Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bootkit Bypasses TrueCrypt Encryption

timothy posted about 5 years ago | from the war-of-attrition dept.

Security 192

mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."

cancel ×

192 comments

Sorry! There are no comments related to the filter you selected.

LFP is doomed (-1, Troll)

Anonymous Coward | about 5 years ago | (#28912875)

This sure is a big hit on the Linux for Pedophiles distro.

Re:LFP is doomed (-1, Redundant)

sopssa (1498795) | about 5 years ago | (#28912959)

It's not like nobody knew this was possible. If you have physical access to the computer, you can plugin hardware keylogger to get the crypt keys, or you can get them in countless other ways. Same applies to software, if your system gets rootkitted you've screwed anyways and its obvious your keys can get stolen.

Re:LFP is doomed (1, Interesting)

Anonymous Coward | about 5 years ago | (#28913879)

You replied, off-topic, to the first off-topic post, which was also a troll, over ten minutes after this [slashdot.org] and this [slashdot.org] top-level ones, which coincidentally say the exact same thing as yours.

It didn't take ten minutes to type that, didn't it?

It's really sad that your karma whoring works.

Re:LFP is doomed (0)

Anonymous Coward | about 5 years ago | (#28913035)

Where can I sudo get this?

>_>

Re:LFP is doomed (0)

Em Ellel (523581) | about 5 years ago | (#28913729)

This sure is a big hit on the Linux for Pedophiles distro.

What part of "insert itself between the Windows calls and TrueCrypt" did you miss?

Do I need to prepare? (1)

Aldenissin (976329) | about 5 years ago | (#28912883)

And, is it true we are screwed?

Re:Do I need to prepare? (3, Informative)

Shakrai (717556) | about 5 years ago | (#28912899)

And, is it true we are screwed?

You were always screwed if you don't have your machine physically secured. There's really nothing new here other than an interesting implementation of a concept that's been around for awhile. If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.

Re:Do I need to prepare? (5, Informative)

Wrath0fb0b (302444) | about 5 years ago | (#28913023)

If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.

But that's the entire point of System Encryption right there! Someone gains physical access to your machine and they still can't do squat to read the contents (short of beating you with a hose to get the password or spending serious supercomputer time). System Encryption was designed for precisely this application.

This nice little trick here gives them a third option -- install malware at the BIOS level while leaving TrueCrypt unchanged so as to give you the illusion of safety while they read your mail/keystrokes/whatever. If I were the Border Patrol, I would consider a tool that automates the installation of this tool to be a very worthy investment.

In short, he's exploiting the fact that encryption and authentication are two very different things. TrueCrypt can assure you that you data are unreadable without the key but cannot authenticate the MBR as being genuine. For that, you need some form of trusted computing, the mention of which never goes well.

Re:Do I need to prepare? (0)

Anonymous Coward | about 5 years ago | (#28913219)

Make a hash of the MBR, fool. No need for fancy TPM chips. This is just a man in the middle attack, and can be exposed as easily as an SSH man in the middle attack.

Re:Do I need to prepare? (1)

Schraegstrichpunkt (931443) | about 5 years ago | (#28913459)

And what software will verify that hash?

Re:Do I need to prepare? (3, Interesting)

myforwik (1465003) | about 5 years ago | (#28913921)

Just boot from a CD rom. Infact forget the hash, just boot from the truecrypt rescue disk every time which restores your MBR.

Re:Do I need to prepare? (5, Insightful)

Anonymous Coward | about 5 years ago | (#28913231)

Giving someone physical access to your machine is the equivalent of losing it and recovering it later, and encryption was never about this case!

Encryption is meant to prevent data release with such a loss, but does nothing much to guarantee integrity of the system after recovery. It does not provide a tamper-evident nor tamper-proof system, since tampering can occur outside the encrypted content. Also, encryption itself does not even provide tamper-proofing for the encrypted volume! It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem. You would need additional checksums or other integrity-checks to actually detect such damage.

Re:Do I need to prepare? (2, Insightful)

Schraegstrichpunkt (931443) | about 5 years ago | (#28913469)

It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem.

If you were able to do several lunch-time attacks over time, you might also be able to do 'traffic analysis' to figure out which files were system files, correlate that with a security update, then replace the updated software with an older, vulnerable version by re-writing old ciphertext. This would be particularly easy if, for example, /home is mounted on a different encrypted volume than /usr.

Re:Do I need to prepare? (4, Interesting)

buchner.johannes (1139593) | about 5 years ago | (#28913517)

This exploit really is more comparable to a software keylogger. It lies between OS and Truecrypt Bootloader, catching the disk access requests.
For infection, you need admin rights on the running machine (TFA says so).

So, with the full system encryption, you are of course safe. This is just a way of listening to Truecrypt requests.

Kudos to Peter, hope to meet him in the Metalab sometime.

Re:Do I need to prepare? (4, Informative)

timmarhy (659436) | about 5 years ago | (#28913533)

No, hd encryption was designed to stop people stealing your hd and reading it, not to defend against hardware keylogging. for this to work you have to have booted the machine and authenticated - if the attacker has the power to force you into this then i'm guessing your going to give them what ever they want anyway.

i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.

Re:Do I need to prepare? (2, Interesting)

dnaumov (453672) | about 5 years ago | (#28913233)

If someone can gain physical access to your machine then it's effectively game over.

