Kevin Beaver's Security Blog

BitLocker, Passware…heads in sand everywhere!

Three times in the past three weeks. That’s how many conversations I’ve had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They’re well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.

I’ve said it before and I’ll continue saying it: I’ve sung the praises of BitLocker for years. I still use it on a few non-critical systems that aren’t storing sensitive information just to create a hoop for someone to jump through if the systems are lost or stolen. The thing is, there’s a tool that can supposedly negate BitLocker’s encryption. It’s called Passware Kit Forensic.

In one of my recent full disk encryption conversations, someone in a highly-visible healthcare organization told me that even though it’s been proven that laptop loss and theft is a big problem for healthcare (backed up by this December 2011 bit from Dark Reading on Ponemon’s new study: Healthcare Data in Critical Condition), that loss/theft/Passware Kit Forensic was not a risk to the business. Even when the law says it is. Amazing stuff.

You see I’ve sung the praises of Passware Kit Forensic to over 1,000 people during my speaking engagements this year alone. I’ve see it in action and have had some colleagues who have used it recommend it to me. But I want to be able to demonstrate on my blog and to my audiences when I present how BitLocker can be compromised using Passware Kit Forensic. Although Passware has some screenshots on the process here, I need more.

Like other bloggers, trade rags and test labs, I’d like to get a (fully-functioning) demo/test/trial copy of the tool first so I can take it for a spin, validate which scenarios the tool can actually work and document my findings here on my blog, my articles and any forthcoming edition of Hacking For Dummies…especially given how pricey Passware Kit Forensic is ($995; it was $795 just recently so apparently there’s a demand for it).

I truly believe this is a big deal and it’d be a win-win for us all. The problem is I can’t seem to get anyone at Passware to get back with me. Numerous emails, a Web form submission and LinkedIn requests have fallen on deaf ears. Maybe Passware is no longer around?

For now, just know that the threat and subsequent business risk is likely there and maybe I’ll have the opportunity to demonstrate it for you in the future.

Elcomsoft…help!