Bitlocker Security Questions

cereberus · Jan 2, 2023

TraderGary said:
From some of the clueless posts, I wasn't that sure.

Yep - a lot of nonsense in some of the posts.

barreleye · Jan 2, 2023

hdmi said:
Yeah, just not the ones that look exactly the same as a standard USB charging cable and have built-in WiFi in them. The point you still seem to be missing is you're trying to minimize the problem by keep claiming that you know your stuff, and keep claiming it even after all the evidence to support the contrary keeps piling up. No offense, but.. I don't do bottomless pits.

LOL! I've never said "I know my stuff". Instead, I've explained why everything you've presented is legitimately irrelevant to me in the scenario I've described. I keep asking the same thing, and you keep coming back with stuff that doesn't apply to what I asked.

Whether your lock screen will protect you or not, doesn't factually even matter. Evil maid attacks at the cafe can, and do happen. The lock screen is what makes you feel safe. This feeling affects your behavior. Hackers know this. They use this knowledge to their advantage in planning their attacks. Unless you know it too, and can be persistent with your own actions in response to it, the lock screen doesn't make any real difference in the end. Similar to the proven old fact that putting your key under the doormat also makes your lock useless. You can argue against this as much as you like. The facts won't change.

OMG. You do not listen.

He is a cryptology expert. You didn't expect him to use the word Firewire in a cryptic way so that it may refer to something else? LOL!

I have no idea what you're trying to say. It should be clear after I've explained it a couple times, I didn't appreciate having to watch 4 minutes of the video you posted and reiterated as the answer to the OP's question, only to find out it's about Firewire, which is easily mitigated and hasn't been even remotely relevant in many years.

The laptop that you can see in my specs is what I use for my personal hobby activities only. So, I can't actually even use my own Windows laptop for anything work related. I have to use a separate laptop for that, and I can't discuss it. All I can tell you is that I am a trained Enterprise Java developer (EJB specialist, with a formal degree in IT) who works for very large corporations. Not just a regular type IT guy. But I do have some professional experience as a systems engineer in the customer and desktop services branch on Windows. In fact I have been using Microsoft products for equally as long as I have been programming computers. Right now, that is exactly thirty-seven years and a half of programming experience. Since 1984. But anyway.. about HVAC. I also own my own personal Milwaukee M18 Fuel FPD-0 cordless drill.

Whatever. I'm out. This has been a complete waste of time.

hdmi · Jan 2, 2023

barreleye said:
legitimately irrelevant to me

This is not your thread. This is the OP's thread, and, whether or not my posts are legitimately irrelevant to you is legitimately off topic.

barreleye said:
OMG. You do not listen.

Like I said, I don't do bottomless pits, so.

barreleye said:
it's about Firewire, which is easily mitigated and hasn't been even remotely relevant in many years

No, it's not about Firewire. Clearly, it's about various different types of cables such as all the ones that are a lot more modern than Firewire.

barreleye said:
I'm out.

Thank you!

barreleye · Jan 2, 2023

hdmi said:
This is not your thread. This is the OP's thread, and, whether or not my posts are legitimately irrelevant to you is legitimately off topic.

Like I said, I don't do bottomless pits, so.

No, it's not about Firewire. Clearly, it's about various different types of cables such as all the ones that are a lot more modern than Firewire.

Thank you!

Again, you don't listen, or perhaps comprehend what you read, and just want to argue. I reiterated OP's question #4, because he didn't get an answer to it that I saw in this very subpar thread, and I wanted to help him get things back on track. In particular, you have not answered it. Instead, you've wasted everyone's time by answering a different question and getting snottier and snottier with every post.

"4. I heard of people putting malware/virus on people's computer if they can have access to your laptop for just 1 minute. Saw video where if you are at a local coffeeshop and are away from your computer for just a minute, someone could plug a usb drive with malware in it and then take it out and now you have malware. Now if you lock your computer while you are not there... are you still protected from any usb malware?"

hdmi · Jan 3, 2023

barreleye said:
Again, you don't listen, or perhaps comprehend what you read, and just want to argue. I reiterated OP's question #4, because he didn't get an answer to it that I saw in this very subpar thread, and I wanted to help him get things back on track. In particular, you have not answered it. Instead, you've wasted everyone's time by answering a different question and getting snottier and snottier with every post.

"4. I heard of people putting malware/virus on people's computer if they can have access to your laptop for just 1 minute. Saw video where if you are at a local coffeeshop and are away from your computer for just a minute, someone could plug a usb drive with malware in it and then take it out and now you have malware. Now if you lock your computer while you are not there... are you still protected from any usb malware?"

