Slashdot Mirror
Bootkit Bypasses TrueCrypt Encryption
mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."
So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.
I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.
Kind of "duh" story if you ask me.
The ratio of people to cake is too big
And, is it true we are screwed?
You were always screwed if you don't have your machine physically secured. There's really nothing new here other than an interesting implementation of a concept that's been around for awhile. If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
TFA has a very good point -- unless you (cryptographically) trust the components of your system all the way down to the hardware itself, you can get pwned by an attack like this. You can regularly do all-the-way-to-the-firmware scrubs of your machine as damage-control, but the only real prophylactic is some form of trusted computing.
Of course, I'm not really dying to jump on the TPM bandwagon, given the sponsors, but it sure would be nice if there was an openly-audited trusted computing module.
it's more of a "man in the middle" sort of thing and it by itself does not "break" the encryption.
Think of it as a keylogger for your hard drive.
No matter how complex and secure an encryption method is, if you can steal the password (or key), yea...you get the idea.
In that sense, the title, summary, and the title of the article in question is misleading as it doesn't really bypass any encryption but rather daisy-chains itself into the process (so once you enter a password/key, it can capture it).
I can't tell what's supposed to be interesting or spectacular about this. It's a standard rootkit with MBR support along with some special hooks for truecrypt. It won't let anybody read an encrypted truecrypt volume unless you enter the password... And if you do enter the password on an owned computer it's not like trucrypt is going to help you anywhere. If you unlock the volume any malware can grab all the data it wants through the usual calls and hooks. It doesn't seem especially advanced compared to many of the rootkits out there.
If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
But that's the entire point of System Encryption right there! Someone gains physical access to your machine and they still can't do squat to read the contents (short of beating you with a hose to get the password or spending serious supercomputer time). System Encryption was designed for precisely this application.
This nice little trick here gives them a third option -- install malware at the BIOS level while leaving TrueCrypt unchanged so as to give you the illusion of safety while they read your mail/keystrokes/whatever. If I were the Border Patrol, I would consider a tool that automates the installation of this tool to be a very worthy investment.
In short, he's exploiting the fact that encryption and authentication are two very different things. TrueCrypt can assure you that you data are unreadable without the key but cannot authenticate the MBR as being genuine. For that, you need some form of trusted computing, the mention of which never goes well.
How does this, in any way shape or form, "break" Truecrypt? Now maybe I misunderstand how it works, since the information is not presented in a clear manner and the author is letting ego get in the way of good writing, but more or less it looks like he has a way to get in to the system at a low level. Ok, great, that does NOTHING to break the encryption. I see nothing in here about managing to get data out of a Truecrypt drive/volume without knowing the key. So what's the big deal?
I mean yes, you could use said malware to log the password. Well guess what? If you've physical access to the system, you don't need software for that. A hardware keylogger would achieve the same thing, or maybe a camera over the shoulder or maybe a tempest attack. The point is if you have physical access to the system, there is little someone can do to keep you from bugging said system.
What Truecrypt is intended to deal with is someone nabbing your system and getting data, and I see no break in that regard. If you encrypt your laptop's harddrive to ensure that nobody gets your data, and somebody steals you laptop, this doesn't help them. For it to help them they'd have to get your laptop, bug it, get it back to you such that you didn't notice, wait for you to use it, then steal it again so they could get the password.
I just fail to see how this is news here. If there is something I'm missing, by all means I'd be interested in knowing.
Tell that to the doctor in the emergency room when he needs to look up your patient records to decide if it's safe to administer a drug to you.
...
* look inside your computer once in a while
For WHAT?!?!? Gnomes transcribing your keystrokes?
Replacing software security with hardware security only moves the attacks from software to hardware.
It's much harder to compromise a cryptographic key that is burned into a piece of silicon (think millions for a scanning electron microscopy setup and many hours) than it is to attack software.
See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.
Different security situation in those, since you need the person to be able to decrypt the content in order to play the game. By contrast, a TPM-based setup needs only to confirm that the BIOS and MBR match a specific hash and then pass along control to the (now verified) boot loader or, failing that, draw a red screen.
Funny, also, that you didn't mention the PS3, which has real hardware crypto and is remains uncracked. Oh well, pick and chose, right?
