Security researcher Stacksmashing managed to crack Microsoft’s Bitlocker encryption in 43 seconds. To do so, he used a Raspberry Pi Pico mini-PC, which costs only $4.
Stacksmashing recently embarrassed Microsoft by cracking its Bitlocker encryption within a minute. Bitlocker encryption is supposed to protect data on Windows devices. This is especially useful for users who want their data to remain safe and out of the hands of malicious parties. Bitlocker is a standard feature available in Windows 11 Pro Enterprise and Education.
Eavesdropping on traffic external TPM
Yet it turns out that this encryption is easy and, more importantly, cheap to crack. According to the ethical hacker, malicious parties can bypass the Bitlocker encryption by directly accessing the hardware and filtering out the encryption keys from the TPM via the LPC bus.
The action is possible due to a design flaw in devices with dedicated TPMs, such as modern laptops and desktops. Bitlocker sometimes uses external TPMs to store the key information, such as Platform Configuration Registers and Volume Master Key.
It now appears that the communication channels, the LPC bus, between the CPU and the external TPM remain unencrypted at boot-up. This allows malicious actors to intercept the entire traffic between the two modules and fish out the encryption keys from them. This whole process took only 43 seconds.
Stacksmashing’s test
Stacksmashing used a 10-year-old PC with Bitlocker encryption on board for his test. He programmed the Raspberry Pi Pico to read the binary codes of the laptop’s TPM to access the Volume Master Key. He then used Dislocker software with the recently obtained Volume Master Key to decrypt the drive.
This is not the first time it has been known that Bitlocker can be cracked relatively easily. Last year, it was shown how hackers could abuse the encryption system to eavesdrop on all traffic between the discrete TPM chip and the CPU via the SPI bus.
Microsoft has not yet responded to this recent successful attempt to crack Bitlocker. Earlier, the tech giant indicated that the cracking process would take a lot of time, but at 43 seconds, that now appears untrue.
Also read: Microsoft patches BitLocker workaround for Windows 10 systems
2 days ago
