Microsoft BitLocker Encryption Cracked

Started by Corrine, February 08, 2024, 03:01:41 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

From Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico:

QuoteIn a YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico. According to the researcher, targeted attacks can bypass BitLocker's encryption by directly accessing the hardware and extracting the encryption keys stored in the computer's Trusted Platform Module (TPM) via the LPC bus.

The attack was possible due to a design flaw found in devices with dedicated TPMs, like modern laptops and desktops. As explained by the researcher, BitLocker sometimes uses external TPMs to store key information, such as the Platform Configuration Registers and Volume Master Key. However, as it turns out, the communication lanes (LPC bus) between the CPU and external TPM remain unencrypted on boot-up, allowing threat actors to sniff any traffic between the two modules and extract the encryption keys.

Additional information in the referenced article.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.