Incidentally, the Xbox360 "hack" is based on replacing the firmware on the DVD player to lie to the OS about the disk. Doesn't that sound familiar somehow?
Giving someone physical access to your machine is the equivalent of losing it and recovering it later, and encryption was never about this case!
Encryption is meant to prevent data release with such a loss, but does nothing much to guarantee integrity of the system after recovery. It does not provide a tamper-evident nor tamper-proof system, since tampering can occur outside the encrypted content. Also, encryption itself does not even provide tamper-proofing for the encrypted volume! It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem. You would need additional checksums or other integrity-checks to actually detect such damage.
If someone can gain physical access to your machine then it's effectively game over.
If that was the case, what would be the point of disk/partition encryption in the first place?
http://xkcd.com/538/
Is this type of attack only limited to trucrypt or can it affect other product?
From what I understand it could potentially affect other products unless they (properly) use TPM to avoid this kind of attack by checking MBR against a checksum.
is there a way to prevent it?
Get a mac! Not trolling, from TFA: "The attack is unsuccessful when the BIOS successor the Extensible Firmware Interface (EFI) is at work on the motherboard." AFAIK Apple are the only vendor using EFI on their entire range at the moment. I guess mounting everything read-only, or using a BSD with the file immutable bit set on all system files would work too.
If all else fails, immortality can always be assured by spectacular error.
This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.
All disk encryption can accomplish is:
1. If someone steals the system while off or locked and does not already have the key they can't get the data
2. The system cannon be modified offline with out the key
It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.
Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It just makes it infeasible to inject known plaintext into the real filesystem, but someone can simply corrupt the ciphertext image and therefore corrupt the real filesystem.
If you were able to do several lunch-time attacks over time, you might also be able to do 'traffic analysis' to figure out which files were system files, correlate that with a security update, then replace the updated software with an older, vulnerable version by re-writing old ciphertext. This would be particularly easy if, for example, /home is mounted on a different encrypted volume than /usr.
http://outcampaign.org/
I'm not so sure a mac is the answer. With a mac, you can just install the code in the keyboard and grab the keys directly.
You're absolutely right. Strangely, none of those links led to Peter Kleissner's web page.
Check out the comments. Some of the visitors are flaming him pretty hard, but he's just a kid with amazing skills and (understandably) very little historical knowledge. Luckily, Christian politely points out that his attack serves to "... alert many people who think they made their PC secure by installing TrueCrypt and still keep working with an admin account where they should not. You prove that a security policy is indispensable, because admin privileges will give malicious software the ability to tamper with the installed security software."
This exploit really is more comparable to a software keylogger. It lies between OS and Truecrypt Bootloader, catching the disk access requests.
For infection, you need admin rights on the running machine (TFA says so).
So, with the full system encryption, you are of course safe. This is just a way of listening to Truecrypt requests.
Kudos to Peter, hope to meet him in the Metalab sometime.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
If you mod me down, I will become more powerful than you can imagine....
The perp won't be able to read the data, unless he installs this rootkit, returns your PC and then steals it again to read the keylogger info.
Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
Free Manning, jail Obama.
Password protect the BIOS, disable post-boot BIOS flashing, and only boot from a CD that you carry with you at all times. That's a pretty effective way to get rid of software only attacks. Once the hardware is involved (which includes vulnerabilities that allow flashing the BIOS after it's booted or without a password), you're screwed.
Encryption is to prevent your data from escaping if someone stole your laptop. It however will NOT prevent the thief from installing a keylogger(which is what TFA is basically describing) which can then be used to discover your passphrase and eventually gain access to the system.
If you lose a laptop and then recover it, you can be fairly certain that your data was never leaked but you cannot be certain that someone didn't tamper with your system so they could steal the data later. At that point the best you could do would be mount the volume on a completely different system and move any data you hadn't already backed up, then wipe the drive/bios fully..though after yesterday's article about the BIOS "rootkit" that is Computrace, I'd be wary of the hardware at that point.
0x09F911029D74E35BD84156C5635688C0
So let me get this straight...if a program lodges itself into the bios and intercepts disk calls above an encryption layer and can intercept the data, that is in and of itself newsworthy?
Ok, I though it was like "The government can wiretap your phone by standing in your kitchen while you're talking."
