Bootkit Bypasses TrueCrypt Encryption

← Back to Stories (view on slashdot.org)

Bootkit Bypasses TrueCrypt Encryption

Posted by timothy on Saturday August 1, 2009 @11:43AM from the war-of-attrition dept.

mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."

156 of 192 comments (clear)

Min score:

Reason:

Sort:

Do I need to prepare? by Aldenissin · 2009-08-01 11:50 · Score: 1

And, is it true we are screwed?

--
Like a city whose walls are broken down is a man who lacks self-control.
1. Re:Do I need to prepare? by Shakrai · 2009-08-01 11:53 · Score: 3, Informative
  
  And, is it true we are screwed?
  You were always screwed if you don't have your machine physically secured. There's really nothing new here other than an interesting implementation of a concept that's been around for awhile. If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
2. Re:Do I need to prepare? by tengeta · 2009-08-01 11:56 · Score: 1
  
  Yes, if you allow someone physical access to your machine you are screwed. Get that mentality as quickly as you can and keep it. I've never had any difference in that opinion, keep a damn eye on your laptop if something important is on it, and get your server locked into the ground physically if it holds data that special.
  
  --
  "They confiscated everything, even the stuff we didn't steal!"
3. Re:Do I need to prepare? by Wrath0fb0b · 2009-08-01 12:13 · Score: 5, Informative
  
  If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
  
  But that's the entire point of System Encryption right there! Someone gains physical access to your machine and they still can't do squat to read the contents (short of beating you with a hose to get the password or spending serious supercomputer time). System Encryption was designed for precisely this application.
  This nice little trick here gives them a third option -- install malware at the BIOS level while leaving TrueCrypt unchanged so as to give you the illusion of safety while they read your mail/keystrokes/whatever. If I were the Border Patrol, I would consider a tool that automates the installation of this tool to be a very worthy investment.
  In short, he's exploiting the fact that encryption and authentication are two very different things. TrueCrypt can assure you that you data are unreadable without the key but cannot authenticate the MBR as being genuine. For that, you need some form of trusted computing, the mention of which never goes well.
4. Re:Do I need to prepare? by Anonymous Coward · 2009-08-01 12:50 · Score: 5, Insightful
  
  Giving someone physical access to your machine is the equivalent of losing it and recovering it later, and encryption was never about this case!
  Encryption is meant to prevent data release with such a loss, but does nothing much to guarantee integrity of the system after recovery. It does not provide a tamper-evident nor tamper-proof system, since tampering can occur outside the encrypted content. Also, encryption itself does not even provide tamper-proofing for the encrypted volume! It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem. You would need additional checksums or other integrity-checks to actually detect such damage.
5. Re:Do I need to prepare? by dnaumov · 2009-08-01 12:50 · Score: 2, Interesting
  
  If someone can gain physical access to your machine then it's effectively game over.
  If that was the case, what would be the point of disk/partition encryption in the first place?
6. Re:Do I need to prepare? by Schraegstrichpunkt · 2009-08-01 13:43 · Score: 1
  
  And what software will verify that hash?
  
  --
  http://outcampaign.org/
7. Re:Do I need to prepare? by Schraegstrichpunkt · 2009-08-01 13:46 · Score: 2, Insightful
  
  It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem.
  If you were able to do several lunch-time attacks over time, you might also be able to do 'traffic analysis' to figure out which files were system files, correlate that with a security update, then replace the updated software with an older, vulnerable version by re-writing old ciphertext. This would be particularly easy if, for example, /home is mounted on a different encrypted volume than /usr.
  
  --
  http://outcampaign.org/
8. Re:Do I need to prepare? by khayman80 · 2009-08-01 13:56 · Score: 5, Interesting
  
  You're absolutely right. Strangely, none of those links led to Peter Kleissner's web page.
  Check out the comments. Some of the visitors are flaming him pretty hard, but he's just a kid with amazing skills and (understandably) very little historical knowledge. Luckily, Christian politely points out that his attack serves to "... alert many people who think they made their PC secure by installing TrueCrypt and still keep working with an admin account where they should not. You prove that a security policy is indispensable, because admin privileges will give malicious software the ability to tamper with the installed security software."
9. Re:Do I need to prepare? by buchner.johannes · 2009-08-01 13:58 · Score: 4, Interesting
  
  This exploit really is more comparable to a software keylogger. It lies between OS and Truecrypt Bootloader, catching the disk access requests.
  For infection, you need admin rights on the running machine (TFA says so).
  So, with the full system encryption, you are of course safe. This is just a way of listening to Truecrypt requests.
  Kudos to Peter, hope to meet him in the Metalab sometime.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
10. Re:Do I need to prepare? by timmarhy · 2009-08-01 14:01 · Score: 4, Informative
  
  No, hd encryption was designed to stop people stealing your hd and reading it, not to defend against hardware keylogging. for this to work you have to have booted the machine and authenticated - if the attacker has the power to force you into this then i'm guessing your going to give them what ever they want anyway.
  i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
  
  --
  If you mod me down, I will become more powerful than you can imagine....
11. Re:Do I need to prepare? by he-sk · 2009-08-01 14:04 · Score: 2, Insightful
  
  The perp won't be able to read the data, unless he installs this rootkit, returns your PC and then steals it again to read the keylogger info.
  Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
  
  --
  Free Manning, jail Obama.
12. Re:Do I need to prepare? by ehrichweiss · 2009-08-01 14:18 · Score: 4, Interesting
  
  Encryption is to prevent your data from escaping if someone stole your laptop. It however will NOT prevent the thief from installing a keylogger(which is what TFA is basically describing) which can then be used to discover your passphrase and eventually gain access to the system.
  
  If you lose a laptop and then recover it, you can be fairly certain that your data was never leaked but you cannot be certain that someone didn't tamper with your system so they could steal the data later. At that point the best you could do would be mount the volume on a completely different system and move any data you hadn't already backed up, then wipe the drive/bios fully..though after yesterday's article about the BIOS "rootkit" that is Computrace, I'd be wary of the hardware at that point.
  
  --
  0x09F911029D74E35BD84156C5635688C0
13. Re:Do I need to prepare? by BitterOak · 2009-08-01 14:46 · Score: 4, Informative
  
  Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
  Sorry. Wiping the system will do nothing if the malware is installed in the BIOS. And it will do nothing to protect you from hardware keyloggers. Also, recall the story earlier today about tampering with the flash memory in keyboards.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
14. Re:Do I need to prepare? by he-sk · 2009-08-01 15:00 · Score: 1
  
  The BIOS and the keyboard are part of the system. You just have to be thorough. ;)
  You should be able to spot external hardware keyloggers easily.
  
  --
  Free Manning, jail Obama.
15. Re:Do I need to prepare? by Dare+nMc · 2009-08-01 15:18 · Score: 1
  
  Assuming you can get to the network stack from the malicious bios, then the "steals it again" might be as simple as, waits for a network connection, to start transferring.
  The only novel thing I see, is having a malicious true crypt stack means that it could then send the credentials out, then even after you remove all the malware and change your volume password unless you create a new truecrypt volume, some data will be vulnerable to the hacker long into the future.
  It does make me wonder if a combination keypad for a external usb drive would help, IE it has truecrypt that combines the external password with the PC entered password and avoids having any access to the entire password exposed to the PC OS. Of course that means you have to protect the BIOS of the usb dongle, and that a windows virus could still access the drive data while mounted. But at least you could prevent all of your data from being constantly available. And not have to always completely trust every bit of the hardware, BIOS, and OS.
16. Re:Do I need to prepare? by Antique+Geekmeister · 2009-08-01 15:37 · Score: 1
  
  Disk encryption is handy, for traveling with a USB device, protecting a laptop from a corporate "partner" when you connect to a network to do a presentation, or avoiding having the Chinese or US federal agencies illegally scan your laptop data without a warrant.
17. Re:Do I need to prepare? by myforwik · 2009-08-01 15:49 · Score: 3, Interesting
  
  Just boot from a CD rom. Infact forget the hash, just boot from the truecrypt rescue disk every time which restores your MBR.
18. Re:Do I need to prepare? by Z00L00K · 2009-08-01 17:10 · Score: 1
  