I did answer that question. The answer was yes, even if you lock your computer while you are not there, even if you are using BitLocker drive encryption, it is still possible for malware to be installed in this manner by someone who has physical access to your computer. I also posted a link to a blog post the title of which ends with "Part 2" and the content of which starts with a link to Part 1 so, all you had to do was navigate to Part 1 because then you would have soon found this other link:

Windows Measured Boot - How It Helps To Secure Windows OS Platform HTMD Blog

Understanding Windows Measured Boot - how it works to help secure the Windows OS platform. Is it same as Secure and Trusted Boot? Read to know more on this.

www.anoopcnair.com

Some words in that blog post appear to have been semi-encrypted, maybe it's because Joy already knew that no one here except only me was going to bother to read it, let alone comprehend it. lol

barreleye · Jan 3, 2023

hdmi said:
I did answer that question. The answer was yes, even if you lock your computer while you are not there, even if you are using BitLocker drive encryption, it is still possible for malware to be installed in this manner by someone who has physical access to your computer.

That's just the same assertion as before. Again, what's the mechanism? We're talking modern computers with USB ports, not Firewire. We're not interested in attacks that depend on leaving something physical behind to perform surveillance of the user, which you brought up in replies to me. It would be of interest if it's possible to insert a USB stick that installs malware to a computer sitting at the Windows lock screen or can dump memory or better still, read disk drive contents. That's it.

I also posted a link to a blog post the title of which ends with "Part 2" and the content of which starts with a link to Part 1 so, all you had to do was navigate to Part 1 because then you would have soon found this other link:

Some words in that blog post appear to have been semi-encrypted, maybe it's because Joy already knew that no one here except only me was going to bother to read it, let alone comprehend it. lol

Yeah, whatever. I'm not chasing any more of your links. This one seems especially unpromising given that it's about the boot process, which is outside the scope of the clearly stated scenario. The user would be able to tell his computer has been rebooted, especially if he's using Bitlocker. Moreover, instead of explaining its relevance in a couple of sentences, you portrayed it as a bit of a wild goose chase, ending with "semi-encrypted" nonsense you say only you can understand. Get real. This is the most ridiculous you've been yet.

hdmi · Jan 3, 2023

barreleye said:
This one seems especially unpromising given that it's about the boot process, which is outside the scope of the clearly stated scenario. The user would be able to tell his computer has been rebooted, especially if he's using Bitlocker.

The experienced user would likely be able to tell. Therein lies the biggest problem, as not everyone who uses BitLocker drive encryption understands the importance of Windows Boot Measurement in that regard. The part of your reply I quoted above just proves that you are among those who keep refusing to understand this fact.

newmann · Jan 3, 2024

Okay so at the moment, after I enter my bitlocker pin, I then have to enter my windows 11 pro password to get into my laptop.

If I then control alt delete and lock my computer, does that mean nobody cannot access my laptop unless they have either my windows 11 pro password or the bitlocker recovery key? The thing is if I want to go to the supermarket for an hour or so, I rather keep my laptop on and not have to turn it off and turn it on every single time. Is locking it enough?

The thing is even if my laptop is locked, could someone put a usb with malware in it? I heard someone can do this to a laptop in a minute like at a coffee shop but if your windows is locked, are your usb ports protected or not? The other thing is what your laptops BIOS? I remember someone mentioning something about turning it on but I never did anything with this. All I have is bitlocker pin and windows 11 pro password to get into my laptop. So is this enough or not enough? Can someone give me a clear answer to this? Assuming the way I have it setup now like back then, is it enough?

hdmi · Jan 3, 2024

newmann said:
Is locking it enough?

No, not if the goal is to be protected against an experienced hacker, it's not.

newmann said:
The thing is even if my laptop is locked, could someone put a usb with malware in it? I heard someone can do this to a laptop in a minute like at a coffee shop but if your windows is locked, are your usb ports protected or not?

No, they are not protected. That in fact is why so many companies have a policy to keep the USB ports disabled. The same with Bluetooth... you can't trust the Bluetooth adapter's firmware or if you can, then you still need to verify on that, which is no easy task and that very often proves to be more cumbersome (or next to impossible) compared to just keeping it disabled permanently altogether.

newmann said:
The other thing is what your laptops BIOS? I remember someone mentioning something about turning it on but I never did anything with this. All I have is bitlocker pin and windows 11 pro password to get into my laptop. So is this enough or not enough? Can someone give me a clear answer to this? Assuming the way I have it setup now like back then, is it enough?

Neither a BIOS password nor BitLocker will prevent an experienced hacker who has physical access to the laptop from stealing your data eventually. It will only slow him/her down some. Windows Measured Boot - How It Helps To Secure Windows OS Platform HTMD Blog

barreleye · Jan 3, 2024

newmann said:
Okay so at the moment, after I enter my bitlocker pin, I then have to enter my windows 11 pro password to get into my laptop.