If that was the case, what would be the point of disk/partition encryption in the first place?

Re:Do I need to prepare? (2, Insightful)

he-sk (103163) | about 5 years ago | (#28913541)

The perp won't be able to read the data, unless he installs this rootkit, returns your PC and then steals it again to read the keylogger info.

Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.

Re:Do I need to prepare? (4, Informative)

BitterOak (537666) | about 5 years ago | (#28913669)

Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.

Sorry. Wiping the system will do nothing if the malware is installed in the BIOS. And it will do nothing to protect you from hardware keyloggers. Also, recall the story earlier today about tampering with the flash memory in keyboards.

Re:Do I need to prepare? (1)

he-sk (103163) | about 5 years ago | (#28913713)

The BIOS and the keyboard are part of the system. You just have to be thorough. ;)

You should be able to spot external hardware keyloggers easily.

Re:Do I need to prepare? (1)

Dare nMc (468959) | about 5 years ago | (#28913783)

Assuming you can get to the network stack from the malicious bios, then the "steals it again" might be as simple as, waits for a network connection, to start transferring.
The only novel thing I see, is having a malicious true crypt stack means that it could then send the credentials out, then even after you remove all the malware and change your volume password unless you create a new truecrypt volume, some data will be vulnerable to the hacker long into the future.
It does make me wonder if a combination keypad for a external usb drive would help, IE it has truecrypt that combines the external password with the PC entered password and avoids having any access to the entire password exposed to the PC OS. Of course that means you have to protect the BIOS of the usb dongle, and that a windows virus could still access the drive data while mounted. But at least you could prevent all of your data from being constantly available. And not have to always completely trust every bit of the hardware, BIOS, and OS.

Re:Do I need to prepare? (1)

Antique Geekmeister (740220) | about 5 years ago | (#28913877)

Disk encryption is handy, for traveling with a USB device, protecting a laptop from a corporate "partner" when you connect to a network to do a presentation, or avoiding having the Chinese or US federal agencies illegally scan your laptop data without a warrant.

Re:Do I need to prepare? (4, Interesting)

ehrichweiss (706417) | about 5 years ago | (#28913587)

Encryption is to prevent your data from escaping if someone stole your laptop. It however will NOT prevent the thief from installing a keylogger(which is what TFA is basically describing) which can then be used to discover your passphrase and eventually gain access to the system.

If you lose a laptop and then recover it, you can be fairly certain that your data was never leaked but you cannot be certain that someone didn't tamper with your system so they could steal the data later. At that point the best you could do would be mount the volume on a completely different system and move any data you hadn't already backed up, then wipe the drive/bios fully..though after yesterday's article about the BIOS "rootkit" that is Computrace, I'd be wary of the hardware at that point.

Re:Do I need to prepare? (5, Interesting)

khayman80 (824400) | about 5 years ago | (#28913507)

You're absolutely right. Strangely, none of those links led to Peter Kleissner's web page [peterkleissner.com] .

Check out the comments. Some of the visitors are flaming him pretty hard, but he's just a kid with amazing skills and (understandably) very little historical knowledge. Luckily, Christian [peterkleissner.com] politely points out that his attack serves to "... alert many people who think they made their PC secure by installing TrueCrypt and still keep working with an admin account where they should not. You prove that a security policy is indispensable, because admin privileges will give malicious software the ability to tamper with the installed security software."

Re:Do I need to prepare? (1)

tengeta (1594989) | about 5 years ago | (#28912911)

Yes, if you allow someone physical access to your machine you are screwed. Get that mentality as quickly as you can and keep it. I've never had any difference in that opinion, keep a damn eye on your laptop if something important is on it, and get your server locked into the ground physically if it holds data that special.

Re:Do I need to prepare? (-1, Redundant)

Anonymous Coward | about 5 years ago | (#28913277)

Dban all the cp before it is too late, pal!

Can we ditch x86 BIOS now? (0)

Anonymous Coward | about 5 years ago | (#28912885)

It sucks anyway.

Re:Can we ditch x86 BIOS now? (0)

Anonymous Coward | about 5 years ago | (#28913897)

Something like EFI [wikipedia.org] ?

Uh, what? (4, Interesting)

Cthefuture (665326) | about 5 years ago | (#28912893)

So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.

I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.

Kind of "duh" story if you ask me.

Re:Uh, what? (2, Interesting)

The MAZZTer (911996) | about 5 years ago | (#28913239)

Well, I assume the entire system is encrypted, in which case there'd be little you COULD do except trick the user into giving you their decryption key.

Re:Uh, what? (0)

Anonymous Coward | about 5 years ago | (#28913829)

This attack is based on getting at people's data after they put in their key. In other words, they put in their key so they can use their data at which point you start intercepting it. In order to use encrypted data you must decrypt it which means that someone can get your unencrypted data then. Which is the "duh" part of it because it's obvious that decrypted data is not protected.

I wonder if this INT 13 attack even works on 64-bit systems. I'm pretty sure it would not work on Linux and other alternate OS's (OSX, BSD, etc) because they don't use that old DOS-era INT 13 stuff. I'm kind of surprised it even works in Vista/7.

News? (1)

mysidia (191772) | about 5 years ago | (#28912905)

A trojan horse can compromise data, or encryption keys, possibly revealing them to a third party, if the trojan runs at a time that those keys are revealed to the system. Film at 11.

