Bad news for BitLocker users: its encryption is remarkably easy to crack
If you have a Windows 10 Pro or Windows 11 Pro device with a dedicated external Trusted Platform Module (TPM), all your encrypted data can be easily decrypted and read – all it takes is a little brainpower, a Raspberry Pi $10 Pico and physical access to the target endpoint.
A YouTuber with the alias stacksmashing has demonstrated what they call a “colossal security flaw” that allowed him to bypass Windows Bitlocker in less than a minute and gain access to the encryption keys, all using the off-the-shelf cheap device.
You can read more about the technical details of the flaw and its exploit here, but the short story is that the communication lines between the CPU and the external TPM are completely unencrypted at startup. So if an attacker had an unoccupied connector on the motherboard that could read LPC bus data, he could plug the Pico into it and have the device read the raw ones and zeros from the TPM. That would give them access to the Volume Master Key stored on the module.
Great supervision
During their demonstration, stacksmashing used a decade-old laptop with Bitlocker encryption, but explained that the same method works on newer motherboards with an external TPM.
The devices with a TPM built into the CPU should be safe (including most Intel and AMD CPUs currently on sale). The video shows the YouTuber first removing the back of a laptop with a screwdriver before touching the connectors with his Pico device. At the same time, a stopwatch on a smartphone showed that the entire process took less than a minute.
While some viewers praised Stacksmashing’s findings, saying the tool could be very useful for people who lost their encryption keys, others suggested the error was a “big mistake.”
Through The register