OpenSSH now warns about “non-post-quantum” connections
Quantum computers may never get there, but the regulators in many countries are preparing just in case they do.
A decade or so ago, the cybersecurity market had plenty of FDE tools on offer.
FDE is short for full disk encryption, and it’s typically used to protect the data on laptops and mobile devices “in bulk,” so that if they’re lost or stolen or lost while turned off, attackers can’t just turn them back on and read off all the data.
Better yet, even if the crooks take out the hard disk (OK, they’re not disk-shaped any more, they’re chip-shaped, but you get the idea) and plug it into specialized equipment of their own, the only data they can get out of it is shredded cabbage.
Loosely speaking, FDE works at a low level, encrypting and decrypting data in fixed size chunks such as raw disk sectors or clusters, ignoring details such as directories, files, and database fields.
Anything going onto the disk, whether it’s code, user data, file system indexing information, or even sectors full of zeros, gets silently encrypted on the way down; when it’s read back in, it’s silently decrypted on the way up.
FDE tools therefore don’t replace file-by-file encryption programs that let some users access a file while keeping others out, and they don’t remove the need for network-level encryption such as HTTPS to protect data in transit.
FDE is used in addition to other cryptographic tools, as a sort-of baseline protection for devices as a whole.
In fact, FDE is so widely accepted, so commonly required for certification, and needs knitting into the operating system at such a low level, that there aren’t many independent commercial vendors left.
Macs come with Apple’s FileVault, already activated when you buy your new laptop, and Windows 11 has BitLocker, which is often activated by default in its most basic mode when you (or your IT team) set up Windows for the first time.
It’s hard for anyone to compete with free-and-built-in, especially if “built in” effectively means “cemented into the foundations and very tricky and time-consuming to remove.”
Many, if not most, business users of Windows will therefore have BitLocker running on their laptops right now, whether they know it or not.
Some users won’t know whether they’re running BitLocker or not, because the default configuration of BitLocker, known as TPM mode, or TPM-only mode, is as good as invisible, so that users don’t have to learn how to use it, don’t have to spend any extra time unlocking their disks when they boot up, and don’t have yet another startup password they might forget and end up in a helpdesk queue trying to get the password reset.
TPM is short for trusted platform module, and it’s a special sort of secure storage chip, now often fitted directly onto a computer’s motherboard (some computers have a connector so a TPM can be added or upgraded later).
Indeed, Windows 11 won’t install on computers without a TPM, which was a despised and controversial requirement when it first came out, although so many computers come with TPMs these days that Microsoft seems to have wriggled its way through the worst of the criticism by now.
Of course, not needing to enter a password or passcode as soon as the computer starts up, as you might expect if your entire C: drive is encrypted, raises the question, “Where does the cryptographic security come from?”
That’s where the TPM comes in – it’s designed to store randomly-generated encryption key material in such a way that the data can only be extracted by special boot-time code.
That boot-time code, which can’t itself be encrypted because it’s there to kick off the decryption of the rest of the system, is “locked in place” by a feature known as Secure Boot, also mandated by Windows 11.
This means that only startup programs digitally signed by Microsoft will run, and therefore (in theory, at least) only trusted code can get at and use the TPM’s decryption key.
There are lots of “ifs” in this, of course, and numerous vulnerabilities, exploits, hacks, and bypasses over the years have made it possible for attackers to get at your data when BitLocker is in its entry-level TPM-only mode, for example if they steal your laptop, or have unsupervised access to it for a while in a hotel room while you’re at breakfast.
Nevertheless, BitLocker in this mode will satisfy many security certifications; it’s safer than having an unencrypted disk that can be accessed directly by anyone; and it’s safer than having a disk with hardware access controls that can be bypassed simply by plugging it into another computer or forensic data recovery device.
But what if there’s a problem with your computer itself, or the TPM chip?
If you need to graft your disk into another computer to have any hope of getting your data off it, because the disk is fine but your motherboard is blown, what do you do?
If the boot process itself gets stuck before you get to the Windows logon screen, so even your IT staff can’t logon and try to fix the problem, what do you do?
(CrowdStrike users may remember that company’s infamous boot-loop crisis two years ago, where a simple anti-virus signature update triggered a bug that caused a reboot almost as soon as the computer started up, which triggered another reboot, and so ad infinitum.)