Nothing to see here, move along, move along...

Just when I though I was safe.... (1)

ray-solomon (835248) | about 5 years ago | (#28912915)

Is this type of attack only limited to trucrypt or can it affect other product? And.. is there a way to prevent it?

Re:Just when I though I was safe.... (3, Interesting)

CharlyFoxtrot (1607527) | about 5 years ago | (#28913395)

Is this type of attack only limited to trucrypt or can it affect other product?

From what I understand it could potentially affect other products unless they (properly) use TPM to avoid this kind of attack by checking MBR against a checksum.

is there a way to prevent it?

Get a mac! Not trolling, from TFA: "The attack is unsuccessful when the BIOS successor the Extensible Firmware Interface (EFI) is at work on the motherboard." AFAIK Apple are the only vendor using EFI on their entire range at the moment. I guess mounting everything read-only, or using a BSD with the file immutable bit [cyberciti.biz] set on all system files would work too.

Re:Just when I though I was safe.... (4, Interesting)

sumdumass (711423) | about 5 years ago | (#28913501)

I'm not so sure a mac is the answer. With a mac, you can just install the code in the keyboard [slashdot.org] and grab the keys directly.

Re:Just when I though I was safe.... (0)

Anonymous Coward | about 5 years ago | (#28913901)

This attack can affect all FDE products, be it TrueCrypt, PGP, WinMagic, SafeBoot, BestCrypt, DriveCrypt, or anything else. At best, the products can put in obfuscation code to make it harder for the MBR to be replaced without it being detected, but like any other software solution, someone who has a disassembler and knows what they are doing can eventually bypass it.

To reiterate: This is no fault of the FDE product design. If any of the FDE makers could make it impossible to tamper with their preboot authentication, it would be almost certain they would. The only way to go about protecting against this is to use either an external disk to boot from (like a USB flash drive or DVD), or have a hardware device that checks the booting code before its run such as a TPM.

Much as we hate TPM here on /. (5, Interesting)

Wrath0fb0b (302444) | about 5 years ago | (#28912943)

TFA has a very good point -- unless you (cryptographically) trust the components of your system all the way down to the hardware itself, you can get pwned by an attack like this. You can regularly do all-the-way-to-the-firmware scrubs of your machine as damage-control, but the only real prophylactic is some form of trusted computing.

Of course, I'm not really dying to jump on the TPM bandwagon, given the sponsors, but it sure would be nice if there was an openly-audited trusted computing module.

Re:Much as we hate TPM here on /. (2, Insightful)

Nerdfest (867930) | about 5 years ago | (#28913013)

TFA mentions Windows BitLocker as being effective at detecting this as it creates a hash of the MBR. Any Linux alternatives for this sort of functionality?

Re:Much as we hate TPM here on /. (5, Informative)

Wrath0fb0b (302444) | about 5 years ago | (#28913057)

http://lwn.net/Articles/144681/ [lwn.net]

Linux has had kernel level support for TPM for a while but most F/OSS developers have an intrinsic aversion to the concept (as I said in the GP, the identity of the TPM principals doesn't exactly give me a lot of confidence) so it's not widely used as far as I can tell.

A wonderful response from the F/OSS community would be to build a version of TrueCrypt that uses TPM to authenticate the BIOS and MBR against the known good versions.

Re:Much as we hate TPM here on /. (1)

characterZer0 (138196) | about 5 years ago | (#28913337)

TPM is only good if you trust it to be secure. I think the issue a lot of F/OSS people have is that you are taking Intel's word for the security of the TPM.

Re:Much as we hate TPM here on /. (2, Informative)

mlts (1038732) | about 5 years ago | (#28913785)

I have seen implementations that use the TPM chip offer additional functionality so the chip can be part of the boot process. PGP allows one to use both the TPM chip and a passphrase for booting, so if the TPM chip does get compromised, it will not do an attacker much good.

BitLocker allows one to use a USB flash drive as well as a TPM, XORing the keyfile and the TPM's sealed key to obtain the final volume decryption information. This way, an attacker would have to not just be able to physically attack the onboard crypto chip (which would require big budget tools in a silicon fab), but also have to get possession of the USB flash drive. At this point, an attacker with deep pockets would likely resort to rubber hose crypto (XKCD link: http://xkcd.com/538/ [xkcd.com] ) as opposed to spend the money and resources of a fab to cut into silicon layer by layer to obtain the sealed key.

Re:Much as we hate TPM here on /. (1)

hedwards (940851) | about 5 years ago | (#28913961)

That's valid to a point, but ultimately anything that's been devised thus far can be cracked an exploited, the whole point of encryption is to make the process take so ungodly long that the utility of the information to the attacker is eliminated.

Which doesn't necessarily mean that you need the highest bit rate for every task, if you're just wanting to secure a connection for a OTP the amount of encryption is pretty minimal, if you're needing to use the same cert for many connections then you'd want and need a much higher quality encryption.

Re:Much as we hate TPM here on /. (4, Interesting)

mlts (1038732) | about 5 years ago | (#28913727)

The tools are there (tboot, TrouSers). What is missing is a gestalt "stack", where an admin can configure a distro to "seal" the hash of various parts of the boot process in the TPM (MBR, boot sector, BIOS, kernel, RAMdisk image), then encrypt the rest of the machine. Then, at boot, it would boot to the ramdisk filesystem, ask the TPM for the key, and if the image has not been tampered with, the TPM will hand the key over, and the boot process continues.

