This is a little silly because this assumes that BitLocker is configured for TPM-only rather than requiring a TPM PIN/password.
If there's a TPM password, this attack becomes infeasible because the TPM won't release the keys without the password. And you generally can't brute force the TPM without triggering the hardware lockout.
The company's IT department can require TPM+Password in Group Policy so that every system in the organization uses TPM+Password, but I guess you could have a stubborn CEO who demands a less secure policy.
As of Windows 8, it was possible to replace ciphertext on a BitLocker-encrypted drive to compromise known Windows binaries.[0] This would allow the attacker to take control of the system on next boot, though I don't know if those attacks are still practical.
If someone has this level of access and time with the device, implanting a bug and/or setting up a fake machine shouldn't be difficult.
How many here would recognize that Evil Maid has swapped out your work machine with an identical model? It would be rigged to boot into an identical login screen and send your password back to the guy with the real laptop. That's what happens when everyone has the same shiny new machines (Apple). Give me a machine with a few scratches and custom boot screen.
That's true, but the victim would immediately recognize something wrong when they boot into their system and find that none of their files are there and they're not connected to their company's VPN.
At that point, it's a race between how quickly the attackers can exploit temporary access to the CEO's network resources and how quickly the CEO and their IT folks figure out that they need to cut off the stolen laptop's network access and user credentials.
Just show an error message--ideally one that implies there was no connectivity at all (ex. "We can’t sign you with this credential because your domain isn’t available."). That way, if the users happens to contact IT, they won't think there is anything anomalous about the lack of logged attempts.
Ha that's what I did decades ago in school with a fake login screen. When the password has been logged just read c:\con\con, crash the machine and it reboots into the real login screen.
You don't need login to succeed, just fail convincingly.
Remote desktop with an HDMI (LVDS?) capture card, so that everything is in place. Alternatively, network mount the SSD once you get the encryption key and boot from that, syncing the blocks on demand. You can even show the 'installing updates' screen to do the HDD sync while it's 'updating'. No wifi connection? no problem - the planted one has an internal 5G modem.
Not if you give 1 out of thousands of errors windows loves to give. There's one where when you login all your user profile stuff is gone! People are very used to windows breaking.
That moment when when the CEO is back in the hotel room, and realizes he just authenticated to a laptop that was not his would be an ideal moment for the assassin that looks very similar to him to exit the hotel bathroom, pop the CEO, dress in his clothes, and proceed to the bank for wire transfer shenanigans.
Huh, this actually raises a very good point. We need a mechanism to verify that the machine itself is legitimate before the user interacts with in. Maybe some sort of QR code containing the current time signed by the TPM that could be verified by the users phone?
If you break the display they will be less likely to discover it. They will be more concerned with trying to find a cable to hook it up to an external display buying you time. If you make it power off at intervals they will assume it was damaged not replaced.
> I guess you could have a stubborn CEO who demands a less secure policy.
More common than one would think. Also, more common than one would hope: CEOs who insist on their favorite MacBookPro which they share with family. :-)
> This is a little silly because this assumes that BitLocker is configured for TPM-only rather than requiring a TPM PIN/password.
That is how like half the world are doing it.
The level of pain to reset the TPM password when 1% of your company forgets their password after each holiday / weekend drinking / password change on Friday / because they're late for a meeting is just too high.
Yes, EFS[0] works on a per-user basis. But it runs at the filesystem level and doesn't protect system binaries, so it's weaker than BitLocker, which encrypts the full volume and protects system binaries.
Normal full disk encryption needs you to enter two passwords - one to decrypt the disk, another a minute or two later to log into the operating system. Your corporate IT helpdesk can remotely reset the latter password if you forget it, but the former can't be remotely reset. And if several people need to be able to boot a shared computer, they need to share the disk encryption password (which isn't winning any security awards).
Between the TPM and Secure Boot, the intention is that you sacrifice a certain amount of security - but in exchange, you can have only a single password prompt, a password IT can remotely reset, and no shared boot password.
