Broken BitWall: Don't Hurry, Evaluate Existing Safeguards
Broken BitWall: Don’t Hurry, Evaluate Existing Safeguards
Quick Links
Key Takeaways
- BitLocker’s encryption keys can be stolen with a Raspberry Pi Pico, but the exploit only works with external TPMs using the LPC bus.
- Most modern hardware integrates the TPM, making it more difficult to extract BitLocker keys. AMD and Intel CPUs are likely safe.
- Despite the exploit, BitLocker’s AES-128 or AES-256 encryption is still secure, so there’s no need to abandon it.
Microsoft’s BitLocker is one of the most popular full-disk encryption tools, and is built into Windows 10 and 11 Pro providing an easy encryption option for millions of Windows users worldwide. But BitLocker’s reputation as a leading encryption tool could be under threat after a YouTuber successfully stole encryption keys and decrypted private data in just 43 seconds—using a Raspberry Pi Pico costing $6.
How Was BitLocker’s Encryption Broken?
BitLocker’s encryption was broken by YouTuber Stacksmashing, who posted a video detailing how he intercepted BitLocker data, extracted decryption keys, and successfully exploited the BitLocker encryption process.
Stacksmashing’s exploit involves the external Trusted Platform Module (TPM)—the same TPM chip that stops Windows 11 upgrades—found on some laptops and computers. While many motherboards integrate the TPM chip and modern CPUs integrate the TPM into their design, other machines still use an external TPM.
Now, here’s the issue and the exploit discovered by Stacksmashing. External TPMs communicate with the CPU using what’s known as an LPC bus (Low Pin Count), which is a way for low-bandwidth devices to maintain communication with other hardware without creating a performance overhead.
However, Stacksmashing found that while the data on the TPM is secure, during the boot-up process, the communication channels (the LPC bus) between the TPM and CPU are completely unencrypted. With the right tools, an attacker can intercept data sent between the TPM and CPU containing insecure encryption keys.
Tools like the Raspberry Pi Pico, the minute $6 single-board computer that has a bunch of uses. In this case, Stacksmashing connected a Raspberry Pi Pico to unused connectors on a test laptop and managed to read the binary data as the machine booted. The resulting data contained the Volume Master Key stored on the TPM, which he could then use to decrypt other data.
- Title: Broken BitWall: Don't Hurry, Evaluate Existing Safeguards
- Author: David
- Created at : 2024-07-29 15:55:21
- Updated at : 2024-07-30 15:55:21
- Link: https://win11.techidaily.com/broken-bitwall-dont-hurry-evaluate-existing-safeguards/
- License: This work is licensed under CC BY-NC-SA 4.0.