One thing that isn't discussed (which is important) is a facility for recovering the encrypted data should the TPM be off or erased. BitLocker handles this fairly gracefully by saving a keyfile to a USB flash drive, or allowing the user to print out a sequence of numbers with the recovery key. BitLocker also allows saving of the recovery key to Active Directory, ensuring that corporate IT has recovery access (which is required by law in a number of cases). Finally, for home users, BitLocker allows use of offsite storage for the recovery information.

Another option to implement a means of recovery is to have a recovery passphrase. PGP is a product that allows this, where one can boot from a TPM, but if that is unavailable, one can type in a previously set passphrase, or a WDRT (whole disk recovery token, which is a challenge/response system).

This functionality will have to be implemented distribution by distribution, as there isn't a standardized set of tools. Perhaps one thing that should be designed would be a standard for implementation across distros.

Re:Much as we hate TPM here on /. (1)

Alanceil (891771) | about 5 years ago | (#28913085)

Why not use a shellscript at boot-time for this ?
Something along the lines of "dd if=/dev/sda bs=512 count=1 2> /dev/null | sha1sum",
it should be enough to check for differences in output.

Re:Much as we hate TPM here on /. (5, Insightful)

Wrath0fb0b (302444) | about 5 years ago | (#28913111)

Unless the bios writes a kernel module that hooks into reads from /dev/sda and gives out false information for the first 512 (or whatever) bytes.

You cannot possibly defeat malware that is running on the same level of privilege as your detection code.

Re:Much as we hate TPM here on /. (1)

sumdumass (711423) | about 5 years ago | (#28913591)

I'm not entirely sure why the malware can't just forward the boot sector. The hack intercepts the interrupt 13h then forwards it but it doesn't say that it limits it's function. Your script would probably return the same boot sector information whether whether using the bios it kernel level access.

Re:Much as we hate TPM here on /. (1)

myforwik (1465003) | about 5 years ago | (#28913397)

Many people have suggested TC should has the MBR. This is so stupid it boggles the mind. All you do then is replace that version of truecrypt with one that doesn't really hash the MBR but just runs as if it was hashed and passed. The only difference between bitlocker and truecrypt is that bitlocker uses trusted computing where as truecrypt tells you to secure your hardware since there is no trusted computing for it to use.

Re:Much as we hate TPM here on /. (-1)

Anonymous Coward | about 5 years ago | (#28913445)

i can haz cheezeburger?

Re:Much as we hate TPM here on /. (0)

Anonymous Coward | about 5 years ago | (#28913689)

i can haz cheezeburger?

Goddamnit kitty! I told you to get off my laptop

TPM Is ***NOT*** the answer. (1)

Anonymous Coward | about 5 years ago | (#28913101)

Replacing software security with hardware security only moves the attacks from software to hardware. There's no such thing as perfectly secure code in hardware or software, just 'good enough' that it will deter most hackers for some finite period of time. Probably the biggest argument against hardware security like TPM is the fact that once it's broken, you pretty much have to replace the machine, since there's no way to go about software patching a broken chip. Meanwhile, software can be updated, new operating systems with less security flaws designed in can be written, and new encryption software schemes can replace flawed ones. See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.

Re:TPM Is ***NOT*** the answer. (2, Informative)

Wrath0fb0b (302444) | about 5 years ago | (#28913223)

Replacing software security with hardware security only moves the attacks from software to hardware.

It's much harder to compromise a cryptographic key that is burned into a piece of silicon (think millions for a scanning electron microscopy setup and many hours) than it is to attack software.

See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.

Different security situation in those, since you need the person to be able to decrypt the content in order to play the game. By contrast, a TPM-based setup needs only to confirm that the BIOS and MBR match a specific hash and then pass along control to the (now verified) boot loader or, failing that, draw a red screen.

Funny, also, that you didn't mention the PS3, which has real hardware crypto and is remains uncracked. Oh well, pick and chose, right?

Incidentally, the Xbox360 "hack" is based on replacing the firmware on the DVD player to lie to the OS about the disk. Doesn't that sound familiar somehow?

Re:Much as we hate TPM here on /. (1)

noidentity (188756) | about 5 years ago | (#28913151)

If you have a trusted BIOS and OS that doesn't have security flaws, how can the BIOS get modified? And as far as determining whether you have a compromised BIOS, why can't you just read the BIOS back and verify that it contains what it should?

Re:Much as we hate TPM here on /. (0)

Wrath0fb0b (302444) | about 5 years ago | (#28913241)

Because if you have a compromised BIOS, it could "read back" whatever you wanted to hear. Asking a hacked BIOS to read itself back to you is like asking a liar whether he is a liar -- it gets you no reliable information.

As to updating the BIOS in a TPM system, I imagine that the procedure would be like this:

(1) Get new BIOS from reliable source, check digital signature, note hash.
(2) Update BIOS.
(3) On next boos, TPM raises an alert saying "BIOS has been replaced -- new bios hash XXXXXXX"
(4) User checks that hash against reliable source, if it matches, authenticates to TPM and adds it as a "trusted" BIOS.

