FYI.

This story is over 5 years old.

Tech

It's Not Just Apple: US Spies Tried to Crack Microsoft Windows' Encryption Too

​Image: Quasic/Flickr

A series of new documents leaked by Edward Snowden r​eveal that the CIA has been working on ways to break and circumvent Apple's encryption for years.

But Apple hasn't been the only target. The story published by The Intercept on Tuesday also reveals, without going into too much detail, that the CIA might be able to break into BitLock​er, the Microsoft software that encrypts hard drives.

What the document suggests, basically, is that the CIA has found a way to decrypt data on a BitLocker-protected hard drive. But according to experts, this might not be as surprising as it sounds, given the type of attack that the CIA describes in the document.

Advertisement

At a spooks-only conference in 2010, according to a docum​ent released by The Intercept, researchers at the CIA talked about how they could extract private encryption keys from a special security chip called the Trusted Platform Module or TPM, which is necessary to use BitLocker, by "measuring electromagnetic signals emanating from the TPM."

This is what cryptographers call differential po​wer analysis, a sophisticated side-channel ​attack in which spies use sensors or other devices to study the power consumption of a chip while it encrypts and decrypts information to extract the keys from it.

"If I can put a sensor next to the laptop, now all of a sudden I can extract the keys without damaging it."

"This new research means that if I can put a sensor next to the laptop, now all of a sudden I can extract the keys without damaging it," Kenneth Ray, a former Microsoft engineer who was BitLocker's architect from 2005 to 2007, told Motherboard. "This is a tiny bit alarming because now you can attack a TPM without there being any evidence that you did so."

This is not the first time that someone finds a way to do differential power analysis attack on crypto hardware, according to Ray, but this is the first time that someone alleges that this kind of attack can be used to extract keys from a TPM.

Still, Ray added, this is "not surprising" since "all crypto hardware out there is vulnerable to side-band leakage of data that allows the inference of the protected private key."

Advertisement

Peter Biddle, another former Microsoft engineer who led the BitLocker team before its launch in 2005, is also not surprised.

Biddle told Motherboard that his team even tested against differential power analysis attacks and was even successful doing it. In other words, this is not a new exploit, Biddle said.

"We were partnering with people and doing it ourselves 10 years ago," Biddle told Motherboard.

Microsoft declined to comment for this story.

In any case, this not the first time that US authorities try to go after BitLocker. In 2005, before Microsoft launched BitLocker, FBI agents ask​ed Microsoft engineers whether they could install a backdoor into their software.

"It's going to be really really hard for us to do our jobs if every single person could have this technology. How do we break it?" an FBI agent asked at the time.

Microsoft engineers, however, refused to give them the backdoor. Five years later, it looks like the CIA has found another way to solve this problem with this attack—something that's easier than a backdoor since this attack doesn't require the collaboration of a Microsoft engineer.

When they created BitLocker, Ray added, they designed three modes for the software, depending on what kind tradeoff between security and usability the user was willing to make. For the more paranoid, there was a mode that allowed the user to store the key on a USB drive and only be able to boot up the computer and decrypt the hard drive with the USB drive inserted in the computer. Another mode required a PIN during the boot process, before entering the password, and a third mode didn't require the PIN but just a password.

Advertisement

The first mode is not affected by the side-channel attack described by the CIA, according to Ray, but the other two modes are.

"We knew there were weaknesses in all three modes," Ray said, but these modes were just not designed to work against an attacker such as the CIA.

"A well-funded adversary could always get into a BitLocker protected machine."

"A well-funded adversary could always get into a BitLocker protected machine—BitLocker only prevents offline attacks," Ray said. "If they wanted to get into my laptop, they don't care about BitLocker, they just go straight into my laptop, using a variety of well-established tools, including phishing, direct zero-day exploits, etc."

Or, in this case, extracting the key with a sensor and using a differential power analysis attack.

The CIA did not comment on The Intercept story, but an anonymous intelligence official told CNB​C that "that's what we do," apparently meaning their job is to gain access to information that might be protected.

"This isn't just about Apple or Micr​osoft," the official said. "There's a whole world of devices out there, and that's what we're going to do […] It is what it is."

Or as Columbia University professor Steven Bellovin put it to The Intercept, "spies gonna spy."

This revelation questions how secure BitLocker is in general, considering the fact that the developers of Truecrypt, a well-known open-source disk-encryption software, last year suggest​ed users to abandon their software and switch to BitLocker.

But for noted security and cryptography expert Bruce Schneier it's not time to sound the alarm just yet.

"I don't take this to mean that the NSA can take a BitLocker-encrypted hard drive and recover the key," he wrote in a blog ​post. "I do take it to mean that the NSA can perform a bunch of clever hacks on a BitLocker-encrypted hard drive while it is running. So I don't think this means that BitLocker is broken."