14 DAY TRIAL // The encryption technology integrated into Windows Vista delivers no line of defense against attacks directed at the operating system's core. During the Black Hat 2007 hacker conference in Caesars Palace, Las Vegas at the end of July, security researchers Joanna Rutkowska and Alexander Tereshkin will be taking the Windows Vista kernel apart. The duo will present a Windows Vista hack training focused on the 64-bit versions of the operating system.
The training will involve "unpublished techniques, code, and ideas" and will deliver an insight into new ways to hack "Vista x64 kernel on the fly." Rutkowska wanted to clarify the relation between the Vista encryption and kernel hacks. Only Windows Vista Enterprise, Windows Vista Ultimate and Windows Server 2008 contain the BitLocker Drive Encryption data protection feature.
These attacks "work on the fly and do not require system reboot and are not afraid of the TPM/Bitlocker protection, but some people understood that we were going to actually present ways to defeat Bitlocker Drive Encryption (BDE). This is quite a misunderstanding, because those attacks, which allow for inserting unsigned code into Vista x64 kernel, are "not afraid of TPM/Bitlocker" simply because they can be executed on the fly and thus do not require system reboot, while Bitlocker's task is to secure the boot process, but not to prevent the kernel against compromises," Rutkowska stated.
This is not the first time that Rutkowska has taken a swing at the Windows Vista kernel, nor is it the first time when she focuses on the 64-bit edition of the operating system. Additionally, Rutkowska did mention that the reference to the encryption solution is not accidental.
"However I intentionally mentioned TPM and Bitlocker, just to stress that those technologies have simply nothing to do with stopping rootkits and kernel compromises, provided you're using kernel attacks which do not require system reboot, even though they're often advertised as if they had? So, basically, even if we could break the BDE, it still wouldn't give us any benefit these days. The situation will change within 2-3 years or so, i.e. when Microsoft will eventually come up with their own hypervisor, but that's a different story..." she commented.