Re:Much as we hate TPM here on /. (5, Insightful)

poopdeville (841677) | about 5 years ago | (#28913375)

Because if you have a compromised BIOS, it could "read back" whatever you wanted to hear. Asking a hacked BIOS to read itself back to you is like asking a liar whether he is a liar -- it gets you no reliable information.

Surely you jest.

As to updating the BIOS in a TPM system, I imagine that the procedure would be like this: ...
(3) On next boos, TPM raises an alert saying "BIOS has been replaced -- new bios hash XXXXXXX"

If you think this scheme works, but the one above doesn't, I have a bridge to sell you. Where do you think this data to hash is going to come from? From the BIOS, which you claim is an unreliable source. Indeed, if you rig up a BIOS to return the same signature as your current one, and you can run step 2 with no step 3 or 4.

Re:Much as we hate TPM here on /. (1)

Dog-Cow (21281) | about 5 years ago | (#28914001)

Umm, no. Software that hashes the BIOS for comparison purposes will be reading the flash itself, not relying on the BIOS at all.

Re:Much as we hate TPM here on /. (0)

Anonymous Coward | about 5 years ago | (#28913211)

You don't need trusted anything.
You just need to list out the interrupt and other vectors, and check you are not running in some ICE mode or similar.
There are a couple of forensic tools that allow you to do this.

If you spot another 'hook' inserted or find the code of you SVC has a hook, then you can be suspicious.
This is a variation of hooking sound and video streams - already successfully demonstrated against bluray and the like.
Better Operating systems like IBM Z/os has this so does BSD allow you to freeze in stone/ immutable interrupts abd vectors, and if lucky, hardware protection of these too You can even add timing instructions and detect if your instruction path has lengthened.

Just as dangerous are fancy Video Cards with their own set of semi secret diagnostic modes and unlimited DMA access, and imperfect firmware. If this was corrected then logic analyzers connected on the bus will get the info, so you are even with TPM - there will be backdoors. Add firewire.

Microsoft wont say it, but for anitvirus vendors to 'get their hooks in early' rely on unpublished/not common knowledge
loopholes and tricks , also extended for Nvida and ATI. Which probably mean VMware has hooks too.

IF TPM worked, and that is a big if, then the attack vector would move to AV and Video Card software, or to the router layer or making use of Adobe or Flash Vulns.

Anonymous Coward (0)

Anonymous Coward | about 5 years ago | (#28912975)

CRap. Get out your tin foil hats, uncle sam is coming for you.

man in the middle (4, Informative)

MoFoQ (584566) | about 5 years ago | (#28912997)

it's more of a "man in the middle" sort of thing and it by itself does not "break" the encryption.

Think of it as a keylogger for your hard drive.
No matter how complex and secure an encryption method is, if you can steal the password (or key), yea...you get the idea.

In that sense, the title, summary, and the title of the article in question is misleading as it doesn't really bypass any encryption but rather daisy-chains itself into the process (so once you enter a password/key, it can capture it).

Re:man in the middle (1)

Tuoqui (1091447) | about 5 years ago | (#28913661)

Exactly...

This 'attack' can only work if the person compromised the machine, waited for you to log in and then stole it or compromised it again.

For all intents and purposes your typical street level thug swiping a laptop laying around it keeps them from accessing your shit.

Re:man in the middle (0)

Anonymous Coward | about 5 years ago | (#28913801)

Street level thugs (or ANYONE else for that matter) don't care about your (or anyone else here's) shit.

Not a new thing or idea (5, Insightful)

pehrs (690959) | about 5 years ago | (#28913003)

I can't tell what's supposed to be interesting or spectacular about this. It's a standard rootkit with MBR support along with some special hooks for truecrypt. It won't let anybody read an encrypted truecrypt volume unless you enter the password... And if you do enter the password on an owned computer it's not like trucrypt is going to help you anywhere. If you unlock the volume any malware can grab all the data it wants through the usual calls and hooks. It doesn't seem especially advanced compared to many of the rootkits out there.

Re:Not a new thing or idea (2, Insightful)

calmofthestorm (1344385) | about 5 years ago | (#28913515)

Agreed; I'm more worried about tiny pinhole cameras watching my keystrokes, that RF keylogging, or a rubber hose. My crypto has always been to deter the average thief who boots once to look for personal info before selling it online and to prevent other students from pranking me. Against a resourceful attacker you're pretty much screwed anyway.

My best defense is that the kind of people who /could/ break into my computer have better things to do.

Is this really surprising? (0)

Anonymous Coward | about 5 years ago | (#28913009)

I don't recall TrueCrypt ever claiming to be a defense against malware. Hell, all a program would have to do is imitate the boot loader and fool you into typing your password.

If you're paranoid (and I don't mean that in a bad way) enough to encrypt your entire hard drive, you're probably not the type to run strange executables outside of a sandbox. And if you give black hats physical access to your hardware, well, you're screwed.

So some general advice for the paranoid:

* don't run strange executables
* don't give untrusted people access to your hardware
* reflash your BIOS and other firmware if you think someone's been messing around
* look inside your computer once in a while
* if you must leave your computer in untrusted hands, boot from a flash drive or something you *can* take with you

Re:Is this really surprising? (3, Funny)

Anonymous Coward | about 5 years ago | (#28913181)

...

* look inside your computer once in a while

...

For WHAT?!?!? Gnomes transcribing your keystrokes?