  That's something you were as soon as you started to earn money.
  There is always someone out to get your money one way or another.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
19. Re:Do I need to prepare? by siloko · 2009-08-01 17:57 · Score: 1
  
  hd encryption was designed to stop people stealing your hd
  Yes, when my encrypted volume detects bad people it shouts "Go away, this volume is encrypted, shooo!"
20. Re:Do I need to prepare? by siloko · 2009-08-01 18:00 · Score: 1
  
  The perp won't be able to read the data, unless he installs this rootkit, returns your PC and then steals it again to read the keylogger info. Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
  Even easier solution: I ensure my system contains nothing but totally useless crap. That'll learn 'em!
21. Re:Do I need to prepare? by siloko · 2009-08-01 18:05 · Score: 1
  
  though after yesterday's article about the BIOS "rootkit" that is Computrace, I'd be wary of the hardware at that point.
  So what your saying is be wary of the hardware when your kit is stolen AND be wary of the hardware before your kit's been stolen. Great! I was gonna wait until my hardware was morphing into robocop before being scared of it now I'll have to rethink . . .
22. Re:Do I need to prepare? by siloko · 2009-08-01 18:20 · Score: 1
  
  and still keep working with an admin account
  I'm in the process of virtualizing our servers and will be using encryption to further secure the data. You make a good point because the most unpleasant part of the process is gonna be telling the other admin he can't work with root anymore. Here's me diligently creating a new user with only the necessary rights, both on the System and within services (Mysql, etc.), and there's him tip-toeing around the file system like an elephant in a rage. He dropped one of our live databases by accident the other day whilst implementing a new schema . . . er yes the virtualized solution includes a test AND a production environment!
23. Re:Do I need to prepare? by mr+exploiter · 2009-08-01 18:33 · Score: 2
  
  I think you are overestimating how difficult is implementing this... I think that what he did is about the same difficult of what you'd expect in a BS level Operating System homework... and he would get an F for not understanding what are the limits of what encryption provides. And he talks like a pompous ass-hat.
24. Re:Do I need to prepare? by MoogMan · 2009-08-01 20:40 · Score: 2, Insightful
  
  Yes, it's a typical MITM attack.
  As Trucrypt presents it's drives as block devices to the OS, this BIOS-level Trojan is equivalent to a typical OS-level Trojan.
25. Re:Do I need to prepare? by Sprinkels · 2009-08-01 23:03 · Score: 1
  
  Replace the entire computer. Is that thorough enough?
26. Re:Do I need to prepare? by TheRaven64 · 2009-08-02 00:05 · Score: 1
  
  Depends on where you buy the replacement from, and whether it comes pre-compromised.
  
  --
  I am TheRaven on Soylent News
27. Re:Do I need to prepare? by tappel · 2009-08-02 01:12 · Score: 2, Informative
  
  i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
  Decent defense against keyloggers etc.: Do not let anyone compromise your machine. It boils down to this; even with "authenticated" hardware there's always a step that is not authenticated. As long as you don't let anyone tamper with your machine, you're safe.
  And if you do think your hardware has been compromised, there are ways to attempt an offline recovery of data so that the attacker never knows you have decrypted your system and gotten the data out. Physically destroy the machine afterwards, to be sure.
28. Re:Do I need to prepare? by AmiMoJo · 2009-08-02 02:00 · Score: 1
  
  It's not even as good as a keylogger really, as it does not capture the encryption key or password. It could be modified to, but at the moment it just reads unencrypted data (and has no way of storing it en-masse either).
  This sort of attack has been known for quite a while. A similar one involves rebooting a booted system and loading a Linux distro to capture the encryption key from memory (since memory is not normally wiped during a reboot). Really, there is very little you can do against that kind of attack. Your only hope is to avoid having the machine taken away from you in a booted state, and not to trust it at all when returned to you.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
29. Re:Do I need to prepare? by AmiMoJo · 2009-08-02 02:02 · Score: 1
  
  So just re-flash your BIOS. If you are really paranoid, you could even just switch to a new PC. You can recover your data from another OS.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
30. Re:Do I need to prepare? by buchner.johannes · 2009-08-02 02:10 · Score: 1
  
  It is better than a keylogger in the sense that it can not be detected, as it is not installed on the Operating System, or a installed program. The partition is clean.
  That is the main point of the tool. I don't know if this has been around for a while.
  You could also change the installed TrueCrypt software to decrypt the partition on the next boot, and not tell the user anything about it. :-)
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
31. Re:Do I need to prepare? by Lennie · 2009-08-02 02:36 · Score: 1
  
  Some one will just move your disk to an other machine and replace the true-crypt software with one that doesn't do any checking...
  If you stored something in TPM you might have a chance, but if your computer brakes, you'll probably also loose the content of the disk (backups can prevent huge problems with that ofcourse).
  
  --
  New things are always on the horizon
32. Re:Do I need to prepare? by sjames · 2009-08-02 02:43 · Score: 1
  
  Since the rootkit intercepts disk access, any attempt to access the MBR can return a stashed away copy of the original one with the correct hash.
33. Re:Do I need to prepare? by DavidTC · 2009-08-02 03:21 · Score: 1
  
  How the hell do you reflash your BIOS without using your BIOS?
  
  --
  If corporations are people, aren't stockholders guilty of slavery?
34. Re:Do I need to prepare? by nanospook · 2009-08-02 03:37 · Score: 1
  
  All this work just to get free porn? wow..
  
  --
  Have you fscked your local propeller head today?
35. Re:Do I need to prepare? by AmiMoJo · 2009-08-02 06:16 · Score: 1
  
  There is a way, sort of. Most BIOSs contain a special bootloader area which is stored in a ROM and not changeable. It has only two functions, to checksum and load the main BIOS code from EEPROM and to recover the main BIOS code in the event that the EEPROM checksum fails. The latter operation requires a floppy disk with just the BIOS imagine on it to be inserted when the computer is powered on. It's basically a way to recover from a bad BIOS update.
  You can use this to ensure that the BIOS is flashed with an unmodified image by code stored in a ROM (so it can't be infected). You start a BIOS update as normal in DOS, and cut the power half way through so that it fails the checksum next time you boot. You then use the failed update recovery procedure to load your pristine BIOS image.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
36. Re:Do I need to prepare? by maxwell+demon · 2009-08-02 08:12 · Score: 1
  
  So the test must be done directly in the drive's firmware.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
37. Re:Do I need to prepare? by maxwell+demon · 2009-08-02 08:18 · Score: 1
  
  i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
  [...] Physically destroy the machine afterwards, to be sure.
  How many home users would consider that acceptable?
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
38. Re:Do I need to prepare? by maxwell+demon · 2009-08-02 08:24 · Score: 1
  
  And then, when you deliver to the next agent, you learn that the real top secret data wasn't on the hard disk, but micro-engraved onto the CPU cooler ...
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
39. Re:Do I need to prepare? by BitZtream · 2009-08-02 08:44 · Score: 1
  
  Encryption is meant to prevent data release with such a loss, but does nothing much to guarantee integrity of the system after recovery.
  Then you are using the wrong system. A properly designed crypto system will guarantee the data hasn't been tampered with as well. You can't prevent tampering, but you sure as hell can detect it.
  Please don't try to educate people on encryption when you don't actually know anything about it.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
40. Re:Do I need to prepare? by aaandre · 2009-08-02 10:44 · Score: 1
  
  Why just border patrol. Why not a tax break for corporations who do it... or compliance requirement in the banking industry etc.
  In a culture where money is god, everything has a price.
  Just put the right incentives in place and watch the wheels turning :)
41. Re:Do I need to prepare? by AmiMoJo · 2009-08-02 10:50 · Score: 1
  
  Well, you can actually get new BIOS chips for most motherboards on eBay, including laptops. They are usually socketed, at least on desktops, laptops vary.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
42. Re:Do I need to prepare? by niteshifter · 2009-08-02 11:51 · Score: 1
  
  But that's the entire point of System Encryption right there! Someone gains physical access to your machine and they still can't do squat to read the contents (short of beating you with a hose to get the password or spending serious supercomputer time). System Encryption was designed for precisely this application.
  Rubber hose? We doan need no steenkin rubber hose! We doan need no super-whatis neither. We make two trips to machine: One to install hardware keylogger, one to pick it up and put in pocket and walk away.
  Only fools use single-token authentication.
43. Re:Do I need to prepare? by Trahloc · 2009-08-03 01:01 · Score: 1
  
  If on return of your computer you reflash your bios with the latest version from XYZ corp you bought it from, will that kill the malware? Baring of course your wearing a tinfoil hat like one of the other replies here and think all machines are infected from the factory and none of the other real security analysts who go to places like defcon have caught it... That should work to protect your machine from this once you recover it, yes?
  
