Skip to main content

CIA spies can add BitLocker hack to the list

A new batch of documents leaked by former NSA contractor Edward Snowden has shown that the CIA tried for years to break Apple's encryption.

Besides Apple, Microsoft was also a target, and a story (opens in new tab)published on The Intercept suggests that CIA specialists might be able to break into BitLocker, the Microsoft software which encrypts hard drives.

At an agent-only conference in 2010, CIA officials talked about how it is possible to extract private encryption keys from a special security chip – Trusted Platform Module (TPM).

The TPM is necessary in order to use BitLocker, and keys could be extracted from it by “measuring electromagnetic signals emanating from the TPM.”

With this technique, spies use sensors or other devices to study the power consumption of a chip while it encrypts and decrypts information to extract the keys from it.

Motherboard (opens in new tab)took the time to speak to a couple of security experts, and none of them seemed too surprised about the new discovery.

"This new research means that if I can put a sensor next to the laptop, now all of a sudden I can extract the keys without damaging it,” Kenneth Ray, a former Microsoft engineer who was BitLocker’s architect from 2005 to 2007.

“This is a tiny bit alarming because now you can attack a TPM without there being any evidence that you did so.”

Peter Biddle, another former Microsoft engineer who led the BitLocker team before its launch in 2005, is also not surprised.

“We were partnering with people and doing it ourselves 10 years ago,” Biddle told Motherboard.

Microsoft declined to comment on the story.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.