Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Encryption Privacy

Bootkit Bypasses TrueCrypt Encryption 192

mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."
This discussion has been archived. No new comments can be posted.

Bootkit Bypasses TrueCrypt Encryption

Comments Filter:
  • Uh, what? (Score:5, Interesting)

    by Cthefuture ( 665326 ) on Saturday August 01, 2009 @07:52PM (#28912893)

    So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.

    I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.

    Kind of "duh" story if you ask me.

    • Re: (Score:3, Interesting)

      by The MAZZTer ( 911996 )
      Well, I assume the entire system is encrypted, in which case there'd be little you COULD do except trick the user into giving you their decryption key.
    • I think you misunderstand... the entire volume is presumed to be encrypted by TrueCrypt, so the assumption is that the data on the machine is safe, even if the entire machine is stolen (such as the case with a laptop)

      The thinking is that yes, you could boot to a LiveCD on the stolen laptop and try to e.g. mount the NTFS volume on the machine, but with the entire volume encrypted you wouldn't be able to get any meaningful data off the machine

      This isn't a "duh" story, because if you're able to steal a laptop

      • I think you need to read the article again. This doesn't bypass TrueCrypt's security. If you steal the computer you can't use this technique to get at the encrypted data. This attack needs the person to enter their password to decrypt the volume.

        I think the only presumption is that for some reason people think someone can't install anything on their computer just because the entire drive is encrypted. That logic is flawed because there is still plenty of unencrypted code that must be run to bootstrap th

  • by Wrath0fb0b ( 302444 ) on Saturday August 01, 2009 @08:03PM (#28912943)

    TFA has a very good point -- unless you (cryptographically) trust the components of your system all the way down to the hardware itself, you can get pwned by an attack like this. You can regularly do all-the-way-to-the-firmware scrubs of your machine as damage-control, but the only real prophylactic is some form of trusted computing.

    Of course, I'm not really dying to jump on the TPM bandwagon, given the sponsors, but it sure would be nice if there was an openly-audited trusted computing module.

    • Re: (Score:3, Insightful)

      by Nerdfest ( 867930 )
      TFA mentions Windows BitLocker as being effective at detecting this as it creates a hash of the MBR. Any Linux alternatives for this sort of functionality?
      • by Wrath0fb0b ( 302444 ) on Saturday August 01, 2009 @08:18PM (#28913057) []

        Linux has had kernel level support for TPM for a while but most F/OSS developers have an intrinsic aversion to the concept (as I said in the GP, the identity of the TPM principals doesn't exactly give me a lot of confidence) so it's not widely used as far as I can tell.

        A wonderful response from the F/OSS community would be to build a version of TrueCrypt that uses TPM to authenticate the BIOS and MBR against the known good versions.

        • TPM is only good if you trust it to be secure. I think the issue a lot of F/OSS people have is that you are taking Intel's word for the security of the TPM.

          • Re: (Score:3, Informative)

            by mlts ( 1038732 ) *

            I have seen implementations that use the TPM chip offer additional functionality so the chip can be part of the boot process. PGP allows one to use both the TPM chip and a passphrase for booting, so if the TPM chip does get compromised, it will not do an attacker much good.

            BitLocker allows one to use a USB flash drive as well as a TPM, XORing the keyfile and the TPM's sealed key to obtain the final volume decryption information. This way, an attacker would have to not just be able to physically attack the

          • That's valid to a point, but ultimately anything that's been devised thus far can be cracked an exploited, the whole point of encryption is to make the process take so ungodly long that the utility of the information to the attacker is eliminated.

            Which doesn't necessarily mean that you need the highest bit rate for every task, if you're just wanting to secure a connection for a OTP the amount of encryption is pretty minimal, if you're needing to use the same cert for many connections then you'd want and
        • by mlts ( 1038732 ) * on Saturday August 01, 2009 @11:06PM (#28913727)

          The tools are there (tboot, TrouSers). What is missing is a gestalt "stack", where an admin can configure a distro to "seal" the hash of various parts of the boot process in the TPM (MBR, boot sector, BIOS, kernel, RAMdisk image), then encrypt the rest of the machine. Then, at boot, it would boot to the ramdisk filesystem, ask the TPM for the key, and if the image has not been tampered with, the TPM will hand the key over, and the boot process continues.

          One thing that isn't discussed (which is important) is a facility for recovering the encrypted data should the TPM be off or erased. BitLocker handles this fairly gracefully by saving a keyfile to a USB flash drive, or allowing the user to print out a sequence of numbers with the recovery key. BitLocker also allows saving of the recovery key to Active Directory, ensuring that corporate IT has recovery access (which is required by law in a number of cases). Finally, for home users, BitLocker allows use of offsite storage for the recovery information.

          Another option to implement a means of recovery is to have a recovery passphrase. PGP is a product that allows this, where one can boot from a TPM, but if that is unavailable, one can type in a previously set passphrase, or a WDRT (whole disk recovery token, which is a challenge/response system).

          This functionality will have to be implemented distribution by distribution, as there isn't a standardized set of tools. Perhaps one thing that should be designed would be a standard for implementation across distros.

    • If you have a trusted BIOS and OS that doesn't have security flaws, how can the BIOS get modified? And as far as determining whether you have a compromised BIOS, why can't you just read the BIOS back and verify that it contains what it should?
    • I saw a lengthy video that really went into the depth of it. And the main point was/is, that TPM in itself is a great security concept. It's just that the problem is, that it's controlled by them. And they decided, not to trust you. (As that short video we all know also explains.)

      Luckily, they left a hole in it as big as an asteroid belt: You can change who controls it, and so take back your computer. From then on, you change it so that you are trusted and everything else is not, lock the hole down, and you

    • by trifish ( 826353 )

      TPM will not help you in this case. At all.

      If you can modify the MBR (which this guy has to), you either already have admin rights or physical access to the machine.

      If you have admin rights, you can reset the TPM or do just about anything (save snapshots of RAM, where the decrypted plaintext, and master key are). If you have physical access you can do just about anything top (install a key logger, take snapshots of RAM, replace the Bitlocker bootloader with a fake one that will accept your password and fals

  • man in the middle (Score:5, Informative)

    by MoFoQ ( 584566 ) on Saturday August 01, 2009 @08:10PM (#28912997)

    it's more of a "man in the middle" sort of thing and it by itself does not "break" the encryption.

    Think of it as a keylogger for your hard drive.
    No matter how complex and secure an encryption method is, if you can steal the password (or key), get the idea.

    In that sense, the title, summary, and the title of the article in question is misleading as it doesn't really bypass any encryption but rather daisy-chains itself into the process (so once you enter a password/key, it can capture it).

    • by Tuoqui ( 1091447 )


      This 'attack' can only work if the person compromised the machine, waited for you to log in and then stole it or compromised it again.

      For all intents and purposes your typical street level thug swiping a laptop laying around it keeps them from accessing your shit.

  • by pehrs ( 690959 ) on Saturday August 01, 2009 @08:10PM (#28913003)

    I can't tell what's supposed to be interesting or spectacular about this. It's a standard rootkit with MBR support along with some special hooks for truecrypt. It won't let anybody read an encrypted truecrypt volume unless you enter the password... And if you do enter the password on an owned computer it's not like trucrypt is going to help you anywhere. If you unlock the volume any malware can grab all the data it wants through the usual calls and hooks. It doesn't seem especially advanced compared to many of the rootkits out there.

    • Re: (Score:3, Insightful)

      Agreed; I'm more worried about tiny pinhole cameras watching my keystrokes, that RF keylogging, or a rubber hose. My crypto has always been to deter the average thief who boots once to look for personal info before selling it online and to prevent other students from pranking me. Against a resourceful attacker you're pretty much screwed anyway.

      My best defense is that the kind of people who /could/ break into my computer have better things to do.

  • Ok I don't get it (Score:5, Insightful)

    by Sycraft-fu ( 314770 ) on Saturday August 01, 2009 @08:19PM (#28913063)

    How does this, in any way shape or form, "break" Truecrypt? Now maybe I misunderstand how it works, since the information is not presented in a clear manner and the author is letting ego get in the way of good writing, but more or less it looks like he has a way to get in to the system at a low level. Ok, great, that does NOTHING to break the encryption. I see nothing in here about managing to get data out of a Truecrypt drive/volume without knowing the key. So what's the big deal?

    I mean yes, you could use said malware to log the password. Well guess what? If you've physical access to the system, you don't need software for that. A hardware keylogger would achieve the same thing, or maybe a camera over the shoulder or maybe a tempest attack. The point is if you have physical access to the system, there is little someone can do to keep you from bugging said system.

    What Truecrypt is intended to deal with is someone nabbing your system and getting data, and I see no break in that regard. If you encrypt your laptop's harddrive to ensure that nobody gets your data, and somebody steals you laptop, this doesn't help them. For it to help them they'd have to get your laptop, bug it, get it back to you such that you didn't notice, wait for you to use it, then steal it again so they could get the password.

    I just fail to see how this is news here. If there is something I'm missing, by all means I'd be interested in knowing.

    • by Wrath0fb0b ( 302444 ) on Saturday August 01, 2009 @09:00PM (#28913267)

      How does this, in any way shape or form, "break" Truecrypt?

      It breaks the unspoken (and totally unwarranted & incorrect) assumption that TrueCrypt not only encrypts but also authenticates.

