Facepalm: BitLocker is a complete encryption function offered by way of Microsoft with Home windows Vista. This era can offer protection to person knowledge because of AES and different complicated algorithms, however it’s not protected from insects and intensive trying out. In step with knowledge introduced on the contemporary Chaos Verbal exchange Congress held on the Chaos Laptop Membership (CCC), Home windows BitLocker may also be changed and not using a screwdriver. A hacker named Thomas Lambertz discovered a technique to exploit an outdated vulnerability, regarded as embedded in Microsoft’s encryption era, bypassing many safety features to compromise Home windows 11 updates. The instrument vulnerability that Lambertz makes use of is sometimes called bitpixie (CVE-2023-21563). Microsoft has identified about this since 2022 however has now not been ready to unravel the issue. The flaw CVE-2023-21563 is “BitLocker Safety Function Bypass Vulnerability,” Microsoft mentioned. A a success assault can bypass complete quantity encryption and achieve get entry to to safe knowledge, even if it is going to require get entry to to the objective gadget. Lambertz was once ready to “repair” the bitpixie trojan horse by way of the usage of the debatable Protected Boot era to liberate an older Home windows bootloader. The bootloader comes in handy for taking out the encryption key from reminiscence, which may also be recovered the usage of the Linux OS. Hacking calls for one-time get entry to to the objective gadget, together with connection to a operating community.
Bitpixie’s newest assault appears like a no brainer for customers, however the industry sector is an absolutely other tale. Many industry shoppers use BitLocker to offer protection to their PCs, Lambertz famous, and the encryption era is now supported by way of default on new Home windows 11 installations. The preferred “Software Encryption” function does now not require an extra password, because of this that customers can “liberate” the BitLocker quantity by way of merely beginning Home windows with their easy accounts. This BitLocker transfer has been damaged for some time, the hacker mentioned, and may also be attacked from both sides of the {hardware} and systems to provide an explanation for the force knowledge. In his hour-long speech, Lambertz defined how Safe Boot and TPM paintings, the function of PXE boot and BCD bootloaders, what those inventions must be controlled, and extra. Lambertz’s presentation is in English, and was once just lately uploaded to the respectable CCC video and audio platform. The CCC neighborhood is the biggest hacker neighborhood in Europe, with 7,700 individuals operating exhausting since 1981 to hack nearly each and every the entirety.