The solution is known as recovery mode, where your computer boots up from a stripped down version of Windows, either from a recovery partition handily located on your disk, or via a USB key (or DVD if you still have a CD/DVD drive).
There are several ways to access recovery mode:
Shift key.Recovery mode loads up like a live Linux distro, if you’ve ever tried one of those, running from RAM, and not relying on any code or settings from the C: drive that could cause the system to crash yet again.
When booted like this, of course, the recovery version of Windows is not supposed to decrypt the C: drive automatically with the key from the TPM chip.
That would subvert BitLocker altogether, because a laptop thief could then simply use recovery mode to read off all your files, and a frustrated user could bypass their IT team to get administrator-level access to their C: drive.
Instead, before it lets you get at the hard disk to remove or replace any troublesome files, recovery mode takes you through a series of blue menus, and insists that you enter a special password that’s not stored in the TPM chip, called the recovery key, before you can access C:.
The recovery key is a whoppingly long number of 48 digits (thankfully presented and entered in eight 6-digit groups to make it easier to work with) that is usually kept by your IT team in a secure database where these emergency codes can safely be retrieved if needed.
“BLUE MENU” COMMAND-PROMPT SEQUENCE IN RECOVERY MODE
If you’re an administrator on your own computer, you can print out and keep the recovery key for yourself if you wish, but obviously you need to be able to logon first to run the command that reveals those magic 48 digits. If you haven’t already done so, then it’s too late to recover the recovery key after your computer goes wrong, or after you’re stuck in boot-loop that stops you reaching the logon screen. Note that the manage-bde utility refers to the recovery key as a numerical password, a term that’s slightly ambiguous, because it’s technically a 128-bit cryptographic key that’s specific to recovery mode, and is converted to groups of digits when printed out to make it easier to type in, as explained above and shown in the image below.
Despite the aforementioned attacks and bypasses that have appeared from time to time against BitLocker in TPM-only mode, many corporate IT and cybersecurity teams have stuck to this minimalist configuration, not least because BitLocker bypasses were often assumed to require skillful attackers with specialized tools and plenty of time.
Trivial, anyone-can-do-this-in-moments attacks weren’t really a thing.
Until now.
A threat researcher and exploit developer known variously as Nightmare Eclipse, Chaos Eclipse, and Dead Eclipse, has come up with an attack they refer to as YellowKey.
If the moniker “Eclipse” rings a bell, that’s because they were all over the news last month for publishing a series of three different zero-day vulnerabilities in Windows Defender, ironically abusing the very software that Microsoft boasts will keep you safe from malware to help malware attackers exploit your system.
The newsworthiness of these exploits came not so much from what they were or how they worked, but that N. Eclipse chose not to disclose them responsibly to Microsoft, meaning that there was no time to patch them before cybercriminals knew about them.
Instead, N. Eclipse disclosed them publicly, with working, annotated, proof-of-concept exploit code for anyone to use.
N. Eclipse also engineered a perfect PR storm by waiting until just after April’s Patch Tuesday, when proactive sysadmins probably felt they could relax a bit until the next scheduled patches on the second Tuesday of May.
They repeated this approach this month, dropping YellowKey on the world in a similar way, just after May’s Patch Tuesday was done and dusted, with a dramatic blog entry to go with it:
Now regarding YellowKey, lots of you are wondering how does one even find such backdoor?
I’ll tell you how, it took me more time trying to get it to work than the amount of sleep I had in two years combined. No AI involved, no help in any shape or form. I could have made some insane cash selling this but no amount of money will stand between me and my determination against Microsoft.
Fighting words!
How hard is this attack to pull off now the exploit has been published?
What do potential attackers need to do to exploit the YellowKey bypass of BitLocker, and what do they get out of it?
Unfortunately, preparing to use the exploit is trivial.
Simply format a removable drive, such as a USB key, and copy onto it a weird collection of files from N. Eclipse’s GitHub site.
In .ZIP file format, the exploit files and instructions come to just 45KB; unzipped onto a USB key, the exploit itself is a bunch of data files that take up less than 25MB altogether, with no scripts or program files in the mix.
If you plug this “magic” USB key into a laptop and then start up in recovery mode․․․
․․․the sequence of screens you see in the animation above, where you navigate a series of blue menus before entering your 48-digit recovery key, simply does not appear.
After a brief delay where the screen tells you Please Wait, you are dropped into a command prompt in which the C: drive is already unlocked, thanks to the cryptographic material in the TPM.
