Does Bitlocker Protect Data Exfiltration?

Discussion in 'Software' started by PrivatePile, Dec 24, 2015.

  1. PrivatePile

    PrivatePile Private E-2

    I've setup Bitlocker for work laptops, but our concern there was the laptop getting lost or stolen. If the data was extracted from a Bitlocker encrypted PC via remote access methods such as malware or the "Microsoft" phone call, are they obtaining the encrypted data or the decrypted data? I would think it would be decrypted, unless windows is decrypting the data realtime.
     
    PrivatePile, Dec 24, 2015
    #1
  2. AtlBo

    AtlBo Major Geek Extraordinaire

    PrivatePile...

    Here is MS' story on BitLocker, but I don't see anything about whether others can see the information

    https://technet.microsoft.com/en-us/library/cc766200(v=ws.10).aspx#BKMK_MultifactorSupport

    I am guessing, but I suspect that certain types of malware could read anything that has been decrypted and that finds its way into RAM or the caches. As for MS, I suppose they can grab and see anything they want to any time, encryted or otherwise. I mean for the love of pete it's right there in their EULA...:eek::eek::eek::eek::eek:
     
    AtlBo, Dec 24, 2015
    #2
  3. Maxwell

    Maxwell Folgers

    No, BitLocker does not protect against malware, Viruses once the operating system is active. BitLocker is a static protection system and protects data at rest when the OS is not running, i.e., a desktop or laptop that it not powered up. Once the operating system has booted up, the data on the disk has been decrypted and is susceptible to any installed products that can read the unencrypted data.

    A consequence of disk encryption is the additional time required to start-up (boot) and shutdown as both decryption and encryption takes time. Futhermore, any backups (either using backup software or simple copy to USB stick) taken of the system are unlikely to be encrypted in the same way or have any encryption. Thus, further exfiltration vectors exist.
     
    Maxwell, Dec 26, 2015
    #3
    AtlBo likes this.
  4. PrivatePile

    PrivatePile Private E-2

    Thanks guys. That's kind of what I thought, that the decryption takes place at start-up, but I feel that is a very big security hold as data theft is more a digital thing than a physical thing at this point. And Atlbo, I wasn't referring to actual Microsoft (as scary as that eula is) as much as the scammers that call and say they are from Microsoft and need access to the computer.
     
    PrivatePile, Dec 26, 2015
    #4
  5. AtlBo

    AtlBo Major Geek Extraordinaire

    Thanks for the info on BitLocker Maxwell. I did not know it decrypts during start up. I always thought it decrypted during normal operation only.

    Oh yes, the ones who call from India or Russia with the bad news about the viruses on your PC. Srsly!

    [​IMG]
     
    AtlBo, Dec 26, 2015
    #5
    Eldon likes this.
  6. Maxwell

    Maxwell Folgers

    Maxwell, Dec 27, 2015
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds