New Zealand security expert Denis Andzakovic has released a tool that steals the encryption keys for drives encrypted
with Microsoft's BitLocker encryption.
Users who use BitLocker with the default settings, and do not use pre-boot authentication are vulnerable to this attack.
Andzakovic, a Principal Security Consultant at New Zealand infosec firm Pulse Security says, "An attacker can perform
this attack with a $40 tool purchased from DigiKey and physical access to the device".
The issue was reported by Andzakovic to Microsoft's Security Response Centre (MSRC). MSRC is quoted with saying
"BitLocker documents that this attack is not in scope for the default configuration. BitLocker recommends that if
customers care about this level of attack, that they use Pre-boot authentication."
"Most users tend to stick with default configurations, which this attack applies to." says Andzakovic
Users concerned about this attack are advised to enable pre-boot authentication, such as a PIN code, USB key or smart
card.