If I then control alt delete and lock my computer, does that mean nobody cannot access my laptop unless they have either my windows 11 pro password or the bitlocker recovery key? The thing is if I want to go to the supermarket for an hour or so, I rather keep my laptop on and not have to turn it off and turn it on every single time. Is locking it enough?

The thing is even if my laptop is locked, could someone put a usb with malware in it? I heard someone can do this to a laptop in a minute like at a coffee shop but if your windows is locked, are your usb ports protected or not? The other thing is what your laptops BIOS? I remember someone mentioning something about turning it on but I never did anything with this. All I have is bitlocker pin and windows 11 pro password to get into my laptop. So is this enough or not enough? Can someone give me a clear answer to this? Assuming the way I have it setup now like back then, is it enough?

Why resurrect such an unfruitful thread where I only got the runaround for exactly that question? I would have to assume the same poster is at it again.

newmann · Jan 4, 2024

I'm confused with the responses here. Some posters had said as long as it has a bitlocker pin at startup and a windows password... you are safe as long as someone else doesn't have those things. So you are saying if a thief got access to a laptop and it has bitlocker, how are they going to get in? They first have to know the bitlocker pin. Then they have to enter the windows password.

So if I turn on my laptop and enter the pin and then windows password. Then I want to go out for few hours and come back but don't want to turn off my laptop. I lock it. How is it not safe? If a hacker or thief has access to my laptop, could they do something to it where they put malware or keylogger where I don't know? Thus when I'm back, I start using my laptop as is after entering the windows password. How would a person even put malware on it? It's locked under bitlocker correct? However, what about the usb ports? Every laptop has usb ports so could someone put a malware on usb that takes a minute to plug it on my laptop when it's in a locked state or not? Obviously if it wasn't locked, then obviously yes.

Also what if my laptop isn't powered on and thus now the person needs both bitlocker pin and windows password? Can they brute force the hard drive if they have my laptop? My concern here is I want to make sure nobody does anything funny to my laptop when I'm away for a bit while leaving my laptop on but locked. The thing is bitlocker is meant for people who want their laptop information protected in case of theft. Thus your laptop might be taken but they can't get access to your files right?

newmann · Jan 5, 2024

If my laptop is powered off and a thief got my laptop and has as much time as they can to brute force my laptop, can they do it or not? This is assuming I have a bitlocker pin and windows password. Also I did not set a BIOS password. I didn't want to bother with this as this seemed confusing and the more things you do, you probably can lock yourself out right? But what about me also not setting bios so it will not boot from usb drives?

Now in the other situation is when I already logged into my laptop with my bitlocker pin and windows password. Now I control alt delete and lock it as I am going to go outside for few hours and don't want to turn off my laptop and turn it back on when I come back. In this situation... let say a thief got access to my laptop for a few hours but I had no clue about it. Let's assume by the time I come back, the laptop is where it is at and looks like how it was before I left. Can they brute force or get in my laptop in those few hours? Can they put malware in my laptop by plugging in a usb with malware which takes 1 minute to put in? I heard this is possible if the computer is open etc. But what if it's locked? Can malware get into the usb port while your laptop is in the lock state?

Also when you say set up bios so it will not boot from usb drives. Are you saying if you do this... when you are using your laptop, you can't plug in a usb flash drive? Or you mean only if you plug it in at startup? Again the last thing I want is to do so many things where it isn't necessary. I know bitlocker pin and windows password is very important which I did. But is it necessary to do the other 2 things you mentioned? The BIOS password and the set BIOS so it will not boot from usb drives?

Also if a thief gets access to my laptop in the lock state.... if they wanted to attempt to brute force it, they have to remove the hard drive from laptop right and plug it into their system? They can't just connect something to my laptop at the lock state to brute force it right? Now if they want to brute force it, well now they have to power off my laptop. Then take out the hard drive. But now instead of just having to know the windows password, well now they have to know the bitlocker pin which makes it miuch harder. Is that correct?

hdmi · Jan 5, 2024

newmann said:
If my laptop is powered off and a thief got my laptop and has as much time as they can to brute force my laptop, can they do it or not? This is assuming I have a bitlocker pin and windows password. Also I did not set a BIOS password. I didn't want to bother with this as this seemed confusing and the more things you do, you probably can lock yourself out right? But what about me also not setting bios so it will not boot from usb drives?

Now in the other situation is when I already logged into my laptop with my bitlocker pin and windows password. Now I control alt delete and lock it as I am going to go outside for few hours and don't want to turn off my laptop and turn it back on when I come back. In this situation... let say a thief got access to my laptop for a few hours but I had no clue about it. Let's assume by the time I come back, the laptop is where it is at and looks like how it was before I left. Can they brute force or get in my laptop in those few hours? Can they put malware in my laptop by plugging in a usb with malware which takes 1 minute to put in? I heard this is possible if the computer is open etc. But what if it's locked? Can malware get into the usb port while your laptop is in the lock state?