      This is not "breaking" TrueCrypt since they never claimed to authenticate the MBR/BIOS against this sort of attack. That's what's somewhat clever about it -- it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.

      • Re: (Score:3, Informative)

        by CodeBuster ( 516420 )

        TrueCrypt not only encrypts but also authenticates.

        As far as I know, TrueCrypt has never made any claims about authentication. They promise quality encryption, nothing more and nothing less. Everyone who knows anything about security knows that encryption and authentication are separate issues; although they may be combined in a particular system as they are in certificates and public-key cryptography.

        One interesting thing to note are the recent higher quality attacks on 10 round AES, as discussed here [] on /. TrueCrypt defaults to 256 bit AES for the default

        • Re: (Score:3, Informative)

          by nedlohs ( 1335013 )

          No, for two reasons.

          1. truecrypt doesn't use related keys for encrypting different things, so there's no known plaintexts with which to perform that attack.

          2. 10 round 256 bit AES is less secure than 128 bit AES in cases for which that attack applies. But AES-256 is defined to use 14 rounds so that attack only works against bizarre implementations that decided to be incompatible with the rest of the world and to ignore the security advice of the AES designers. There are approximately 0 such uses of AES.

      • by trifish ( 826353 )

        it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.

        No security software can "handle" attacks when the attacker has admin privileges or physical access to the machine (i.e. root access), which is the case here.

        In case you thought TPM would help, then, no it wouldn't [].

        This is nothing more than stupid nonsense created by a random teenager, who obviously knows nothing about security.

    • by brunes69 ( 86786 )

      What if someone (say, a government agency) does not steal your laptop, but instead, infects it with this compromised BIOS, then just puts it back?

      Then just let you run it awhile oblivious, *THEN* later on seize it? You think you're protected, but surprise, you aren't.

      It is a lot easier to detect a hardware keylogger or secret camera, than an infected BIOS, unless you are super paranoid.

      • by JordanL ( 886154 )
        Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.

        • Re: (Score:3, Informative)

          by brusk ( 135896 )

          Theoretically, in that case, you'd be protected by entrapment laws, the fifth amendment, and due process.

          Uhhh....No. This is no different from a wiretap (assuming a judge authorized it, of course). It has nothing to do with entrapment or the fifth amendment, any more than an FBI bug on a phone line does. As for due process, see the part about a judge issuing a warrant. The fact that you thought it was perfectly safe don't enter into it.

          • by JordanL ( 886154 )
            The presumption that the parent post was going under was that the bug was implanted before information was collected... In other words they put in the kit, then go get a warrant for the computer, then the information is readable under their warrant.

            My point was actually your point: they would have to have a warrant first, otherwise the only two ways to implant the bug would be getting you to do it for them (entrapment) or doing it themselves (due process).
            • Please point where the "get a warrant later" part is in that post.

              Since all I can see in it is that instead of taking the laptop they put this bios on it and take it later. Nothing about putting the bios on it being done under different circumstances than the original taking (which once upon a time would have needed a warrant then and there).

        • Wrong, that's not entrapment. Entrapment is tricking somebody into committing a crime so that you can arrest them for that. This isn't really any different than when the FBI breaks into the home of a suspected mafioso and installs a hardware key logger or remotely installs a trojan. The person will commit or not commit crimes as if the investigation weren't taking place and as such there would be no entrapment.
      • That seems extremely far fetched for one, but then even if you believe it is the case, what good would it do to fix? When you talk about a government agency, you are talking about someone with essentially unlimited resources. So they have plenty of options. Like I said, there's tempest. They monitor your computer remotely. I've no idea how well it works enough in reality, but it works well enough in theory that intelligence agencies shield against it. Or maybe they simple rewrite the Truecrypt bootloader, a

      • by Kythe ( 4779 )
        If you're facing an entity with the resources of a government who is investigating you over time without your knowledge, you're probably not going to come out on top. Commodity PC hardware just isn't designed to resist that kind of thing, thus, Truecrypt can't be designed to resist it. I would imagine the same goes for Safeboot and all the other full-disk encryption programs out there.
  • As usual secrets are best kept in brain case as anyone who physically gets a hold of your truecrypt volume and machine can now insert the bootkit at their leisure and to their pleasure.

    So we're back to physical control of memory to keep secrets.

    • Re: (Score:3, Insightful)

      by FranTaylor ( 164577 )

      Tell that to the doctor in the emergency room when he needs to look up your patient records to decide if it's safe to administer a drug to you.

      • Ok, so how would having all your medical records encrypted on a key dongle memory stick help you there? The doc would be waking you up saying what's your password dude your life depends on it... the only problem is that you're incoherent from all the partying you did the night before and blerble out nonsense that didn't work anyhow. I guess your lucky since your doctor happens to read slashdot and saw the above article about breaking truecrypt volumes and he compiled the hackers bootkit and installed it and

        • Why don't you read the comment that I was responding to:

          "As usual secrets are best kept in brain case"

          I was asserting the falsehood of that statement., not shilling for USB key dongles.

          • That's funny, I wrote the comment you were responding to!

            Your case for the falsehood of the statement was rejected since it was based upon bad logic.

    • by DarkOx ( 621550 )

      I just come back to what my mother told me once. "If you don't want someone else to read it never write it down"

  • by ledow ( 319597 )

    If you give your PC to someone, with the capability to modify the innermost workings of the boot sectors, and then log into the PC indiscriminately without verifying that the boot sectors, etc. haven't been modified, it's possible that the password you typed on the keyboard etc. could be captured and then used later (assuming the rogue software would also have the capability send that password to the attacker and/or for the attacker to AGAIN gain physical access to the PC after you've typed in the password

  • Oblig (Score:5, Funny)

    by ParanoiaBOTS ( 903635 ) on Saturday August 01, 2009 @08:51PM (#28913237) Homepage
    • Funny, but true (Score:3, Interesting)

      by Sycraft-fu ( 314770 )

      Things like encryption are to protect against normal problem, like losing a device with important data, not to protect against a determined adversary that wants your particular stuff.

      For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot. It is a USB stick, since I don't want to keep something like that on my computer which is always networked. While I think I have good security, there's always a chance someone owns my computer and I don't

      • For example I have an encrypted USB stick who's function is to hold my passwords, in particular the ones I don't use a lot.

        A better and easier method for storing stuff like that is to use GPG/PGP.

        Create a text file for the site / server name. Copy your authentication information (be verbose...) into the clipboard and encrypt with PGP/GPG. Paste the encrypted ASCII text block into the text file.

        The big advantage here is that text files are dirt simple to backup (you could even email them) and your m
    • I like the $5 wrench applied to shins idea, but fortunately TrueCrypt can do entirely without passwords in the conventional sense. Just copy a couple k of junk from /dev/urandom to your USB flash drive and name it Fred. When you create a TrueCrypt volume, use keyfiles and point to the aforementioned Fred on the USB flash drive; you can leave the password blank or trivial. Be sure not to automate a turnkey system — you want to manually point at Fred each and every time you open your encrypted volume.
  • by DarkOx ( 621550 ) on Saturday August 01, 2009 @09:41PM (#28913453) Journal

    This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.

    All disk encryption can accomplish is:
    1. If someone steals the system while off or locked and does not already have the key they can't get the data
    2. The system cannon be modified offline with out the key

    It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.

    Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.

  • by DamnStupidElf ( 649844 ) <> on Saturday August 01, 2009 @10:07PM (#28913553)

    Password protect the BIOS, disable post-boot BIOS flashing, and only boot from a CD that you carry with you at all times. That's a pretty effective way to get rid of software only attacks. Once the hardware is involved (which includes vulnerabilities that allow flashing the BIOS after it's booted or without a password), you're screwed.

  • by Anonymous Coward

    So let me get this straight...if a program lodges itself into the bios and intercepts disk calls above an encryption layer and can intercept the data, that is in and of itself newsworthy?

    Ok, I though it was like "The government can wiretap your phone by standing in your kitchen while you're talking."

    Please....this is unworthy of any attention. Everyone knows that a compromised system is not secure. Was this ever in question? Take your 15 minutes of fame, and go....

  • One of the first MBR-infecting virused was "Stoned".

    Wikipedia entry. []

  • Ya know... (Score:2, Informative)

    by Anonymous Coward
    I know of government agencies that use full-disk encryption (e.g. Safeboot) on all everyday work computers, yet still don't allow the computers to be taken on international trips for exactly this reason. They use temporary-use laptops that get wiped upon returning home.

    Full-disk encryption is designed to stop a thief who steals a computer from getting more than the hardware, and it's designed to keep a misplaced laptop with important data from becoming a headline. It's not designed to be the first and
  • I'm somewhat surprised that there are no published timing attacks against TrueCrypt's AES implementation. Attacks against 128-bit AES are certainly easier, but there's a public attack that breaks Linux's dm-crypt in 65ms of testing and 3s of computation, and 256-bit AES shouldn't be immune.

    Those attacks shouldn't require admin privileges.

  • Does this offer a backdoor opton for people who forget or lose their TrueCrypt password? In my early computing days, I once lost a PGP password -it was really good and of course never written down because that wouldn't be secure- and lost the affected files. That has made me wary of running TC at boot. Of course a back way in means it's not exactly secure.

I am more bored than you could ever possibly be. Go back to work.