>And if several people need to be able to boot a shared computer, they need to share the disk encryption password (which isn't winning any security awards).
At least with LUKS you can have multiple passwords for unlocking a disk so you can have one master password and user password(s) for the same machine.
Having to enter two passwords doesn't seem like a big issue for high security HW like a CEO's laptop. In fact that's standard procedure at my company.
> At least with LUKS you can have multiple passwords for unlocking a disk
Luks implements this by encrypting the actual key multiple times, once with each password. So if one person turns evil before you remove their password or a password is leaked, you can still consider the disk compromised.
In an Active Directory environment, Group Policy can store BitLocker recovery keys within AD. Self-service key recovery and rotation is an option with Intune and other device management platforms.
In the context of a personal computer, signing in with or linking a Microsoft account can provide the same functionality.
> shared computer
BitLocker Network Unlock solves this for fixed-location devices.
It’s an interesting thought experiment but not much else. Most of what he’s doing is predicated on the idea that any major CEO is walking around with a 7 year old laptop that is both well documented online and not configured with TPM + password which pretty much any competent IT department is going to require of an executive’s device.
A lot of CEO's of small & medium size companies are the biggest hurdle for adding better security. I've unfortunately had access to a few CEO passwords & they've been embarrassingly bad.
GSuite had (maybe still has) a tool for ranking password strength across your org. Used it once & sorted from weakest to strongest. My results were practically the org chart from top to bottom.
I'm skeptical as to whether this can really be done in 10 mins. Finding the right chip can take a good while and especially tracing the bus you need to other chips. And the fact the traces were accessible with the thing semi-assembled is incredibly lucky, not to mention how he was able to find a "schematic" of the motherboard. I'd say an hour to pull this off is a minimum.
I think the assumption with the 10min claim is that the attacker already knows the model of the laptop and has practiced this on identical ones. Possible if they've been on the CEO's tail for a long time.
On Dell devices in that age range I saw a bitlocker mode that used the drive controllers own encryption feature. I dont remember if the key was provided by tpm but they used attestation. I dont know if they had a key unwrap dependent on that attestation or if it was just a postfactum check that is submitted to management servers.
In that course I have seen a bunch of blog posts where people found bugdoors or easy auth bypasses in these drive controller encryption schemes. Is that still a thing?
What fascinates me most is how quick this can be done. If you do your "homework" and find out which device needs to be attacked, you can really set everything up in advance and can be done in no time. Amazing and shocking at the same time.
Twitter sucks ass and I don't want to scroll for a week to read your blog post. Please, please, just copy+paste it into a blog post and link to it on your Twitter. I swear I will "like & subscribe" to your Blog if you're worried about not getting enough eyeballs. I just do not want to ever have to look at Twitter.
All the more reason Twitter or somebody else should create a blog platform that encourages short, frequent blogs.
Tweets get lost, they're usually meaningless, they aren't editable, you have to scroll through them, the comments aren't nested well, the URI is garbage, you can't group them by tags, etc.
A blog could be designed to encourage abbreviated blog posts, and even help you split a post up for re-tweeting if you really wanted. Even auto-resize just to make it easier to see the entire thing in one page. Yet would retain all the great properties of legit blogs. You could call it "tldrblog".
Ultimately I guess the best solution here is something like intel PTT where the TPM is on-chip, or otherwise some sort of soldered shared secret / keys that the TPM and CPU have for encrypted communications over the bus.
If there's a TPM password, this attack becomes infeasible because the TPM won't release the keys without the password. And you generally can't brute force the TPM without triggering the hardware lockout.
The company's IT department can require TPM+Password in Group Policy so that every system in the organization uses TPM+Password, but I guess you could have a stubborn CEO who demands a less secure policy.
As of Windows 8, it was possible to replace ciphertext on a BitLocker-encrypted drive to compromise known Windows binaries.[0] This would allow the attacker to take control of the system on next boot, though I don't know if those attacks are still practical.
[0] https://cryptoservices.github.io/fde/2014/12/08/code-executi...