Also when you say set up bios so it will not boot from usb drives. Are you saying if you do this... when you are using your laptop, you can't plug in a usb flash drive? Or you mean only if you plug it in at startup? Again the last thing I want is to do so many things where it isn't necessary. I know bitlocker pin and windows password is very important which I did. But is it necessary to do the other 2 things you mentioned? The BIOS password and the set BIOS so it will not boot from usb drives?

Also if a thief gets access to my laptop in the lock state.... if they wanted to attempt to brute force it, they have to remove the hard drive from laptop right and plug it into their system? They can't just connect something to my laptop at the lock state to brute force it right? Now if they want to brute force it, well now they have to power off my laptop. Then take out the hard drive. But now instead of just having to know the windows password, well now they have to know the bitlocker pin which makes it miuch harder. Is that correct?

In most cases an experienced hacker can still get in:

regardless of whether you use a BitLocker PIN and
regardless of whether you have a Windows password and
regardless of whether you have set a BIOS password and
regardless of whether you have disabled booting from USB and
regardless of whether you have locked the computer via the lockscreen
...

In a lot of cases a hacker won't even need to take out the internal drive to be able to read and decrypt sensitive data from it. As for how much harder it will be and/or how much longer it will take for a hacker to gain access if you do this or that, a lot merely depends on how experienced is the hacker in question. The answer to this question is therefore largely unknown, or tends to be that. That in fact is why security companies like CovertSwarm (just to name only one example) exist.

Again, the bottom line is that you'd assume we live in a world where security mechanisms like BitLocker, TPM, password+PIN authentication, restricted boot access on USB when the user has activated the lockscreen of the OS etc. are enough. The reality is that security works by turning that assumption around. So, I will just repeat myself saying, that people can still continue to argue against this all that they want. And hackers will love them for it...

newmann · Jan 6, 2024

Okay so should I change anything with my setup or not? I have the bitlocker pin and windows password.

If I'm going to be outside my apartment for a short bit and lock my computer, is that good enough in most cases?

Also I still didn't get the answer on could I get malware on my laptop if it's in lock mode.

hdmi · Jan 6, 2024

newmann said:
Okay so should I change anything with my setup or not? I have the bitlocker pin and windows password.

That is entirely up to you to decide. Just keep in mind that security hardening a laptop is no easy task, and tends to be rather costly if you hire an expert who can add meaningful guidance to the table after providing you with an in-depth analysis report. The magnitude of what exactly it is that your sensitive data is worth to you is none of my business so, if I were you I would keep that confidential. Also remember that user authentication (password+PIN and/or etc.) and data encryption (e.g. BitLocker) are really nothing more than just a small part of the equation when it comes to the complex topic of security hardening.

newmann said:
If I'm going to be outside my apartment for a short bit and lock my computer, is that good enough in most cases?

Also I still didn't get the answer on could I get malware on my laptop if it's in lock mode.

I already answered those two questions, right from the beginning. Again, the lockscreen is insufficient to keep out an experienced hacker, and, it should be completely trivial the fact that, once in, an experienced hacker can install pretty much anything, including malware and the kind of malware that can be very hard to detect or can be impossible to detect with standard detection tools.

ThrashZone · Jan 6, 2024

Hi,
What I've noticed is at least three users here now "was only two that said they were out of here one as usual can't lol even insulted the op" like to leave their heads buried in the sand after drinking a lot of ms kool-aid very often !

Crack heads wise,
Have you ever watched trafficked, these sort of people know others not so cracked out and take cash and stolen items for swap... so never underestimate these types of peoples resources this is in it's self a security hole.

Anyway hdmi has posted some interesting stuff is any of it plausible = sure
Is it likely = maybe, maybe not depends on the crack head lol

All thieves are opportunist and all have fencing sources even your local pawn shop often do dirty deals so don't think pawn stars to seriously most are dirt bag opportunist that pay .10 cents on the dollar if you're lucky :wink:

And no they do not report/ record every sn# these people pay cash so easily under the table.

Bottom line they may try to get information off the devise but more likely they will just reinstall and flip the item.

ThrashZone · Jan 6, 2024

newmann said:
Okay so should I change anything with my setup or not? I have the bitlocker pin and windows password.

If I'm going to be outside my apartment for a short bit and lock my computer, is that good enough in most cases?

Also I still didn't get the answer on could I get malware on my laptop if it's in lock mode.

Ever noticed cameras around when you enter both passwords ?
You might just be more careful doing this step.
Pin is usually only a few taps
Passwordless world is also only a few taps
Fingers can be used even if your dead lol