In the ongoing data security arms race, BitLocker just became the new Maginot Line. An outwardly impressive barrier offering a false sense of security.
Multiple videos on Youtube and Tik Tok demonstrate how someone so inclined can extract a user’s BitLocker encryption key in less than 60 seconds. That’s less time than it takes me to type in my 48 digit drive encryption key!
As owners of 2015-19 Hyundai and Kia vehicles have long since realized, the internet now offers on-the-job-training for the criminally inclined. Kia and Hyundai cars of that period lack electronic immobilizers that prevent thieves from bypassing the ignition. TikTok videos explain how to exploit this weakness. The result? These vehicles accounted for nearly 40% of all car thefts in the US last year.
Back to the BitLocker revelation. What is one to do? After all, BitLocker was developed by Microsoft and is bundled with many Windows products. To quote Microsoft:
“BitLocker is a Windows security feature that provides encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices.”
I would expect Microsoft to institute a software update to address the current vulnerability. Users should be fine . . . until the next vulnerability is uncovered. That, of course, is our current reality. As security technology advances, so do the methods to circumvent those protections.
It is critical to install updates as soon as they are available. These patches are an essential part of one’s arsenal of protection. I am also an advocate of old-school backups. Cloud backups are fine but if a ne’er-do-well gains access to your device, those files can be at risk. Be sure to backup to external drives as well. Sounds outdated? Well, consider that another vulnerability that has impacted BitLocker users is BitLocker virus. Hackers gain access to a device and encrypt its data . . . using BitLocker. Ransom demands follow.
So, stay up-to-date and stay alert. And don’t rely on one layer of protection. And keep reading this blog for related news.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.