  --
  The Goal: A long simple life filled with many complex toys.
44. Re:Do I need to prepare? by hesaigo999ca · 2009-08-03 01:15 · Score: 1
  
  I guess a really good hacker would clone the drive for a later time AND install that keylogger with remote upload, then once the password is figured out, uses it on the cloned drive from the safety of his own home, without ever needing to steal the laptop a second time, no?
Uh, what? by Cthefuture · 2009-08-01 11:52 · Score: 4, Interesting

So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.
I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.
Kind of "duh" story if you ask me.

--
The ratio of people to cake is too big
1. Re:Uh, what? by The+MAZZTer · 2009-08-01 12:53 · Score: 2, Interesting
  
  Well, I assume the entire system is encrypted, in which case there'd be little you COULD do except trick the user into giving you their decryption key.
2. Re:Uh, what? by flydpnkrtn · 2009-08-01 19:03 · Score: 1
  
  I think you misunderstand... the entire volume is presumed to be encrypted by TrueCrypt, so the assumption is that the data on the machine is safe, even if the entire machine is stolen (such as the case with a laptop)
  The thinking is that yes, you could boot to a LiveCD on the stolen laptop and try to e.g. mount the NTFS volume on the machine, but with the entire volume encrypted you wouldn't be able to get any meaningful data off the machine
  This isn't a "duh" story, because if you're able to steal a laptop and successfully bypass TrueCrypt's encryption of an entire volume by hooking an interrupt that's definitely a big deal
  
  --
  Here's to the crazy ones
3. Re:Uh, what? by Cthefuture · 2009-08-02 00:26 · Score: 1
  
  I think you need to read the article again. This doesn't bypass TrueCrypt's security. If you steal the computer you can't use this technique to get at the encrypted data. This attack needs the person to enter their password to decrypt the volume.
  I think the only presumption is that for some reason people think someone can't install anything on their computer just because the entire drive is encrypted. That logic is flawed because there is still plenty of unencrypted code that must be run to bootstrap the machine. This attack uses the boot sector but there is also a TrueCrypt bootloader that runs and various other things that could be installed to get the user's password (eg. hardware keylogger).
  In short, if anyone ever has physical access to your machine then you're screwed, doesn't matter if your whole drive is encrypted. That is common knowledge though.
  
  --
  The ratio of people to cake is too big
4. Re:Uh, what? by flydpnkrtn · 2009-08-02 05:58 · Score: 1
  
  Well, in this case I think what you're saying is that "if anyone ever has physical access to your machine without your knowledge," right?
  If Joe hacker stole the laptop, installed his keylogger or whatever and then placed the laptop back on your desk and he was undetected, THEN he could get the password.
  Just stealing the laptop doesn't get you anywhere... I see what you mean
  
  --
  Here's to the crazy ones
5. Re:Uh, what? by maxwell+demon · 2009-08-02 08:32 · Score: 1
  
  Every system starts up in 8086 real mode first. The first accesses are therefore in real mode, using the BIOS, in order to load the OS specific bootstrap code which will then switch the CPU into whatever mode the operating system uses.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
News? by mysidia · 2009-08-01 11:55 · Score: 1

A trojan horse can compromise data, or encryption keys, possibly revealing them to a third party, if the trojan runs at a time that those keys are revealed to the system. Film at 11.
Nothing to see here, move along, move along...
Just when I though I was safe.... by ray-solomon · 2009-08-01 11:57 · Score: 1

Is this type of attack only limited to trucrypt or can it affect other product? And.. is there a way to prevent it?
1. Re:Just when I though I was safe.... by CharlyFoxtrot · 2009-08-01 13:28 · Score: 3, Interesting
  
  Is this type of attack only limited to trucrypt or can it affect other product?
  From what I understand it could potentially affect other products unless they (properly) use TPM to avoid this kind of attack by checking MBR against a checksum.
  
  is there a way to prevent it?
  Get a mac! Not trolling, from TFA: "The attack is unsuccessful when the BIOS successor the Extensible Firmware Interface (EFI) is at work on the motherboard." AFAIK Apple are the only vendor using EFI on their entire range at the moment. I guess mounting everything read-only, or using a BSD with the file immutable bit set on all system files would work too.
  
  --
  If all else fails, immortality can always be assured by spectacular error.
2. Re:Just when I though I was safe.... by sumdumass · 2009-08-01 13:56 · Score: 4, Interesting
  
  I'm not so sure a mac is the answer. With a mac, you can just install the code in the keyboard and grab the keys directly.
3. Re:Just when I though I was safe.... by wagnerer · 2009-08-01 17:33 · Score: 1
  
  And what does the keyboard do with the data? It still needs a compromised system to relay it anywhere useful. Or you need to have repeated physical access to the keyboard.
4. Re:Just when I though I was safe.... by flydpnkrtn · 2009-08-01 19:08 · Score: 1
  
  Er, Linux can do the immutable dance too... not just a BSD specific thing
  
  Although now that I think of it... how does setting +i on everything help?
  
  --
  Here's to the crazy ones
5. Re:Just when I though I was safe.... by lukas84 · 2009-08-01 20:15 · Score: 1
  
  Except Bitlocker, which utilizes the TPM.
6. Re:Just when I though I was safe.... by sumdumass · 2009-08-01 20:38 · Score: 1
  
  Well, yea, it's the same witht he bios hack. You gain access to the system, install your malware, leave then come back and either take the system with unfettered access to the data on it or simply use it in place and hope no one detects it.
7. Re:Just when I though I was safe.... by TheRaven64 · 2009-08-02 00:11 · Score: 1
  
  And you only have about 1KB of storage space on the keyboard, so you need some good heuristics to know when the user is entering a sensitive password. Most of the time, password entry on OS X is triggered by a dialog box appearing, which is difficult to detect from the keyboard. It's a bit easier, of course, if your user is a command line junky; then you just need to look for the string 'sudo' and then grab everything after the next enter and before the one after that. Of course, the user may have ssh'd to another machine by then, so you may have a password but no idea of which machine it relates to...
  
  --
  I am TheRaven on Soylent News
8. Re:Just when I though I was safe.... by TheRaven64 · 2009-08-02 00:25 · Score: 1
  
  Hmm, looks like another case where Linux has copied a feature and yet missed the point. On a BSD system (this feature comes from 4.4BSD, so it is a BSD feature, just one that a few SysV variants have implemented) this is tied to the concept of securelevels. The system boots in securelevel -1, and typically enters securelevel 0 at the end of the boot process. At this point, you can read and write any devices, subject to their permissions, and can use chflags to set and clear immutable attributes.
  A root user can increase the securelevel, but not decrease it. At securelevel 1, you can add immutable flags but you can't remove them. You also can't write to /dev/mem or /dev/kmem, or raw block devices for mounted filesystems. On OpenBSD, the system enters securelevel 1 when the system becomes multiuser.
  Securelevels above 1 vary between systems, but typically involve things like restricting the ability to add or remove firewall rules, or the ability to access unmounted block devices.
  If your system is set to boot in securelevel 1 and the file containing the boot securelevel setting is set as immutable then the only way of modifying it is to boot into single-user mode, which requires physical access. Particularly paranoid admins often set this flag on the kernel and a few other system files. This means that you can only perform a system upgrade from single-user mode (or after rebooting into single-user mode and then booting at securelevel 0) but that's the recommended approach anyway so that you're not kicking your users off abruptly in the middle and changing shared libraries under their feet.
  
  --
  I am TheRaven on Soylent News
9. Re:Just when I though I was safe.... by flydpnkrtn · 2009-08-02 06:02 · Score: 1
  
  Interesting writeup... I had no idea OpenBSD has these restrictions in place for single vs multi user runlevels.
  Thanks for the informative writeup!
  
