Passware Inc. says it has come up with a way to access files on USB drives secured by the BitLocker encryption feature of Microsoft Corp.’s Windows.
Mountain view, Calif.-based Passware announced this week the release of Passware Kit Forensic version 10.1. The vendor said its software now lets investigators recover BitLocker encryption keys and getting “full access” to the contents of encrypted disks.
Microsoft added its BitLocker hard-disk encryption feature to the "ultimate" and "enterprise" versions of its Windows Vista and Windows 7 operating systems, in response to greater concern over data losses and breaches. It is also present in Windows Server 2008 and Windows Server 2008 R2.
Passware’s target market is law enforcement, said the company’s marketing manager, Nataly Koukoushkina.
She added users need physical access to computers in order to use Passware to defeat BitLocker encryption.
“That’s not easy for hackers,” she said. “We developed it for investigative purposes only.”
Passware launched the tool at the a training conference held by the High Technology Crime Investigation Association (HTCIA) in Atlanta.
The software costs US$795 and includes a year of free updates, Koukoushkina said, adding the BitLocker feature of Windows stores the encryption keys in a computer’s memory.
“We are using this vulnerability in order to decrypt the BitLocker hard disk,” she said. “Now the enhancement is for portable disk USB drives.”
Passware, who says its customers include the U.S. Department of Defence, makes software designed to either recover or reset software for a variety of document types, including Adobe Systems Inc.’s Acrobat, plus Microsoft Corp.’s Word, Excel and Access.
The enterprise version will scan machines for password-protected files and scan the physical memory image file for disks encrypted with either BitLocker or TrueCrypt. If a TrueCrypt volume is dismounted, then the Passware software does a brute force attack.
But a survey by Opswat Inc, a San Francisco-based vendor, showed BitLocker is not widely used.
Opswat conducted its survey by analyzing 35,000 reports from the 50 million network endpoints on which it manages applications using its OESIS software framework.
-
"Our findings show that end-user adoption of hard-disk encryption technologies aren't nearly as widespread as the use of anti-virus, anti-spyware and firewall products," Opswat said. "Even when these hard-disk encryption features are included as a feature in the Windows OS, they remain unused for the most part."
Of the 35,000 reports, nearly 90 per cent of those computers were not using any hard-disk encryption products. A little over eight per cent of those machines had BitLocker installed, with a little more than two per cent having some other encryption product.
With files from Jeremy Kirk