Bootkit Bypasses TrueCrypt Encryption 192
mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."
Re:Do I need to prepare? (Score:4, Informative)
And, is it true we are screwed?
You were always screwed if you don't have your machine physically secured. There's really nothing new here other than an interesting implementation of a concept that's been around for awhile. If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
man in the middle (Score:5, Informative)
it's more of a "man in the middle" sort of thing and it by itself does not "break" the encryption.
Think of it as a keylogger for your hard drive.
No matter how complex and secure an encryption method is, if you can steal the password (or key), yea...you get the idea.
In that sense, the title, summary, and the title of the article in question is misleading as it doesn't really bypass any encryption but rather daisy-chains itself into the process (so once you enter a password/key, it can capture it).
Re:Do I need to prepare? (Score:5, Informative)
If you care about the privacy of your information then your PC had better be secured at least as well as you would secure your other valuables. If someone can gain physical access to your machine then it's effectively game over.
But that's the entire point of System Encryption right there! Someone gains physical access to your machine and they still can't do squat to read the contents (short of beating you with a hose to get the password or spending serious supercomputer time). System Encryption was designed for precisely this application.
This nice little trick here gives them a third option -- install malware at the BIOS level while leaving TrueCrypt unchanged so as to give you the illusion of safety while they read your mail/keystrokes/whatever. If I were the Border Patrol, I would consider a tool that automates the installation of this tool to be a very worthy investment.
In short, he's exploiting the fact that encryption and authentication are two very different things. TrueCrypt can assure you that you data are unreadable without the key but cannot authenticate the MBR as being genuine. For that, you need some form of trusted computing, the mention of which never goes well.
Re:Much as we hate TPM here on /. (Score:5, Informative)
http://lwn.net/Articles/144681/ [lwn.net]
Linux has had kernel level support for TPM for a while but most F/OSS developers have an intrinsic aversion to the concept (as I said in the GP, the identity of the TPM principals doesn't exactly give me a lot of confidence) so it's not widely used as far as I can tell.
A wonderful response from the F/OSS community would be to build a version of TrueCrypt that uses TPM to authenticate the BIOS and MBR against the known good versions.
Re:TPM Is ***NOT*** the answer. (Score:3, Informative)
Replacing software security with hardware security only moves the attacks from software to hardware.
It's much harder to compromise a cryptographic key that is burned into a piece of silicon (think millions for a scanning electron microscopy setup and many hours) than it is to attack software.
See Nintendo's Wii, Microsoft's XBoxen (both of them), BluRay/HD-DVD and we could go on ad nauseum.
Different security situation in those, since you need the person to be able to decrypt the content in order to play the game. By contrast, a TPM-based setup needs only to confirm that the BIOS and MBR match a specific hash and then pass along control to the (now verified) boot loader or, failing that, draw a red screen.
Funny, also, that you didn't mention the PS3, which has real hardware crypto and is remains uncracked. Oh well, pick and chose, right?
Incidentally, the Xbox360 "hack" is based on replacing the firmware on the DVD player to lie to the OS about the disk. Doesn't that sound familiar somehow?
Re:Do I need to prepare? (Score:5, Informative)
i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
Re:Ok I don't get it (Score:3, Informative)
Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.
Uhhh....No. This is no different from a wiretap (assuming a judge authorized it, of course). It has nothing to do with entrapment or the fifth amendment, any more than an FBI bug on a phone line does. As for due process, see the part about a judge issuing a warrant. The fact that you thought it was perfectly safe don't enter into it.
Your computer is stoned... historical reference (Score:3, Informative)
One of the first MBR-infecting virused was "Stoned".
Wikipedia entry. [wikipedia.org]
Re:Do I need to prepare? (Score:5, Informative)
Easy solution: Wipe the system and restore it from a backup if you suspect your machine has been physically compromised.
Sorry. Wiping the system will do nothing if the malware is installed in the BIOS. And it will do nothing to protect you from hardware keyloggers. Also, recall the story earlier today about tampering with the flash memory in keyboards.
Re:Much as we hate TPM here on /. (Score:3, Informative)
I have seen implementations that use the TPM chip offer additional functionality so the chip can be part of the boot process. PGP allows one to use both the TPM chip and a passphrase for booting, so if the TPM chip does get compromised, it will not do an attacker much good.
BitLocker allows one to use a USB flash drive as well as a TPM, XORing the keyfile and the TPM's sealed key to obtain the final volume decryption information. This way, an attacker would have to not just be able to physically attack the onboard crypto chip (which would require big budget tools in a silicon fab), but also have to get possession of the USB flash drive. At this point, an attacker with deep pockets would likely resort to rubber hose crypto (XKCD link: http://xkcd.com/538/ [xkcd.com]) as opposed to spend the money and resources of a fab to cut into silicon layer by layer to obtain the sealed key.
Ya know... (Score:2, Informative)
Full-disk encryption is designed to stop a thief who steals a computer from getting more than the hardware, and it's designed to keep a misplaced laptop with important data from becoming a headline. It's not designed to be the first and last word in security.
The problem of physical compromise of a machine leading to data compromise isn't limited to Truecrypt; there is no particular weakness of Truecrypt being described. It's a fundamental problem of the way commodity PC's are designed, and physical access. Indeed, it may be intrinsic to ALL computers (but the commodity stuff is likely quicker to compromise, simply because it's a known quantity for which you can prepare).
Re:Ok I don't get it (Score:3, Informative)
TrueCrypt not only encrypts but also authenticates.
As far as I know, TrueCrypt has never made any claims about authentication. They promise quality encryption, nothing more and nothing less. Everyone who knows anything about security knows that encryption and authentication are separate issues; although they may be combined in a particular system as they are in certificates and public-key cryptography.
One interesting thing to note are the recent higher quality attacks on 10 round AES, as discussed here [slashdot.org] on /. TrueCrypt defaults to 256 bit AES for the default algorithm which was among those identified as having a substantially better than brute force attack (although still very impractical) at 2^119 power which is actually worse than using the 128 bit key in AES (which still requires 2^128) so the longer key version of AES is actually weaker now than its shorter 128 bit counterpart (Schneier says that this is mainly due to a poorly designed key schedule in the 256 bit version).
Re:Oblig - $5 wrench to the shins (Score:2, Informative)
Don't lose the USB flash drive. In case of emergencies, smash it. The advantage is, you have NO idea at any time what your "key" is, but it's very good.
Re:Ok I don't get it (Score:3, Informative)
No, for two reasons.
1. truecrypt doesn't use related keys for encrypting different things, so there's no known plaintexts with which to perform that attack.
2. 10 round 256 bit AES is less secure than 128 bit AES in cases for which that attack applies. But AES-256 is defined to use 14 rounds so that attack only works against bizarre implementations that decided to be incompatible with the rest of the world and to ignore the security advice of the AES designers. There are approximately 0 such uses of AES.
Re:Do I need to prepare? (Score:2, Informative)
i'm yet to see a decent defense against keyloggers like this thats acceptable to home users.
Decent defense against keyloggers etc.: Do not let anyone compromise your machine. It boils down to this; even with "authenticated" hardware there's always a step that is not authenticated. As long as you don't let anyone tamper with your machine, you're safe.
And if you do think your hardware has been compromised, there are ways to attempt an offline recovery of data so that the attacker never knows you have decrypted your system and gotten the data out. Physically destroy the machine afterwards, to be sure.