Posts

New attack could extract BitLocker encryption keys from a TPM

/0 Comments/in /by
  • The new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
  • All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.

A security researcher from Pulse Security named Denis Andzakovic has come up with a new attack vector that could extract BitLocker encryption keys from a computer’s TPM (Trusted Platform Module). All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.

“By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board,” Andzakovic said.

The big picture

To be precise, this attack would require physical access to a device, which means an attacker needs to hardwire equipment into the system’s motherboard or TPM chip and sniff communications via the Low Pin Count (LPC) bus.

The attacker could then access the highly valuable information such as proprietary business documents, cryptocurrency wallet keys, and other sensitive data stored in the system.

Worth noting

The security researcher described that the new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.

  • Andzakovic tested on an HP laptop running a TPM 1.2 chip by using an expensive Logic Analyzer
  • He also tested the attack against a Surface Pro 3 running a TPM 2.0 chip by utilizing a cheap FPGA board and open source code.

It is to be noted that in both the attacks, the BitLocker was running a standard configuration.

The bottom line – Andzakovic’s research revealed that using standard BitLocker configuration is not very secure.

This is why Andzakovic and Microsoft recommend using a pre-boot authentication method to prevent such attacks. Pre-boot authentication is setting a TPM/BIOS password before the OS boots, which will prevent the BitLocker encryption keys from reaching the TPM and getting sniffed.

China, Russia Posing Biggest Cyber Attack Threats to United States, Says Chief of US National Intelligence

/0 Comments/in /by

China, Russia, Iran, and North Korea increasingly use cyber operations to steal information, influence people and to disrupt critical infrastructure, said Dan Coats, Director of National Intelligence.

Washington: Russia and China pose the biggest espionage and cyber attack threats to the United States and are more aligned than they have been in decades, the leader of the U.S. intelligence community told U.S. senators on Tuesday.

While the two countries seek to expand their global reach, Director of National Intelligence Dan Coats said, some American allies are pulling away from Washington in reaction to changing U.S. policies on security and trade.

“China, Russia, Iran, and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure,” Coats said.

“Moscow’s relationship with Beijing is closer than it’s been in many decades,” Coats told the Senate Intelligence Committee’s annual hearing on worldwide threats, where he testified with the director of the CIA, FBI and other top intelligence officials.

He also said some U.S. allies are seeking more independence, responding to their perceptions of changing policies on security and trade and “are becoming more open” to new partnerships.

“The post-World War Two international system is coming under increasing strain amid continuing cyber and WMD proliferation threats, competition in space and regional conflicts,” Coats said, using the acronym for weapons of mass destruction.

Election Security

Coats also said U.S. adversaries likely are already looking to interfere in the 2020 U.S. election, refining their capabilities and adding new tactics.

He said Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities and criticizing politicians perceived to be anti-Russia.

Senator Mark Warner, the panel’s top Democrat, said in his opening statement that he was particularly concerned about Russia’s use of social media “to amplify divisions in our society and to influence our democratic processes” and the threat from China in the technology arena.

The United States on Monday announced criminal charges against China’s Huawei Technologies Co Ltd, escalating a fight with the world’s biggest telecommunications equipment maker and coming days before trade talks between Washington and Beijing.

“Especially concerning have been the efforts of big Chinese tech companies – which are beholden to the CCP (Chinese Communist Party) – to acquire sensitive technology, replicate it, and undermine the market share of U.S. firms with the help of the Chinese state,” Warner said.

The U.S. Justice Department on Monday charged Huawei and its chief financial officer, Meng Wanzhou, with conspiring to violate U.S. sanctions on Iran by doing business with Tehran through a subsidiary it tried to hide.

“China is going to be a major competitor of ours in every way that there is,” said Republican Senator Jim Risch, an intelligence committee member who is also chairman of the Senate Foreign Relations Committee.

Haryana Company Complaints Of Ransomware Attack

/0 Comments/in /by

The hackers said they would normalise the situation when their demands are met, a senior police officer said, adding the Cyber Cell was investigating the matter.

GURGAON:  Gurgaon Police on Friday registered an FIR against unknown person in connection with the hacking of a server of a private company in the city which has been asked for a 15 US bit-coins ransom, equivalent to Rs. 25.6 lakh, by hackers. Mattoo Jay Kumar, general manager of Mohan Clothing Pvt Ltd, a garments’ company located in Udyog Vihar, phase-I, approached the police on Thursday.

He told the Cyber Cell of the police that his company has computerised warehouse at IMT Manesar which stopped working around 2 am on June 16. The in-charge of the warehouse immediately informed the top management about the problem. Mr Kumar said when he went to the corporate house in Udyog Vihar to access the situation, he could not understand the actual reason.

“The company later received a threatening email in which it was told to transfer the fund in bit-coins form in a specific account,” Mr Kumar said in his complaint.

“The cyber attacker had used ‘Ransomware’ virus to hack the server of the company. According to the email, the hackers threatened to wipe out all financial data and bank transactions of the company to make it bankrupt if it did not meet their demands,” he added.

The hackers said they would normalise the situation when their demands are met, a senior police officer said, adding the Cyber Cell was investigating the matter.

Religare Securities Says It Has Suffered a Cyber-Attack

/0 Comments/in /by

Religare Securities has suffered a virus attack of medium severity but its systems, operations and sensitive client information were secure and unaffected, it said on Monday.

Religare, a medium-sized brokerage, added the attack had been “proactively handled” and that “necessary damage control steps” had been initiated.

A company source told Reuters Religare had been a victim of a cyber-attack that had affected its servers in the morning, and that at least some of the internal IT systems at the brokerage had been shut down.

A Religare spokesman declined to give more specific details, and said the company continued to assess the situation.

Last month, operations at one of three terminals at India’s largest container port JNPT, near the commercial hub of Mumbai, was disrupted by a global ransomware attack.

The spokesman said the brokerage did not yet know whether the virus attack had been the result of a similar ransomware attack.