Re:Is this really surprising? (1)

mlts (1038732) | about 5 years ago | (#28913813)

One thing you can do with TrueCrypt, if a person fears compromise of a MBR:

Boot from the CD image that TrueCrypt forces one to make (unless they RTFM and explicitly run the TrueCrypt Format utility, telling it not to make the image.)

This way, a corrupted or tampered with MBR is completely bypassed, and the user has the option to overwrite it with the MBR image from the boot CD.

Another idea: (1)

Futurepower(R) (558542) | about 5 years ago | (#28913873)

* If your laptop will be in the possession of someone else for a while, such as in airline baggage, take out the hard drive, wrap it with thin anti-static foam, and put it in your pocket.

Obligatory... (1)

AnonymousIslander (1603121) | about 5 years ago | (#28913049)

The original [wikipedia.org] :-)

Ok I don't get it (5, Insightful)

Sycraft-fu (314770) | about 5 years ago | (#28913063)

How does this, in any way shape or form, "break" Truecrypt? Now maybe I misunderstand how it works, since the information is not presented in a clear manner and the author is letting ego get in the way of good writing, but more or less it looks like he has a way to get in to the system at a low level. Ok, great, that does NOTHING to break the encryption. I see nothing in here about managing to get data out of a Truecrypt drive/volume without knowing the key. So what's the big deal?

I mean yes, you could use said malware to log the password. Well guess what? If you've physical access to the system, you don't need software for that. A hardware keylogger would achieve the same thing, or maybe a camera over the shoulder or maybe a tempest attack. The point is if you have physical access to the system, there is little someone can do to keep you from bugging said system.

What Truecrypt is intended to deal with is someone nabbing your system and getting data, and I see no break in that regard. If you encrypt your laptop's harddrive to ensure that nobody gets your data, and somebody steals you laptop, this doesn't help them. For it to help them they'd have to get your laptop, bug it, get it back to you such that you didn't notice, wait for you to use it, then steal it again so they could get the password.

I just fail to see how this is news here. If there is something I'm missing, by all means I'd be interested in knowing.

Re:Ok I don't get it (5, Insightful)

Wrath0fb0b (302444) | about 5 years ago | (#28913267)

How does this, in any way shape or form, "break" Truecrypt?

It breaks the unspoken (and totally unwarranted & incorrect) assumption that TrueCrypt not only encrypts but also authenticates.

This is not "breaking" TrueCrypt since they never claimed to authenticate the MBR/BIOS against this sort of attack. That's what's somewhat clever about it -- it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.

Re:Ok I don't get it (1)

brunes69 (86786) | about 5 years ago | (#28913351)

What if someone (say, a government agency) does not steal your laptop, but instead, infects it with this compromised BIOS, then just puts it back?

Then just let you run it awhile oblivious, *THEN* later on seize it? You think you're protected, but surprise, you aren't.

It is a lot easier to detect a hardware keylogger or secret camera, than an infected BIOS, unless you are super paranoid.

Re:Ok I don't get it (1)

JordanL (886154) | about 5 years ago | (#28913485)

Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.

Theoretically.

Re:Ok I don't get it (2, Informative)

brusk (135896) | about 5 years ago | (#28913559)

Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.

Uhhh....No. This is no different from a wiretap (assuming a judge authorized it, of course). It has nothing to do with entrapment or the fifth amendment, any more than an FBI bug on a phone line does. As for due process, see the part about a judge issuing a warrant. The fact that you thought it was perfectly safe don't enter into it.

Re:Ok I don't get it (1)

JordanL (886154) | about 5 years ago | (#28913757)

The presumption that the parent post was going under was that the bug was implanted before information was collected... In other words they put in the kit, then go get a warrant for the computer, then the information is readable under their warrant.

My point was actually your point: they would have to have a warrant first, otherwise the only two ways to implant the bug would be getting you to do it for them (entrapment) or doing it themselves (due process).

Uhhhh (1)

Sycraft-fu (314770) | about 5 years ago | (#28913583)

That seems extremely far fetched for one, but then even if you believe it is the case, what good would it do to fix? When you talk about a government agency, you are talking about someone with essentially unlimited resources. So they have plenty of options. Like I said, there's tempest. They monitor your computer remotely. I've no idea how well it works enough in reality, but it works well enough in theory that intelligence agencies shield against it. Or maybe they simple rewrite the Truecrypt bootloader, and put that on the drive. The program that you run itself now logs the data they want.

If you are in the AFDB world where some all-powerful government is out to get you, there's very little you can do to stop it.

In terms of protecting against threats that, you know, actually matter and are actually realistic, Truecrypt does a great job near as I can tell.

Re:Ok I don't get it (1)

Kythe (4779) | about 5 years ago | (#28913805)

If you're facing an entity with the resources of a government who is investigating you over time without your knowledge, you're probably not going to come out on top. Commodity PC hardware just isn't designed to resist that kind of thing, thus, Truecrypt can't be designed to resist it. I would imagine the same goes for Safeboot and all the other full-disk encryption programs out there.

As usual secrets are best kept in brain case (1)

itsybitsy (149808) | about 5 years ago | (#28913095)

As usual secrets are best kept in brain case as anyone who physically gets a hold of your truecrypt volume and machine can now insert the bootkit at their leisure and to their pleasure.

So we're back to physical control of memory to keep secrets.

Re:As usual secrets are best kept in brain case (2, Insightful)

FranTaylor (164577) | about 5 years ago | (#28913117)

Tell that to the doctor in the emergency room when he needs to look up your patient records to decide if it's safe to administer a drug to you.

Re:As usual secrets are best kept in brain case (1)

itsybitsy (149808) | about 5 years ago | (#28913235)

Ok, so how would having all your medical records encrypted on a key dongle memory stick help you there? The doc would be waking you up saying what's your password dude your life depends on it... the only problem is that you're incoherent from all the partying you did the night before and blerble out nonsense that didn't work anyhow. I guess your lucky since your doctor happens to read slashdot and saw the above article about breaking truecrypt volumes and he compiled the hackers bootkit and installed it and got it working and unlocked your medical records... only to find out nothing of interest that would save you from our own ingestion excesses. So... that leaves you dying in the emergency ward and your doctor scrambling and scratching his head to find out why you ended up the way you are.

Re:As usual secrets are best kept in brain case (1)

FranTaylor (164577) | about 5 years ago | (#28913663)

Why don't you read the comment that I was responding to:

"As usual secrets are best kept in brain case"

I was asserting the falsehood of that statement., not shilling for USB key dongles.

Re:As usual secrets are best kept in brain case (1)

DarkOx (621550) | about 5 years ago | (#28913483)

I just come back to what my mother told me once. "If you don't want someone else to read it never write it down"

So (1)

ledow (319597) | about 5 years ago | (#28913165)

If you give your PC to someone, with the capability to modify the innermost workings of the boot sectors, and then log into the PC indiscriminately without verifying that the boot sectors, etc. haven't been modified, it's possible that the password you typed on the keyboard etc. could be captured and then used later (assuming the rogue software would also have the capability send that password to the attacker and/or for the attacker to AGAIN gain physical access to the PC after you've typed in the password as well) to decrypt the contents of the hard drive.

Yeah. And?

Avoidance techniques possible: Not a lot.
Avoidance techniques required: Don't log into a potentially (or, indeed, known) compromised PC, whether encrypted or not.

Where's the news?

Blast from the past. (0)

Anonymous Coward | about 5 years ago | (#28913207)

"Stoned" was the first computer virus I ever had to deal with. Ah those were the days... small, efficient virii that overwrote the boot sector but were easy to fix. None of this nasty phone home, steal your credit card mess they have now-a-days.

Now git off my lawn, y'hear!?

As Leonard Cohen said... (0)

Anonymous Coward | about 5 years ago | (#28913225)

there is a crack... there is a crack in everything. That's where the light gets in...

Oblig (5, Funny)

ParanoiaBOTS (903635) | about 5 years ago | (#28913237)

Funny, but true (2, Interesting)

Sycraft-fu (314770) | about 5 years ago | (#28913641)

Things like encryption are to protect against normal problem, like losing a device with important data, not to protect against a determined adversary that wants your particular stuff.

For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot. It is a USB stick, since I don't want to keep something like that on my computer which is always networked. While I think I have good security, there's always a chance someone owns my computer and I don't notice. So, best not to keep passwords on it. It is encrypted in case I ever lose it, or it gets stolen. That way, the person who has it can stumble across the password text file.

That is what it is to protect against: Normal ways that someone might happen across my passwords. It is not a protection against everything. If someone really wanted my passwords, they could just hold a gun to my head, I'd give them what they wanted. Nothing I have is worth dying for. As such, no amount of protection would keep it safe. I don't bury my key in a hidden location, I don't keep its existence a secret, etc. Reason is none of that would matter since anyone willing to go to the lengths necessary to get at it, would be willing to go to the lengths to get at me and make me give up my passwords.

Full disk encryption isn't for universal protection, it is for protection against laptop theft. For example at work we used to have an idiot in charge of, among other things, issuing codes for the doors. Our doors have electronic keypad locks as well as physical locks. Ok so idiot didn't keep this data on the central servers. He didn't trust it there. He instead kept it on his laptop. Well, his laptop then got stolen, and the data wasn't encrypted. That was a lot of fun, we got to change all the door codes. Had he encrypted his disk, this wouldn't have been a problem. The crook wasn't trying to get our door codes, they were just stealing a laptop.

Use a virtual machine? (0)

Anonymous Coward | about 5 years ago | (#28913319)

Just DONT encrypt your system disk, make an encrypted container file with a Virtual Machine, that also runs Full disk encryption. Wouldn't this put a stop to the bios level MITM?

Good question (0)

Anonymous Coward | about 5 years ago | (#28913607)

I wonder that myself.

All this has been done before... (0)

Anonymous Coward | about 5 years ago | (#28913347)

People don't need 'physical access' at all. All the need is admin priveledges. This is just a 'trick' attack. You download Truecrypts source, change it a bit, and then overwrite the real truecrypt with a hacked one. Anyone can do this. Truecrypt does not attemp to prevent against this, why should it? If someone can run any software on your PC when truecrypt is already running, THEY CAN ALREADY READ ALL THE ENCRYPTED DATA. This point seems to totally miss him for some reason.

He says that truecrypt's code could be modified to not allow writes to the MBR. So what? Someone could load up another OS, or take the harddisk out or do whatever and overwrite the MBR. Infact you can even write software to hook around truecrypt if you have admin priviledges. His whole 'patch' suggestion is so stupid it boggles the mind, he actually still uses truecrypts drive to write to the MBR, so infact his bootkit is even weaker than I first thought.

