’s very secure. It does have a flaw however and with Windows 8 now upon us this is beginning to concern me. First of all let me explain what Bitlocker is in a bit more detail. This system is a full-disc encryption technology. It will completely encrypt a computer’s, or more commonly a laptop’s hard disk(s) and store the encryption key on the TPM chip. This is different from the Bitlocker To Go feature used to encrypt external USB hard disk and Pen Drives which doesn’t require the TPM.
When I’ve written about Bitlocker before I’ve highlighted all the times we’ve heard, and speculated on all the times we haven’t heard about laptops being left on buses, in the backs of taxis, on trains, in coffee shops and so on. These laptops usually belong to businesses and can contain very sensitive and precious data. Worldwide thousands of laptops are lost or stolen every single day. Top this off with the number of government laptops that are left laying around and lost and the picture gets very concerning indeed.
It is a sad fact that very few business laptops contain a TPM chip and fewer still are encrypted with Bitlocker. The problem on not having a TPM chip in a laptop is both one of cost and of desirability. Businesses don’t want to spend the extra money and as a result, laptop makers don’t bother to fit the chips to anything other than their very high-end models. Any encryption is better than none though despite the flaw that Bitlocker has.
This flaw, which is more of a design and coding fault than anything else, stores the encryption key on memory when the computer is being used. If a laptop is placed in hibernation the contents of memory are written to a hibernation file and stored until you wake the computer next. This hibernation file also contains the encryption key, uncoded, and any hacker who knows what he’s doing, or any industrious person with the correct cracking software, can read the file and get the unlock code. It is because of this that security experts recommend that you disable hibernation if you use Bitlocker.
But what about Windows 8? You can still disable hibernation and, presumably this security problem will still go away. But Windows 8 hibernates the computer every time you shut it down. It does this so that it can provide quick startup times, and they are very quick. Unfortunately there’s been no word yet on whether the Bitlocker hiberfile flaw has been rectified or, if hibernation is manually disabled, some type of hibernation still occurs when the computer is shut down.
These are questions that businesses and governments will need answers to before they make any decision on whether or not to upgrade to Windows 8. The simple fact remains though that Bitlocker will protect the vast majority of computers and should be used anyway. The chances that a random government laptop will be left in a taxi containing very sensitive data, and the person finding it will know about the flaw and how to circumvent it, or even be interested in the laptop’s contents and infinitesimally small. Theft is the problem here where specific people, and specific computers would be targeted deliberately.
So don’t let this put you off using Bitlocker or encrypting your data. In any business it’s important to do so if only to maintain compliance with data protection laws and regulations. Microsoft need to reassure us all though if Bitlocker isn’t going to be resigned to the bin of great computing ideas.
No comments:
Post a Comment