Please....this is unworthy of any attention. Everyone knows that a compromised system is not secure. Was this ever in question? Take your 15 minutes of fame, and go....
Things like encryption are to protect against normal problem, like losing a device with important data, not to protect against a determined adversary that wants your particular stuff.
For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot. It is a USB stick, since I don't want to keep something like that on my computer which is always networked. While I think I have good security, there's always a chance someone owns my computer and I don't notice. So, best not to keep passwords on it. It is encrypted in case I ever lose it, or it gets stolen. That way, the person who has it can stumble across the password text file.
That is what it is to protect against: Normal ways that someone might happen across my passwords. It is not a protection against everything. If someone really wanted my passwords, they could just hold a gun to my head, I'd give them what they wanted. Nothing I have is worth dying for. As such, no amount of protection would keep it safe. I don't bury my key in a hidden location, I don't keep its existence a secret, etc. Reason is none of that would matter since anyone willing to go to the lengths necessary to get at it, would be willing to go to the lengths to get at me and make me give up my passwords.
Full disk encryption isn't for universal protection, it is for protection against laptop theft. For example at work we used to have an idiot in charge of, among other things, issuing codes for the doors. Our doors have electronic keypad locks as well as physical locks. Ok so idiot didn't keep this data on the central servers. He didn't trust it there. He instead kept it on his laptop. Well, his laptop then got stolen, and the data wasn't encrypted. That was a lot of fun, we got to change all the door codes. Had he encrypted his disk, this wouldn't have been a problem. The crook wasn't trying to get our door codes, they were just stealing a laptop.
One of the first MBR-infecting virused was "Stoned".
Wikipedia entry.
Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
Sorry. Wiping the system will do nothing if the malware is installed in the BIOS. And it will do nothing to protect you from hardware keyloggers. Also, recall the story earlier today about tampering with the flash memory in keyboards.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
I know of government agencies that use full-disk encryption (e.g. Safeboot) on all everyday work computers, yet still don't allow the computers to be taken on international trips for exactly this reason. They use temporary-use laptops that get wiped upon returning home.
Full-disk encryption is designed to stop a thief who steals a computer from getting more than the hardware, and it's designed to keep a misplaced laptop with important data from becoming a headline. It's not designed to be the first and last word in security.
The problem of physical compromise of a machine leading to data compromise isn't limited to Truecrypt; there is no particular weakness of Truecrypt being described. It's a fundamental problem of the way commodity PC's are designed, and physical access. Indeed, it may be intrinsic to ALL computers (but the commodity stuff is likely quicker to compromise, simply because it's a known quantity for which you can prepare).
Just boot from a CD rom. Infact forget the hash, just boot from the truecrypt rescue disk every time which restores your MBR.
I like the $5 wrench applied to shins idea, but fortunately TrueCrypt can do entirely without passwords in the conventional sense. Just copy a couple k of junk from /dev/urandom to your USB flash drive and name it Fred. When you create a TrueCrypt volume, use keyfiles and point to the aforementioned Fred on the USB flash drive; you can leave the password blank or trivial. Be sure not to automate a turnkey system — you want to manually point at Fred each and every time you open your encrypted volume.
Don't lose the USB flash drive. In case of emergencies, smash it. The advantage is, you have NO idea at any time what your "key" is, but it's very good.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
This sure is a big hit on the Linux for Pedophiles distro.
What part of "insert itself between the Windows calls and TrueCrypt" did you miss?
Maybe that's what he calls Windows?
I think you are overestimating how difficult is implementing this... I think that what he did is about the same difficult of what you'd expect in a BS level Operating System homework... and he would get an F for not understanding what are the limits of what encryption provides. And he talks like a pompous ass-hat.
Yes, it's a typical MITM attack.
As Trucrypt presents it's drives as block devices to the OS, this BIOS-level Trojan is equivalent to a typical OS-level Trojan.
i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
Decent defense against keyloggers etc.: Do not let anyone compromise your machine. It boils down to this; even with "authenticated" hardware there's always a step that is not authenticated. As long as you don't let anyone tamper with your machine, you're safe.
And if you do think your hardware has been compromised, there are ways to attempt an offline recovery of data so that the attacker never knows you have decrypted your system and gotten the data out. Physically destroy the machine afterwards, to be sure.