The whole thing is pretty funny. I mean if you can take control of the TC PC, you can just read the rootkey right out of memory. Then you can just write to the MBR and by-pass the whole password entry screen. He doesn't even do that, and yet he calls the encryption bypassed, even though all the data is still encrypted and the user must still enter the key? O_o riiiight

Not a break of the encryption or even TC in genera (4, Insightful)

DarkOx (621550) | about 5 years ago | (#28913453)

This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.

All disk encryption can accomplish is:
1. If someone steals the system while off or locked and does not already have the key they can't get the data
2. The system cannon be modified offline with out the key

It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.

Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.

Encrypted disk is not safe while in use (0)

Anonymous Coward | about 5 years ago | (#28913481)

That is, if the encryption key is loaded and the machine knows how to decrypt the data, it can of course be captured in various ways.
I see no indication here that anything can be bypassed save very early in the boot cycle, so that if the rest of the system is encrypted,
this beast will not decrypt it until someone enters the key.

That it can subvert the access controls and so on of an encrypted disk, or of any windows version, because it gets in early and
can alter what is seen is interesting. It does not mean however that with this, someone can walk up to your machine and
decrypt it without the encryption key.

It must be noted that a drive encryption that allows back doors (sometimes done for "enterprise" access) might be able to have that
kind of attack made with this tool, since that kind of system retains the ability for the machine to decrypt the disk without a user
entering the key..it has recovery keys built in. Systems like that (yes, there are some) are thus sitting ducks...

OMG WEED LEEF (0)

Anonymous Coward | about 5 years ago | (#28913487)

Get it? "Stoned"? Hahaha, 4:20 amirite?

I love writing software and then trying to think of the most juvenile title for it as possible.
Drugs are cool because being immoral is edgy and hip. Let's all get high and ignore reality hahahahahahaha.

Boot from CD with a "secure" BIOS (2, Insightful)

DamnStupidElf (649844) | about 5 years ago | (#28913553)

Password protect the BIOS, disable post-boot BIOS flashing, and only boot from a CD that you carry with you at all times. That's a pretty effective way to get rid of software only attacks. Once the hardware is involved (which includes vulnerabilities that allow flashing the BIOS after it's booted or without a password), you're screwed.

The point of full system encryption... (1)

Andrew916 (1108769) | about 5 years ago | (#28913593)

Isn't full system encryption designed to prove its worth once physical control has been gained by the bad guys? If truecrypt doesn't protect the contents of a hard drive that has been stolen it is completely useless. Never trust a product when its creators are anonymous.

Re:The point of full system encryption... (1, Insightful)

Anonymous Coward | about 5 years ago | (#28913645)

Seriously. Read the comments above before you post. There are more than 10 comments right now that explain why the title is misleading and the bootkit does not break the encryption. How hard is it?

Re:The point of full system encryption... (1)

myforwik (1465003) | about 5 years ago | (#28913799)

True crypt does protect the contents of a drive that stolen. Thats not what is meant by physical control. Physical control is when someone sits down at your computer and changes something so when you put in your password you don't realise you are really giving them your password. Secondly the creators are nont anonymous. I don't know why you think they are. Thirdly you obviously have no read anything above.

Confirm this for me... (2, Insightful)

Anonymous Coward | about 5 years ago | (#28913633)

So let me get this straight...if a program lodges itself into the bios and intercepts disk calls above an encryption layer and can intercept the data, that is in and of itself newsworthy?

Ok, I though it was like "The government can wiretap your phone by standing in your kitchen while you're talking."

Please....this is unworthy of any attention. Everyone knows that a compromised system is not secure. Was this ever in question? Take your 15 minutes of fame, and go....

Your computer is stoned... historical reference (2, Informative)

argent (18001) | about 5 years ago | (#28913665)

One of the first MBR-infecting virused was "Stoned".

Wikipedia entry. [wikipedia.org]

Solution: boot from USB key? (0)

Anonymous Coward | about 5 years ago | (#28913667)

Would a secure solution be to always boot from a USB flash drive? A microSD chip is pretty small and can be hid in one's walletï. Insert in a USB adapter, and run boot then decryption code from pocket flash drive.

Ya know... (2, Informative)

Anonymous Coward | about 5 years ago | (#28913891)

I know of government agencies that use full-disk encryption (e.g. Safeboot) on all everyday work computers, yet still don't allow the computers to be taken on international trips for exactly this reason. They use temporary-use laptops that get wiped upon returning home.

Full-disk encryption is designed to stop a thief who steals a computer from getting more than the hardware, and it's designed to keep a misplaced laptop with important data from becoming a headline. It's not designed to be the first and last word in security.

The problem of physical compromise of a machine leading to data compromise isn't limited to Truecrypt; there is no particular weakness of Truecrypt being described. It's a fundamental problem of the way commodity PC's are designed, and physical access. Indeed, it may be intrinsic to ALL computers (but the commodity stuff is likely quicker to compromise, simply because it's a known quantity for which you can prepare).

If it's that important you should use hardware (1)

Thaidog (235587) | about 5 years ago | (#28913945)

There at least a few SAS drives on the market that use hardware encryption baked right in to the drive's on-board controller. Probably faster too but more expensive.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>