  --
  Here's to the crazy ones
10. Re:Just when I though I was safe.... by sumdumass · 2009-08-02 08:32 · Score: 1
  
  Or you reboot the computer or log it out so they are forced to enter the password. Then you just log the first so many key strokes and continue after a reset or long delay in typing until the buffer is full. You will most likely get access to the encryption, the system, email, and probably a few other things seeing how people like to log in to do something productive.
Much as we hate TPM here on /. by Wrath0fb0b · 2009-08-01 12:03 · Score: 5, Interesting

TFA has a very good point -- unless you (cryptographically) trust the components of your system all the way down to the hardware itself, you can get pwned by an attack like this. You can regularly do all-the-way-to-the-firmware scrubs of your machine as damage-control, but the only real prophylactic is some form of trusted computing.
Of course, I'm not really dying to jump on the TPM bandwagon, given the sponsors, but it sure would be nice if there was an openly-audited trusted computing module.
1. Re:Much as we hate TPM here on /. by Nerdfest · 2009-08-01 12:11 · Score: 2, Insightful
  
  TFA mentions Windows BitLocker as being effective at detecting this as it creates a hash of the MBR. Any Linux alternatives for this sort of functionality?
2. Re:Much as we hate TPM here on /. by Wrath0fb0b · 2009-08-01 12:18 · Score: 5, Informative
  
  http://lwn.net/Articles/144681/
  Linux has had kernel level support for TPM for a while but most F/OSS developers have an intrinsic aversion to the concept (as I said in the GP, the identity of the TPM principals doesn't exactly give me a lot of confidence) so it's not widely used as far as I can tell.
  A wonderful response from the F/OSS community would be to build a version of TrueCrypt that uses TPM to authenticate the BIOS and MBR against the known good versions.
3. Re:Much as we hate TPM here on /. by Alanceil · 2009-08-01 12:23 · Score: 1
  
  Why not use a shellscript at boot-time for this ?
  Something along the lines of "dd if=/dev/sda bs=512 count=1 2> /dev/null | sha1sum",
  it should be enough to check for differences in output.
4. Re:Much as we hate TPM here on /. by Wrath0fb0b · 2009-08-01 12:28 · Score: 5, Insightful
  
  Unless the bios writes a kernel module that hooks into reads from /dev/sda and gives out false information for the first 512 (or whatever) bytes.
  You cannot possibly defeat malware that is running on the same level of privilege as your detection code.
5. Re:Much as we hate TPM here on /. by noidentity · 2009-08-01 12:35 · Score: 1
  
  If you have a trusted BIOS and OS that doesn't have security flaws, how can the BIOS get modified? And as far as determining whether you have a compromised BIOS, why can't you just read the BIOS back and verify that it contains what it should?
6. Re:Much as we hate TPM here on /. by characterZer0 · 2009-08-01 13:15 · Score: 1
  
  TPM is only good if you trust it to be secure. I think the issue a lot of F/OSS people have is that you are taking Intel's word for the security of the TPM.
  
  --
  Go green: turn off your refrigerator.
7. Re:Much as we hate TPM here on /. by poopdeville · 2009-08-01 13:23 · Score: 5, Insightful
  
  Because if you have a compromised BIOS, it could "read back" whatever you wanted to hear. Asking a hacked BIOS to read itself back to you is like asking a liar whether he is a liar -- it gets you no reliable information.
  Surely you jest.
  As to updating the BIOS in a TPM system, I imagine that the procedure would be like this: ...
  (3) On next boos, TPM raises an alert saying "BIOS has been replaced -- new bios hash XXXXXXX"
  If you think this scheme works, but the one above doesn't, I have a bridge to sell you. Where do you think this data to hash is going to come from? From the BIOS, which you claim is an unreliable source. Indeed, if you rig up a BIOS to return the same signature as your current one, and you can run step 2 with no step 3 or 4.
  
  --
  After all, I am strangely colored.
8. Re:Much as we hate TPM here on /. by myforwik · 2009-08-01 13:28 · Score: 1
  
  Many people have suggested TC should has the MBR. This is so stupid it boggles the mind. All you do then is replace that version of truecrypt with one that doesn't really hash the MBR but just runs as if it was hashed and passed. The only difference between bitlocker and truecrypt is that bitlocker uses trusted computing where as truecrypt tells you to secure your hardware since there is no trusted computing for it to use.
9. Re:Much as we hate TPM here on /. by sumdumass · 2009-08-01 14:18 · Score: 1
  
  I'm not entirely sure why the malware can't just forward the boot sector. The hack intercepts the interrupt 13h then forwards it but it doesn't say that it limits it's function. Your script would probably return the same boot sector information whether whether using the bios it kernel level access.
10. Re:Much as we hate TPM here on /. by mlts · 2009-08-01 15:06 · Score: 4, Interesting
  
  The tools are there (tboot, TrouSers). What is missing is a gestalt "stack", where an admin can configure a distro to "seal" the hash of various parts of the boot process in the TPM (MBR, boot sector, BIOS, kernel, RAMdisk image), then encrypt the rest of the machine. Then, at boot, it would boot to the ramdisk filesystem, ask the TPM for the key, and if the image has not been tampered with, the TPM will hand the key over, and the boot process continues.
  One thing that isn't discussed (which is important) is a facility for recovering the encrypted data should the TPM be off or erased. BitLocker handles this fairly gracefully by saving a keyfile to a USB flash drive, or allowing the user to print out a sequence of numbers with the recovery key. BitLocker also allows saving of the recovery key to Active Directory, ensuring that corporate IT has recovery access (which is required by law in a number of cases). Finally, for home users, BitLocker allows use of offsite storage for the recovery information.
  Another option to implement a means of recovery is to have a recovery passphrase. PGP is a product that allows this, where one can boot from a TPM, but if that is unavailable, one can type in a previously set passphrase, or a WDRT (whole disk recovery token, which is a challenge/response system).
  This functionality will have to be implemented distribution by distribution, as there isn't a standardized set of tools. Perhaps one thing that should be designed would be a standard for implementation across distros.
11. Re:Much as we hate TPM here on /. by mlts · 2009-08-01 15:18 · Score: 2, Informative
  
  I have seen implementations that use the TPM chip offer additional functionality so the chip can be part of the boot process. PGP allows one to use both the TPM chip and a passphrase for booting, so if the TPM chip does get compromised, it will not do an attacker much good.
  BitLocker allows one to use a USB flash drive as well as a TPM, XORing the keyfile and the TPM's sealed key to obtain the final volume decryption information. This way, an attacker would have to not just be able to physically attack the onboard crypto chip (which would require big budget tools in a silicon fab), but also have to get possession of the USB flash drive. At this point, an attacker with deep pockets would likely resort to rubber hose crypto (XKCD link: http://xkcd.com/538/) as opposed to spend the money and resources of a fab to cut into silicon layer by layer to obtain the sealed key.
12. Re:Much as we hate TPM here on /. by hedwards · 2009-08-01 15:59 · Score: 1
  
  That's valid to a point, but ultimately anything that's been devised thus far can be cracked an exploited, the whole point of encryption is to make the process take so ungodly long that the utility of the information to the attacker is eliminated.
  
  Which doesn't necessarily mean that you need the highest bit rate for every task, if you're just wanting to secure a connection for a OTP the amount of encryption is pretty minimal, if you're needing to use the same cert for many connections then you'd want and need a much higher quality encryption.
13. Re:Much as we hate TPM here on /. by Dog-Cow · 2009-08-01 16:07 · Score: 1
  
  Umm, no. Software that hashes the BIOS for comparison purposes will be reading the flash itself, not relying on the BIOS at all.
14. Re:Much as we hate TPM here on /. by mlts · 2009-08-01 16:09 · Score: 1
  
  The TPM does make things more difficult for an attacker in a way that no software is able to. Software can do a lot, but sometimes you do need hardware. For example, hardware is required for a translation layer from a physical drive to the SATA connection so an OS doesn't have to worry that a new hard disk has perpendicular recording on the sectors as opposed to MR recording.
  The big advantage of having hardware is that it forces an attacker to look elsewhere for a way in, to hardware that is machine dependant. One machine may have a video card that is compromisable, but another box might not. Because of this, a MBR attack that is done on a widespread scale (say a payload in a Web browser exploit) would not work on a TPM protected system. An attacker would have to target that system and its exact configuration specifically to gain access. Some feature that might be exploitable on FooBarBaz Rev A. chipset may not be present due to economic reasons on FoobarBaz Rev B. chipset.
15. Re:Much as we hate TPM here on /. by Hurricane78 · 2009-08-01 19:12 · Score: 1
  
