Products & Releases

Disk Encryption Driver Hole Exposes Encryption Key

Global IP Telecommunications publishes research describing a new attack on disk encryption software
Bradford, Munich, Schffengrund, 12.01.2009, 2009 - Security Hole in Driver Communication of Disk Encryption Software enables interception of encryption key during mount of an encrypted volume

Global IP Telecommunications, a leading manufacturer of Voice-over-IP (VoIP) software telephones, PMC Ciphers, a leading specialist for ultimate ciphers, and CyProtect AG, a leading internet security specialist, have announced today that they've published research describing a new attack on disk encryption software that reveals the entire key when an encrypted volume is being mounted. The attack was named "Mount IOCTL Attack" by the author.

In order to mount a virtual encrypted disk, the user interface application of a disk encryption software passes volume file path information, the selected encryption algorithm as well as the highly secret password, in the clear to a software driver through the DeviceIoControl() function, which is the only function for this purpose in an operating system. A tampered version of the DeviceIoControl() function would easily allow an attacker to get hold of the key used to mount the encrypted volume by a simple comparison for equality of a 32 bit number - the IO Control Code of the mount request.

In the paper, "Attack on mount control code of commercial on-the-fly disk encryption software and efficient countermeasure", the companies used the publically available source code of a popular disk encryption software for their peer review. A hypothetically tampered version of the DeviceIOControl() function could easily wait for a specific IO Control Code (e.g. 466944d = 00072000h) and each time this IOCTL is passed to the function, log the entire set of parameters that is passed along with the function call. These parameters include the entire key required to access the encrypted volume to be mounted IN PLAINTEXT.

The companies further disclosed that an SSL-like Diffie-Hellman key exchange between encryption driver and user interface application of a disk encryption software enable for henceforth encrypted communication with the encryption driver, resulting in complete immunity from Mount IOCTL Attack.

This countermeasure is already built into the new version of the disk encryption software "TurboCrypt". Existing users of earlier "TurboCrypt" or "Global Safe Disk" versions are advised to migrate to the new "TurboCrypt" as soon as possible. The new software is already available online for Windows XP, Vista 32 and Vista 64 operating systems at the following URL: or

The paper, "Attack on mount control code of commercial on-the-fly disk encryption software and efficient countermeasure" is accessible through the following URL:

"ber Global IP Telecommunications Ltd.

Global IP Telecommunications has become well known since 2004 as Prefered Development Partner of Counterpath Solutions Inc. (formerly Xten). Global IP Telecommunications is now a leading manufacturer of softphone applications for Voice-over-IP. GlobalIPTel products are being sold worldwide through leading PC-, USB- and headset manufacturers, internet service providers, telcos as well as international sales partners (

About PMC Ciphers, Inc. PMC Ciphers is a marketing company for the Polymorphic Cipher invented by co-founder C.B. Roellgen in 1999. The company develops and markets ultra-secure ciphers based on the unique technology of the Polymorphic Cipher. All ciphers of the company are created in Germany (

About CyProtect AG: CyProtect AG was founded in the year 2000 and is focused on security, respective internet security. We are protecting data and applications against external attacks and are offering encryption for sensitive information saved on storage systems and during network and transfer connections. Furthermore we secure important data against unauthorized access with powerful hardware and software solutions (

Recommended Reading: