Your IT Consultant

Bypass BitLocker with Simple Key Combination

November 30, 2016

BitLocker is a very good encryption method included free with Windows 10. However, Microsoft needs to fix a recently discovered bug that allows you to bypass BitLocker. All an attacker needs to do is hold SHIFT+F10 during the Windows 10 update procedure. Security researcher Sami Laiho discovered this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges by hitting the key combination while Windows 10 installs an OS update. This is another reason to change the default configuration of Windows 10. Most users leave the default as installing updates automatically, typically early in the morning while everybody (except the bad guys) are sleeping. Someone with physical access to your computer could then take advantage of this bug. A solution to the problem is to download updates automatically, but notify the user when ready to install. A user could then install the update(s) while physically present and observe the update process. While the fix is simple, I'll guess most users are just too lazy and will leave their Windows 10 computers vulnerable to this attack.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com