  I saw a lengthy video that really went into the depth of it. And the main point was/is, that TPM in itself is a great security concept. It's just that the problem is, that it's controlled by them. And they decided, not to trust you. (As that short video we all know also explains.)
  Luckily, they left a hole in it as big as an asteroid belt: You can change who controls it, and so take back your computer. From then on, you change it so that you are trusted and everything else is not, lock the hole down, and you're good.
  The "problem" only was, that you then had no access to the Vista file systems anymore. But you would have formatted the system, or not have Vista at all anyway, so it would not matter. :)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
16. Re:Much as we hate TPM here on /. by trifish · 2009-08-01 19:51 · Score: 1
  
  TPM will not help you in this case. At all.
  If you can modify the MBR (which this guy has to), you either already have admin rights or physical access to the machine.
  If you have admin rights, you can reset the TPM or do just about anything (save snapshots of RAM, where the decrypted plaintext, and master key are). If you have physical access you can do just about anything top (install a key logger, take snapshots of RAM, replace the Bitlocker bootloader with a fake one that will accept your password and false say it is incorrect, but then transmit it to the attacker.)
  With this article I've stopped trusting the Slashdot editors and started ignoring the Black Hat conference (as they let in amateurs who know nothing about security present discoveries such as, hey see what I can do when I have root level access to your computer).
  I'm truly disgusted at the stupidity of people.
17. Re:Much as we hate TPM here on /. by Lennie · 2009-08-02 03:29 · Score: 1
  
  Hardly effective, you could still install a keylogger on on the keyboard or record the sounds the person is typing on the keyboard.
  
  --
  New things are always on the horizon
18. Re:Much as we hate TPM here on /. by swillden · 2009-08-02 03:49 · Score: 1
  
  but if it is the tpm chip that does the check and calculates the hash, and not the bios, you can't modify the bios without alerting the tpm cihp.
  The TPM is just a device sitting on an internal USB bus. It has no ability to somehow reach out and scan the BIOS, it only works with whatever information is fed to it.
  The BIOS has to feed itself to the TPM, which means that a compromise of the BIOS screws you completely.
  I suppose what we really need is a bit of pre-BIOS code which is stored in ROM and therefore unmodifiable. That code should do nothing other than start up the TPM and feed the BIOS to it.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
19. Re:Much as we hate TPM here on /. by russotto · 2009-08-02 03:53 · Score: 1
  
  One thing that isn't discussed (which is important) is a facility for recovering the encrypted data should the TPM be off or erased.
  
  Unfortunately, this falls under the category of "controlled destruction of security". Once you have such a method, you can attack either it OR the TPM, and compromising either one gets you the whole system. Doesn't mean it's worthless, just means it IS a compromise.
20. Re:Much as we hate TPM here on /. by noidentity · 2009-08-02 04:04 · Score: 1
  
  Because if you have a compromised BIOS, it could "read back" whatever you wanted to hear. Asking a hacked BIOS to read itself back to you is like asking a liar whether he is a liar -- it gets you no reliable information.
  
  So you remove the hard drive, then ask the BIOS to give you a copy of itself. It can't fake this. You ensure that the trusted BIOS cannot be compressed any appreciable amount, so that a compromised one couldn't simply contain the trusted one compressed along with the rootkit.
21. Re:Much as we hate TPM here on /. by BitZtream · 2009-08-02 08:51 · Score: 1
  
  No, the hash comes from the TPM module, that actually starts before the modifyable BIOS. The TPM actually contains the real initial code run on the machine, which authenticates the 'BIOS' that you are thinking of, does whatever checks it needs to do and then, if everything is okay, it bounces over to the 'BIOS'.
  You don't ASK The bios what its hash is, you read the BIOS and hash it yourself.
  The downside to this is, you can't allow the TPM bios to be updated, ever, to be safe, which can introduce problems since no one today bothers to write and test code the way we did before the Internet.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
22. Re:Much as we hate TPM here on /. by skeeto · 2009-08-03 04:12 · Score: 1
  
  TPM is not necessarily bad.
  TPM is good when it gives the user, the owner of the hardware, more control, such as in this case when it could prevent this attack. As in the name, the user can trust their hardware. This is why the military likes it.
  TPM is bad then it gives someone else control over the user's computer, like adding restrictions on the way data can be handled (hardware supported DRM). "Treacherous" computing, as its detractors call it.
  It is dangerous for normal computer users because it would only be used for the bad reasons, taking freedom away from the user.
man in the middle by MoFoQ · 2009-08-01 12:10 · Score: 4, Informative

it's more of a "man in the middle" sort of thing and it by itself does not "break" the encryption.
Think of it as a keylogger for your hard drive.
No matter how complex and secure an encryption method is, if you can steal the password (or key), yea...you get the idea.
In that sense, the title, summary, and the title of the article in question is misleading as it doesn't really bypass any encryption but rather daisy-chains itself into the process (so once you enter a password/key, it can capture it).
1. Re:man in the middle by Tuoqui · 2009-08-01 14:44 · Score: 1
  
  Exactly...
  This 'attack' can only work if the person compromised the machine, waited for you to log in and then stole it or compromised it again.
  For all intents and purposes your typical street level thug swiping a laptop laying around it keeps them from accessing your shit.
  
  --
  09F911029D74E35BD84156C5635688C0
  +2 Troll is Slashdot's way of saying groupthink is confused
Not a new thing or idea by pehrs · 2009-08-01 12:10 · Score: 5, Insightful

I can't tell what's supposed to be interesting or spectacular about this. It's a standard rootkit with MBR support along with some special hooks for truecrypt. It won't let anybody read an encrypted truecrypt volume unless you enter the password... And if you do enter the password on an owned computer it's not like trucrypt is going to help you anywhere. If you unlock the volume any malware can grab all the data it wants through the usual calls and hooks. It doesn't seem especially advanced compared to many of the rootkits out there.
1. Re:Not a new thing or idea by calmofthestorm · 2009-08-01 13:57 · Score: 2, Insightful
  
  Agreed; I'm more worried about tiny pinhole cameras watching my keystrokes, that RF keylogging, or a rubber hose. My crypto has always been to deter the average thief who boots once to look for personal info before selling it online and to prevent other students from pranking me. Against a resourceful attacker you're pretty much screwed anyway.
  My best defense is that the kind of people who /could/ break into my computer have better things to do.
  
  --
  93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Obligatory... by AnonymousIslander · 2009-08-01 12:16 · Score: 1

The original :-)
Ok I don't get it by Sycraft-fu · 2009-08-01 12:19 · Score: 5, Insightful

How does this, in any way shape or form, "break" Truecrypt? Now maybe I misunderstand how it works, since the information is not presented in a clear manner and the author is letting ego get in the way of good writing, but more or less it looks like he has a way to get in to the system at a low level. Ok, great, that does NOTHING to break the encryption. I see nothing in here about managing to get data out of a Truecrypt drive/volume without knowing the key. So what's the big deal?
I mean yes, you could use said malware to log the password. Well guess what? If you've physical access to the system, you don't need software for that. A hardware keylogger would achieve the same thing, or maybe a camera over the shoulder or maybe a tempest attack. The point is if you have physical access to the system, there is little someone can do to keep you from bugging said system.
What Truecrypt is intended to deal with is someone nabbing your system and getting data, and I see no break in that regard. If you encrypt your laptop's harddrive to ensure that nobody gets your data, and somebody steals you laptop, this doesn't help them. For it to help them they'd have to get your laptop, bug it, get it back to you such that you didn't notice, wait for you to use it, then steal it again so they could get the password.
I just fail to see how this is news here. If there is something I'm missing, by all means I'd be interested in knowing.
1. Re:Ok I don't get it by Wrath0fb0b · 2009-08-01 13:00 · Score: 5, Insightful
  
  How does this, in any way shape or form, "break" Truecrypt?
  
  It breaks the unspoken (and totally unwarranted & incorrect) assumption that TrueCrypt not only encrypts but also authenticates.
  This is not "breaking" TrueCrypt since they never claimed to authenticate the MBR/BIOS against this sort of attack. That's what's somewhat clever about it -- it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.
2. Re:Ok I don't get it by brunes69 · 2009-08-01 13:17 · Score: 1
  
  What if someone (say, a government agency) does not steal your laptop, but instead, infects it with this compromised BIOS, then just puts it back?
  Then just let you run it awhile oblivious, *THEN* later on seize it? You think you're protected, but surprise, you aren't.
  It is a lot easier to detect a hardware keylogger or secret camera, than an infected BIOS, unless you are super paranoid.
3. Re:Ok I don't get it by JordanL · 2009-08-01 13:51 · Score: 1
  
  Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.
  
  Theoretically.
  
  --
  FanFictionRecs.net
4. Re:Ok I don't get it by brusk · 2009-08-01 14:10 · Score: 2, Informative
  
  Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.
  Uhhh....No. This is no different from a wiretap (assuming a judge authorized it, of course). It has nothing to do with entrapment or the fifth amendment, any more than an FBI bug on a phone line does. As for due process, see the part about a judge issuing a warrant. The fact that you thought it was perfectly safe don't enter into it.
  
  --
  .sig withheld by request
5. Re:Ok I don't get it by JordanL · 2009-08-01 15:13 · Score: 1
  
  The presumption that the parent post was going under was that the bug was implanted before information was collected... In other words they put in the kit, then go get a warrant for the computer, then the information is readable under their warrant.
  
  My point was actually your point: they would have to have a warrant first, otherwise the only two ways to implant the bug would be getting you to do it for them (entrapment) or doing it themselves (due process).
  
  --
  FanFictionRecs.net
6. Re:Ok I don't get it by Kythe · 2009-08-01 15:22 · Score: 1
  
  If you're facing an entity with the resources of a government who is investigating you over time without your knowledge, you're probably not going to come out on top. Commodity PC hardware just isn't designed to resist that kind of thing, thus, Truecrypt can't be designed to resist it. I would imagine the same goes for Safeboot and all the other full-disk encryption programs out there.
  
  --
  
  Kythe
7. Re:Ok I don't get it by hedwards · 2009-08-01 16:10 · Score: 1
  
  Wrong, that's not entrapment. Entrapment is tricking somebody into committing a crime so that you can arrest them for that. This isn't really any different than when the FBI breaks into the home of a suspected mafioso and installs a hardware key logger or remotely installs a trojan. The person will commit or not commit crimes as if the investigation weren't taking place and as such there would be no entrapment.
8. Re:Ok I don't get it by CodeBuster · 2009-08-01 16:53 · Score: 2, Informative
  
  TrueCrypt not only encrypts but also authenticates.
  As far as I know, TrueCrypt has never made any claims about authentication. They promise quality encryption, nothing more and nothing less. Everyone who knows anything about security knows that encryption and authentication are separate issues; although they may be combined in a particular system as they are in certificates and public-key cryptography.
  One interesting thing to note are the recent higher quality attacks on 10 round AES, as discussed here on /. TrueCrypt defaults to 256 bit AES for the default algorithm which was among those identified as having a substantially better than brute force attack (although still very impractical) at 2^119 power which is actually worse than using the 128 bit key in AES (which still requires 2^128) so the longer key version of AES is actually weaker now than its shorter 128 bit counterpart (Schneier says that this is mainly due to a poorly designed key schedule in the 256 bit version).
9. Re:Ok I don't get it by trifish · 2009-08-01 20:06 · Score: 1
  
  it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.
  No security software can "handle" attacks when the attacker has admin privileges or physical access to the machine (i.e. root access), which is the case here.
  In case you thought TPM would help, then, no it wouldn't.
  This is nothing more than stupid nonsense created by a random teenager, who obviously knows nothing about security.
10. Re:Ok I don't get it by nedlohs · 2009-08-01 23:44 · Score: 2, Informative
  
  No, for two reasons.
  1. truecrypt doesn't use related keys for encrypting different things, so there's no known plaintexts with which to perform that attack.
  2. 10 round 256 bit AES is less secure than 128 bit AES in cases for which that attack applies. But AES-256 is defined to use 14 rounds so that attack only works against bizarre implementations that decided to be incompatible with the rest of the world and to ignore the security advice of the AES designers. There are approximately 0 such uses of AES.
11. Re:Ok I don't get it by nedlohs · 2009-08-01 23:48 · Score: 1
  
  Please point where the "get a warrant later" part is in that post.
  Since all I can see in it is that instead of taking the laptop they put this bios on it and take it later. Nothing about putting the bios on it being done under different circumstances than the original taking (which once upon a time would have needed a warrant then and there).
12. Re:Ok I don't get it by ziggygushi · 2009-08-02 05:38 · Score: 1
  
  Of coarse TC got authentication what do you think a password is. Its static and loggable but it's got it. In order to make it two or three factor they'd have to make it work with a network card to implement a OTP solution or a Biometric reader. Neither of which I think you can accomplish with a program that fits into an MBR.
13. Re:Ok I don't get it by CodeBuster · 2009-08-02 12:42 · Score: 1
  
  You are correct. However, as Schneier points out, the number of rounds with a better than brute force attack, or 10 rounds in this case, is uncomfortably close to the number of rounds, 14, specified in the implemented standard. This margin of error is, in the opinion of Bruce Schneier, too close for comfort. He also mentions that the key schedule in the 256 bit version of the algorithm is kind of lousy and could probably be improved. The nice thing about TrueCrypt is that there are several other algorithm choices, including Serpent, which finished in second place to Rijndael in the original competition, and TwoFish which was designed by a team including Bruce.
As usual secrets are best kept in brain case by itsybitsy · 2009-08-01 12:24 · Score: 1

As usual secrets are best kept in brain case as anyone who physically gets a hold of your truecrypt volume and machine can now insert the bootkit at their leisure and to their pleasure.
So we're back to physical control of memory to keep secrets.
1. Re:As usual secrets are best kept in brain case by FranTaylor · 2009-08-01 12:28 · Score: 2, Insightful
  
  Tell that to the doctor in the emergency room when he needs to look up your patient records to decide if it's safe to administer a drug to you.
2. Re:As usual secrets are best kept in brain case by itsybitsy · 2009-08-01 12:51 · Score: 1
  
  Ok, so how would having all your medical records encrypted on a key dongle memory stick help you there? The doc would be waking you up saying what's your password dude your life depends on it... the only problem is that you're incoherent from all the partying you did the night before and blerble out nonsense that didn't work anyhow. I guess your lucky since your doctor happens to read slashdot and saw the above article about breaking truecrypt volumes and he compiled the hackers bootkit and installed it and got it working and unlocked your medical records... only to find out nothing of interest that would save you from our own ingestion excesses. So... that leaves you dying in the emergency ward and your doctor scrambling and scratching his head to find out why you ended up the way you are.
3. Re:As usual secrets are best kept in brain case by DarkOx · 2009-08-01 13:51 · Score: 1
  
  I just come back to what my mother told me once. "If you don't want someone else to read it never write it down"
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
4. Re:As usual secrets are best kept in brain case by FranTaylor · 2009-08-01 14:44 · Score: 1
  
  Why don't you read the comment that I was responding to:
  "As usual secrets are best kept in brain case"
  I was asserting the falsehood of that statement., not shilling for USB key dongles.
5. Re:As usual secrets are best kept in brain case by itsybitsy · 2009-08-01 18:35 · Score: 1
  
  That's funny, I wrote the comment you were responding to!
  Your case for the falsehood of the statement was rejected since it was based upon bad logic.
TPM Is ***NOT*** the answer. by Anonymous Coward · 2009-08-01 12:26 · Score: 1

Replacing software security with hardware security only moves the attacks from software to hardware. There's no such thing as perfectly secure code in hardware or software, just 'good enough' that it will deter most hackers for some finite period of time. Probably the biggest argument against hardware security like TPM is the fact that once it's broken, you pretty much have to replace the machine, since there's no way to go about software patching a broken chip. Meanwhile, software can be updated, new operating systems with less security flaws designed in can be written, and new encryption software schemes can replace flawed ones. See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.
1. Re:TPM Is ***NOT*** the answer. by Wrath0fb0b · 2009-08-01 12:49 · Score: 2, Informative
  
  Replacing software security with hardware security only moves the attacks from software to hardware.
  
  It's much harder to compromise a cryptographic key that is burned into a piece of silicon (think millions for a scanning electron microscopy setup and many hours) than it is to attack software.
  
  See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.
  