That’s all there is to it.
Sadly, a laptop thief can use this trick to copy off any files they like from your laptop onto a portable drive – the same one that had the exploit files on it, if they like.
And a disaffected employee can use this trick to get Administrator and SYSTEM level access to their own computer, even if their regular login and the access controls IT expect them to follow don’t let them do so.
YELLOWKEY IN TPM MODE: NO “BLUE MENUS,” FULL BYPASS
If you’re a user or an IT department that has insisted on a slightly higher level of BitLocker security known as TPMandPIN, this exploit doesn’t provide quite the same instant access as in TPM-only mode.
With TPMandPIN, you’re required to enter a short numbers-only password (the default minimum is just six digits) almost as soon as your computer starts up, which many users accept as a happy medium between no boot-time security code at all and a full-on startup password.
During a regular boot, you put in the PIN right away, and then wait until you reach the Windows logon screen, where you need your domain or computer password as usual.
In recovery mode, you put in the PIN right away, and then wait until you reach the blue menus where you need the 48-digit recovery key, as shown before.
(You can skip the PIN entry, because you might not know the PIN, but you still end up at the blue menus, and still need the recovery key.)
But if you plug in a YellowKey exploit key, the blue menus, including the recovery key prompt, are skipped over as before.
If you correctly entered the PIN when recovery mode started, then the C: drive is automatically unlocked, meaning that the PIN alone is enough to bypass BitLocker.
The YellowKey risk in TPMandPIN mode is therefore that:
However, N. Eclipse has ominously claimed on their blog that:
No, TPM+PIN does not help [in the long run], the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment? Yes it does, I’m just not publishing the PoC, I think what’s out there is already bad enough.
I can’t wait when I will be allowed to disclose the full story, I think people will find my crashout very reasonable and it definitely won’t be a good look for Microsoft.
Intuitively, the claim to be able to unlock C: with the TPM alone, even if a user-entered PIN is also required as part of the normal logon process, sounds unlikely, and may turn out to be false.
But N. Eclipse has produced sufficiently many new exploits recently, and released them apparently without regard for responsible disclosure or financial gain, that it would be unwise to write their claim off entirely.
Turning off TPM support altogether allows you to switch to what BitLocker calls Password mode, and this seems likely to help against this attack.
This mode is like TPMandPIN, except that the startup prompt asks for a proper password, which isn’t limited just to digits, and the TPM is not used at all, so there is no automatic part of the disk unlocking process.
If you use the YellowKey exploit in Password mode, there’s no password prompt when recovery mode starts up.
You skip over the blue menus and the recovery key prompt, and end up directly in a command window as before, but the C: drive remains locked.
To unlock the C: drive, you then need either the password or the recovery key.
YELLOWKEY IN PASSWORD MODE: NO “BLUE MENUS” BUT NO BYPASS
Note that some IT departments don’t like Password mode, because even without the YellowKey exploit, either the password alone or the recovery key is enough to get Administrator and SYSTEM rights, and the disk decryption is no longer tied to a specific laptop with a specific TPM chip.
This therefore gives users more power over tweaking their laptop that TPMandPIN mode, where the recovery key is always needed to get at the recovery command prompt, and the PIN on its own is inadequate unless the YellowKey exploit is used.
It feels unlikely that pure Password mode could be bypassed with a YellowKey-like exploit, because the system has no automatically-accessible cryptographic material at all to help it along when the TPM is not used.
But a similar argument could be made about sidestepping the PIN in TPMandPIN mode, yet N. Eclipse claims to have done just that.
It’s possible, of course, that their TPMandPIN bypass, if it exists, relies on a brute force attack, where all possible PINs are tried together with the TPM key, in which case it might be much slower and less tractable than the TPM-only attack, and wouldn’t work with a sufficiently long password, but their blog announcement implies otherwise.
In short:
Why not ask how SolCyber can help you do cybersecurity in the most human-friendly way? Don’t get stuck behind an ever-expanding convoy of security tools that leave you at the whim of policies and procedures that are dictated by the tools, even though they don’t suit your IT team, your colleagues, or your customers!
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!
Quantum computers may never get there, but the regulators in many countries are preparing just in case they do.
Join us for the fascinating story of how researchers in the UK and the US challenged received wisdom, and discovered how to share encryption keys securely, even with people you’ve never met.
Popular cybersecurity scanning tool turns into info-stealing malware
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
