Wednesday, June 3, 06:23
Home inet Encryption in Windows BitLocker could be bypassed

Encryption in Windows BitLocker could be bypassed

bitlocker disk encryptionΗ Microsoft has recently corrected vulnerability to disk encryption feature in BitLocker, which could be exploited very easily by doing bypass within a few seconds.

A disk encryption tool is a very important software to protect our data, thousands of machines rely on it to protect their users' data, but we should also think that these applications could be affected by critical shortcomings.

In September, the security specialist James Forshaw, a member of his team Project Zero of Google, identified two critical vulnerabilities in the driver where the popular encryption tool, TrueCrypt installed on Windows systems. Vulnerabilities could be exploited by attackers to gain access to protected data.

The BitLocker is another popular disk encryption tool designed by Microsoft and it is based on an incredible number of users to protect its data!

The news is that BitLocker can be circumvented very easily.

disk-encryption-2According to a recent survey by January hook by Synopsys, the security feature applied to BitLocker can be bypassed and this does not even require a sophisticated intruder.

Prior to this tool, an attacker could simply boot a live Linux distribution on the disk that contains the data and access it. OR fulldisk encryption starts when the machine starts, protecting the data with impenetrable encryption.

Ο hook explained that computers that connect to domains that are more exposed to attacks if attackers can disconnect the machine from the network and the domain server can not be reached. In this attack scenario, the Windows machine uses a local username and password stored in the cache. The researcher discovered a method to access and modify the cached password. In this way the attacker is able to bypass full-disk encryption.

The researcher proved that by creating a false domain server with the same name, the attacker had only to create a user account with the password that the user had previously created. This trick triggers a policy-based change password, at this stage it is enough to change the password and connect to the pc using the password set in the cache.

Η Microsoft has already fixed its vulnerability and has classified it as a low priority as its use requires specific conditions.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...