  Different security situation in those, since you need the person to be able to decrypt the content in order to play the game. By contrast, a TPM-based setup needs only to confirm that the BIOS and MBR match a specific hash and then pass along control to the (now verified) boot loader or, failing that, draw a red screen.
  Funny, also, that you didn't mention the PS3, which has real hardware crypto and is remains uncracked. Oh well, pick and chose, right?
  Incidentally, the Xbox360 "hack" is based on replacing the firmware on the DVD player to lie to the OS about the disk. Doesn't that sound familiar somehow?
2. Re:TPM Is ***NOT*** the answer. by linuxrocks123 · 2009-08-01 14:57 · Score: 1
  
  Oops: http://www.computerandvideogames.com/article.php?id=165699
  
  --
  vi ~/.emacs # I'm probably going to Hell for this.
3. Re:TPM Is ***NOT*** the answer. by daveime · 2009-08-01 23:39 · Score: 1
  
  I was with you right up until you used the word "boxen" ... after that my brain exploded in disbelief. Please, don't use it again.
4. Re:TPM Is ***NOT*** the answer. by dbjh · 2009-08-02 00:35 · Score: 1
  
  Except that
  - copied games cannot be played
  - PS3s with such an old firmware version are difficult to get by (if at all)
  - the PS3 won't let you get online unless your firmware is recent enough
  - some games require a firmware that is newer than a certain revision
  
  So, what the GP wrote is true: the PS3 remains unhacked.
5. Re:TPM Is ***NOT*** the answer. by linuxrocks123 · 2009-08-02 03:13 · Score: 1
  
  That article was written quite a while ago. Those issues are likely resolved by now.
  
  --
  vi ~/.emacs # I'm probably going to Hell for this.
So by ledow · 2009-08-01 12:39 · Score: 1

If you give your PC to someone, with the capability to modify the innermost workings of the boot sectors, and then log into the PC indiscriminately without verifying that the boot sectors, etc. haven't been modified, it's possible that the password you typed on the keyboard etc. could be captured and then used later (assuming the rogue software would also have the capability send that password to the attacker and/or for the attacker to AGAIN gain physical access to the PC after you've typed in the password as well) to decrypt the contents of the hard drive.
Yeah. And?
Avoidance techniques possible: Not a lot.
Avoidance techniques required: Don't log into a potentially (or, indeed, known) compromised PC, whether encrypted or not.
Where's the news?
Re:Is this really surprising? by Anonymous Coward · 2009-08-01 12:41 · Score: 3, Funny

...
* look inside your computer once in a while
...
For WHAT?!?!? Gnomes transcribing your keystrokes?
Oblig by ParanoiaBOTS · 2009-08-01 12:51 · Score: 5, Funny

http://xkcd.com/538/
Not a break of the encryption or even TC in genera by DarkOx · 2009-08-01 13:41 · Score: 4, Insightful

This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.
All disk encryption can accomplish is:
1. If someone steals the system while off or locked and does not already have the key they can't get the data
2. The system cannon be modified offline with out the key
It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.
Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Boot from CD with a "secure" BIOS by DamnStupidElf · 2009-08-01 14:07 · Score: 2, Insightful

Password protect the BIOS, disable post-boot BIOS flashing, and only boot from a CD that you carry with you at all times. That's a pretty effective way to get rid of software only attacks. Once the hardware is involved (which includes vulnerabilities that allow flashing the BIOS after it's booted or without a password), you're screwed.
1. Re:Boot from CD with a "secure" BIOS by nobodylocalhost · 2009-08-03 02:43 · Score: 1
  
  That doesn't help against memory(RAM) based attacks.
  
  --
  Where is the "Ignorant" mod tag?
Uhhhh by Sycraft-fu · 2009-08-01 14:17 · Score: 1

That seems extremely far fetched for one, but then even if you believe it is the case, what good would it do to fix? When you talk about a government agency, you are talking about someone with essentially unlimited resources. So they have plenty of options. Like I said, there's tempest. They monitor your computer remotely. I've no idea how well it works enough in reality, but it works well enough in theory that intelligence agencies shield against it. Or maybe they simple rewrite the Truecrypt bootloader, and put that on the drive. The program that you run itself now logs the data they want.
If you are in the AFDB world where some all-powerful government is out to get you, there's very little you can do to stop it.
In terms of protecting against threats that, you know, actually matter and are actually realistic, Truecrypt does a great job near as I can tell.
The point of full system encryption... by Andrew916 · 2009-08-01 14:21 · Score: 1

Isn't full system encryption designed to prove its worth once physical control has been gained by the bad guys? If truecrypt doesn't protect the contents of a hard drive that has been stolen it is completely useless. Never trust a product when its creators are anonymous.
1. Re:The point of full system encryption... by Anonymous Coward · 2009-08-01 14:36 · Score: 1, Insightful
  
  Seriously. Read the comments above before you post. There are more than 10 comments right now that explain why the title is misleading and the bootkit does not break the encryption. How hard is it?
2. Re:The point of full system encryption... by myforwik · 2009-08-01 15:21 · Score: 1
  
  True crypt does protect the contents of a drive that stolen. Thats not what is meant by physical control. Physical control is when someone sits down at your computer and changes something so when you put in your password you don't realise you are really giving them your password. Secondly the creators are nont anonymous. I don't know why you think they are. Thirdly you obviously have no read anything above.
Confirm this for me... by Anonymous Coward · 2009-08-01 14:32 · Score: 2, Insightful

So let me get this straight...if a program lodges itself into the bios and intercepts disk calls above an encryption layer and can intercept the data, that is in and of itself newsworthy?
Ok, I though it was like "The government can wiretap your phone by standing in your kitchen while you're talking."
Please....this is unworthy of any attention. Everyone knows that a compromised system is not secure. Was this ever in question? Take your 15 minutes of fame, and go....
Funny, but true by Sycraft-fu · 2009-08-01 14:35 · Score: 2, Interesting

Things like encryption are to protect against normal problem, like losing a device with important data, not to protect against a determined adversary that wants your particular stuff.
For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot. It is a USB stick, since I don't want to keep something like that on my computer which is always networked. While I think I have good security, there's always a chance someone owns my computer and I don't notice. So, best not to keep passwords on it. It is encrypted in case I ever lose it, or it gets stolen. That way, the person who has it can stumble across the password text file.
That is what it is to protect against: Normal ways that someone might happen across my passwords. It is not a protection against everything. If someone really wanted my passwords, they could just hold a gun to my head, I'd give them what they wanted. Nothing I have is worth dying for. As such, no amount of protection would keep it safe. I don't bury my key in a hidden location, I don't keep its existence a secret, etc. Reason is none of that would matter since anyone willing to go to the lengths necessary to get at it, would be willing to go to the lengths to get at me and make me give up my passwords.
Full disk encryption isn't for universal protection, it is for protection against laptop theft. For example at work we used to have an idiot in charge of, among other things, issuing codes for the doors. Our doors have electronic keypad locks as well as physical locks. Ok so idiot didn't keep this data on the central servers. He didn't trust it there. He instead kept it on his laptop. Well, his laptop then got stolen, and the data wasn't encrypted. That was a lot of fun, we got to change all the door codes. Had he encrypted his disk, this wouldn't have been a problem. The crook wasn't trying to get our door codes, they were just stealing a laptop.
1. Re:Funny, but true by WuphonsReach · 2009-08-02 00:41 · Score: 1
  
  For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot.
  
  A better and easier method for storing stuff like that is to use GPG/PGP.
  
  Create a text file for the site / server name. Copy your authentication information (be verbose...) into the clipboard and encrypt with PGP/GPG. Paste the encrypted ASCII text block into the text file.
  
  The big advantage here is that text files are dirt simple to backup (you could even email them) and your main security concern is to now keep your PGP/GPG keyring secure.
  
  Now, I still store those text files on a USB key. But I don't need to rely on specific drivers or anything. And I have a program (Second Copy 7) that automatically backs up the contents of that USB key to my hard drive when it is inserted.
  
  If you don't want to leak server/site names, you could always put everything in a single text file with a generic name.
  
