Using Bitlocker? Act Now

Last week researchers discovered a vulnerability in Solid State Drives (SSD) that support hardware encryption. They were able to retrieve data from encrypted drives without knowledge of the password used to encrypt the data residing on the disk.

The vulnerability requires local access to the drive to manipulate firmware.

How Bitlocker is affected

Bitlocker supports both hardware and software based encryption but if left as default will always use hardware if supported by the drive. This potentially means any drive that supports hardware encryption and Bitlocker has been used will be vulnerable to the attack described above.

If you are using Bitlocker follow the steps described below to verify your encryption method:

1)       Open an elevated command prompt.

2)       Type: manage-bde.exe –status

3)       Check for “Hardware Encryption” under encryption method

The SSD uses software if you cannot find reference to hardware encryption as stated above.

Recommendation

To avoid or remediate this vulnerability it is recommended to change your Bitlocker encryption settings via group policy to force software based encryption. The group policy setting can be found under Administrative Templates > Windows Components > Bitlocker Drive Encryption.

This can be used to force all new drives to be encrypted using the new setting however any drives previously encrypted would first need to be decrypted.

Microsoft published a security advisory ADV180028 with further details.