Windows Encryption Keys Could Expose Users to Hackers

By   ISBuzz Team
Writer , Information Security Buzz | Jan 05, 2016 10:00 pm PST

Microsoft’s storage of Windows encryption keys could expose users to hackers or government surveillance. Disk encryption is a built-in feature for smartphones and other devices that sends a backup copy of the recovery key to Microsoft when a user logs in through a Microsoft account. As soon as the double is created, it can allow backdoor access for hackers or government agencies. Craig Young, a cybersecurity researcher for Tripwire have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire :

“While this key backup behavior certainly presents an increased risk that someone may be able to bypass advertised encryption protections, it is important to consider the risk in context. In order for this ‘vulnerability’ to be exploited, an attacker must be able to both gain access to the backed up key and gain physical access to the encrypted storage.  There is essentially an infinitely long list of easier ways for an intruder to bypass disk encryption and retrieve data from a protected device by attacking the end point. It is important to remember that most of the protections afforded by disk encryption end are not applicable after a system has been booted and the file system has been unlocked. An adversary sophisticated enough to gain unauthorized access to Microsoft’s key backups is almost certainly sophisticated enough to get malware installed onto the running system.

Users with particularly sensitive information beyond the basic personal passwords and financial data can simply use traditional local accounts rather than Microsoft accounts to avoid the possibility of key disclosure. While it would be nice if the OS allowed users to opt-out of sending the key to Microsoft, it seems likely that many users would still want their backup key stored by Microsoft to help reduce the risk of catastrophic data loss.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]