I’ve been running Windows 7 with BitLocker for a couple months and am quite pleased with it. BitLocker encrypts the hard drive so that if my laptop is lost or stolen, it should not be possible to access the data on the drive even if you remove the drive and attach it as a second drive to another system.
Recently though I read about a password “bypass” program called Kon-Boot that dynamically replaces the Windows kernel during bootup and allows logging in with any password. I wondered if BitLocker was vulnerable to this kind of program. If a thief could simply log on to my BitLocker-protected system, the encryption would be useless.
So I decided to give it a try.
Caveat: I have no idea if Kon-Boot can harm a computer and/or upload data. Even with a full backup, there is a risk that it might corrupt the BIOS or otherwise make the computer unusable. Use at your own risk.
BitLocker Kicks Kon-Boot
So I booted Windows 7 with the Kon-Boot disk in the CD drive. BitLocker promptly reported that “the system boot information has changed”:
When I pressed Enter to continue, BitLocker prompted me for my password (Label and ID blacked out):
I didn’t want to actually change the BIOS, so I didn’t provide the password. I got this screen:
After rebooting without the Kon-Boot CD, I got this heart-stopping message:
Had Kon-Boot in fact damaged my system? Fortunately after another reboot, Windows 7 came up fine.