Microsoft’s failure with default Windows device encryption

Microsoft supports automatic device encryption since Windows 8 for selected hardware. The odd thing: The recovery key is transmitted to Microsoft without a possibility to stop that transfer.


Advertising

Details about Microsoft's device encryption for Windows 8.1 may be found within this Microsoft article. Microsoft wrote:

Device encryption helps protect your Windows 8.1 PC by encrypting your data—or "scrambling" it —to help keep it secure. Only someone with the right encryption key (like a password) can unscramble and read it. Device encryption helps block hackers from getting the files they need to steal your password. If your PC itself is lost or stolen, device encryption also helps keep other people from accessing your data by physically installing your locked drive in a different PC. Even if your PC is encrypted, you can still sign in to Windows and use your files as you normally would.

Sounds good and reasonable. But then things get a bit messy, because Microsoft also wrote:

You need to sign in to your PC with a Microsoft account with administrator permissions to use device encryption.

If you're using a new PC with a fresh install of Windows RT 8.1, device encryption is turned on automatically when you sign in. Windows helps protect data on your PC and automatically uploads a recovery key to your Microsoft account online. This recovery key lets you sign in to your PC in case you're locked out.

Ups, if your device supports device encryption, your encryption key is automatically uploaded to a Microsoft account (means Microsoft server) without a possibility to prevent that. The site theintercept.com (also revealed the Snowden files) has published an article RECENTLY BOUGHT A WINDOWS COMPUTER? MICROSOFT PROBABLY HAS YOUR ENCRYPTION KEY that sheed a bit more light into that topic.

Cite: In short, there is no way to prevent a new Windows device from uploading your recovery key the first time you log in to your Microsoft account, even if you have a Pro or Enterprise edition of Windows. And this is worse than just Microsoft choosing an insecure default option. Windows Home users don't get the choice to not upload their recovery key at all. And while Windows Pro and Enterprise users do get the choice (because they can use BitLocker), they can't exercise that choice until after they've already uploaded their recovery key to Microsoft's servers.

Gold standard in disk encryption is, that only a user can unlock a disk – and the user has to decide whether the recovery key has to be printed or stored locally on a USB thumb drive (as Microsoft offers for Bitlocker encryption – or Apple does it for FileFault encryption). If a recovery key leaves the computer (as it is with Windows device encryption), you are out of control who is able to unlock your encrypted disk – that's the simple conclusion derived from that case. Further details and analysis may be obtained from the theintercept.com article.


Advertising

This entry was posted in Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).