14 DAY TRIAL // Microsoft will continue to recommend BitLocker technology in concert with Trusted Platform Module (TPM) hardware to customers looking to protect sensitive data on mobile computers in the eventuality that the device is stolen or lost, the company said. Paul Cooke, Microsoft director, Windows Client Enterprise Security, notes that attackers can potentially access the secrets stored on TPM hardware inside a computer running Windows 7 with BitLocker, but that the company had labored to make such a scenario highly unlikely.
“With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks like this one, or because of poor designs and implementations. The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology,” Cooke stated.
Essentially, an attacker would not only need physical access to a protected computer, but also have to break the TPM for the appropriate secret, and get the user-configured PIN as well. According to Cooke, provided that customers take the necessary steps to make sure the PIN is sufficiently complex, a hack would be infeasible. In this context, an attacker would simply not be able to get the key necessary for the unlocking of the BitLocker protected disk volumes.
Cooke’s clarification comes after last week at the Black Hat DC conference, a physical hack was demonstrated against a TPM, which allowed the security researcher access to the protected contents. Microsoft considers the attacks to pose a very low risk, and indicated that proper BitLocker configuration could act as a mitigation against attacks.
“The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor design, and advanced skills. While this attack is certainly interesting, these methods are difficult to duplicate, and as such, pose a very low risk in practice,” Cooke stated.