  --
  Wolde you bothe eate your cake, and have your cake?
2. Re:Funny, but true by Sycraft-fu · 2009-08-02 11:38 · Score: 1
  
  This is just a text file with things in the form of site: password. I don't generally have a lot of trouble remembering my passwords, this is just kinda an emergency backup. Mostly it is for passwords at work, in particular old ones. It seems like there's always a few systems that manage to get overlooked when a password change happens. So I have a list of the older ones on my key.
  The key itself is then encrypted with a password I use a lot so I'm not very likely to forget it.
  Seems to work well for me. For the most part, the key just sits around. There's no worry about a hacker getting it since it isn't connected to my computer. If someone burglarized my house, well again no worries since it is encrypted (they'd probably just format it, thinking it was bad).
  Basically it keeps the passwords safe against any realistic scenarios I can think of.
Your computer is stoned... historical reference by argent · 2009-08-01 14:44 · Score: 2, Informative

One of the first MBR-infecting virused was "Stoned".
Wikipedia entry.
1. Re:Your computer is stoned... historical reference by AnonymousIslander · 2009-08-01 18:04 · Score: 1
  
  One of the first MBR-infecting virused was "Stoned".
  Wikipedia entry.
  You must be stoned too, link already posted earlier... marijuana affects the memory... :-)
2. Re:Your computer is stoned... historical reference by argent · 2009-08-01 23:57 · Score: 1
  
  Just following Taco's lead.
Re:Is this really surprising? by mlts · 2009-08-01 15:25 · Score: 1

One thing you can do with TrueCrypt, if a person fears compromise of a MBR:
Boot from the CD image that TrueCrypt forces one to make (unless they RTFM and explicitly run the TrueCrypt Format utility, telling it not to make the image.)
This way, a corrupted or tampered with MBR is completely bypassed, and the user has the option to overwrite it with the MBR image from the boot CD.
Another idea: by Futurepower(R) · 2009-08-01 15:35 · Score: 1

* If your laptop will be in the possession of someone else for a while, such as in airline baggage, take out the hard drive, wrap it with thin anti-static foam, and put it in your pocket.
1. Re:Another idea: by John+Hasler · 2009-08-02 06:34 · Score: 1
  
  > ...take out the hard drive, wrap it with thin anti-static foam, and put it in
  > your pocket.
  And then try to get through security.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:Another idea: by enoz · 2009-08-02 13:45 · Score: 1
  
  Easy. I've taken hard drives through security, it's even easier than taking a whole laptop through security.
  OTOH who would be crazy enough to put their laptop in checked baggage? You've seen what they do to guitars...
Re:LFP is doomed by Anonymous Coward · 2009-08-01 15:37 · Score: 1, Interesting

You replied, off-topic, to the first off-topic post, which was also a troll, over ten minutes after this and this top-level ones, which coincidentally say the exact same thing as yours.
It didn't take ten minutes to type that, didn't it?
It's really sad that your karma whoring works.
Ya know... by Anonymous Coward · 2009-08-01 15:39 · Score: 2, Informative

I know of government agencies that use full-disk encryption (e.g. Safeboot) on all everyday work computers, yet still don't allow the computers to be taken on international trips for exactly this reason. They use temporary-use laptops that get wiped upon returning home.

Full-disk encryption is designed to stop a thief who steals a computer from getting more than the hardware, and it's designed to keep a misplaced laptop with important data from becoming a headline. It's not designed to be the first and last word in security.

The problem of physical compromise of a machine leading to data compromise isn't limited to Truecrypt; there is no particular weakness of Truecrypt being described. It's a fundamental problem of the way commodity PC's are designed, and physical access. Indeed, it may be intrinsic to ALL computers (but the commodity stuff is likely quicker to compromise, simply because it's a known quantity for which you can prepare).
If it's that important you should use hardware by Thaidog · 2009-08-01 15:55 · Score: 1

There at least a few SAS drives on the market that use hardware encryption baked right in to the drive's on-board controller. Probably faster too but more expensive.

--
||| I still can't believe Parkay's not butter.
Re:Is this really surprising? by The_mad_linguist · 2009-08-01 17:07 · Score: 1

1)Transcribe keystrokes
2)?????
3)Profit
Re:Oblig - $5 wrench to the shins by grikdog · 2009-08-01 17:08 · Score: 2, Informative

I like the $5 wrench applied to shins idea, but fortunately TrueCrypt can do entirely without passwords in the conventional sense. Just copy a couple k of junk from /dev/urandom to your USB flash drive and name it Fred. When you create a TrueCrypt volume, use keyfiles and point to the aforementioned Fred on the USB flash drive; you can leave the password blank or trivial. Be sure not to automate a turnkey system — you want to manually point at Fred each and every time you open your encrypted volume.

Don't lose the USB flash drive. In case of emergencies, smash it. The advantage is, you have NO idea at any time what your "key" is, but it's very good.

--
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Re:LFP is doomed by node+3 · 2009-08-01 17:40 · Score: 4, Funny

This sure is a big hit on the Linux for Pedophiles distro.
What part of "insert itself between the Windows calls and TrueCrypt" did you miss?
Maybe that's what he calls Windows?
Re:Solution: boot from USB key? by mr+exploiter · 2009-08-01 18:37 · Score: 1

This is like cheating... if you secure your usb but not your laptop you deserve to be hacked. But yes it'd work.
It's a reference to the Stoned virus of DOS days by dido · 2009-08-01 18:52 · Score: 1

The name just seems to show that Mr. Kleissner has a sense of history. One of the old MBR viruses that used to plague systems in the days of MS-DOS was known as the Stoned MBR and from reading the article it seems that Mr. Kleissner's technique operates much the way that virus once did, by gaining . The marijuana references come from the original virus, which contained the phrase 'Your PC is now stoned! Legalise marijuana!'

--
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Re:Is this really surprising? by flydpnkrtn · 2009-08-01 19:10 · Score: 1

Re: "never give blackhats physical access to hardware" - quite often the whole point of drive encryption is to prevent data leakage when a laptop is stolen. Sometimes blackhats having physical access to the hardware is part of the design

--
Here's to the crazy ones
Timing attacks? by wirelessbuzzers · 2009-08-01 19:42 · Score: 1

I'm somewhat surprised that there are no published timing attacks against TrueCrypt's AES implementation. Attacks against 128-bit AES are certainly easier, but there's a public attack that breaks Linux's dm-crypt in 65ms of testing and 3s of computation, and 256-bit AES shouldn't be immune.
Those attacks shouldn't require admin privileges.

--
I hereby place the above post in the public domain.
1. Re:Timing attacks? by myforwik · 2009-08-01 20:20 · Score: 1
  
  The attack broke one or two rounds, not the 10/14 rounds required to break AES as it is used in normal implementations.
This doesn't even sound like it 'bypasses' TC? by JSBiff · 2009-08-02 00:37 · Score: 1

The article headline says this bootkit 'bypasses' TC encryption, but it doesn't appear to do that at all, as far as I can tell? Am I mis-reading the article, or is this simply describing software that runs *along side* of truecrypt, and after the user loads truecrypt and provides the password to decrypt the hard drive to truecrypt, this software simply uses truecrypt to access the hard drive like *ANY OTHER PROGRAM*? It's like saying Microsoft Word "bypasses truecrypt encryption" because Word is able to access your unencrypted Word docs after you've decrypted them with truecrypt?
Truecrypt was never designed to stop malware/trojans/viruses from being able to be active with Windows, and I wouldn't expect it to be able to stop them. It's like blaming Truecrypt because you opened an email attachment called anna_kournikova_sex_video.exe and got infected with a keylogger or something.
Backdoor if you forget your TrueCrypt password? by RubberDogBone · 2009-08-02 01:50 · Score: 1

Does this offer a backdoor opton for people who forget or lose their TrueCrypt password? In my early computing days, I once lost a PGP password -it was really good and of course never written down because that wouldn't be secure- and lost the affected files. That has made me wary of running TC at boot. Of course a back way in means it's not exactly secure.

--
Sig for hire.
Since when ... by lbalbalba · 2009-08-02 06:36 · Score: 1

Was TrueCrypt all of a sudden supposed to be a virus scanner or malware remover ?
Re:Is this really surprising? by maxwell+demon · 2009-08-02 09:19 · Score: 1

...
* look inside your computer once in a while
...
For WHAT?!?!? Gnomes transcribing your keystrokes?
Well, it may be KDEs instead. :-)

--
The Tao of math: The numbers you can count are not the real numbers.
Comment removed by account_deleted · 2009-08-02 09:34 · Score: 1

Comment removed based on user account deletion
Boot from a CD by Futurepower(R) · 2009-08-03 07:51 · Score: 1

* Obviously you must take your hard drive out of your pocket when you go through security.

* Also, it is necessary to boot from a CD. I'd like to see more information about that. Is it possible to get normal Windows started when booting from a CD?
Then Wrath0fB0b's argument still stands. by dbjh · 2009-08-11 05:14 · Score: 1

If you don't agree, please come up with some more convincing argument. Besides, they were not having some "issues", they never got where they wanted to get.