With just a $4 device, the BitLocker data encryption tool can be cracked in less than a minute.
According to TechSpot, although BitLocker is integrated into Windows 11 Pro, Enterprise, and Education versions to enhance data security with the AES encryption algorithm, a recent study shows that this encryption tool can be easily cracked with just a cheap device.
Accordingly, in a YouTube video, security researcher Stacksmashing demonstrated how hackers can extract BitLocker encryption keys from Windows computers in just 43 seconds, using a Raspberry Pi Pico device. According to the researcher, targeted attacks can bypass BitLocker encryption by directly accessing the hardware and extracting the encryption key stored in the computer’s Trusted Platform Module (TPM) through the gateway.
The cause of this vulnerability is a design error found in devices with specialized TPMs, such as newer laptops and desktops. As the researcher explains, BitLocker sometimes uses an external TPM to store important key information, such as Platform Configuration Registers and Volume Master Keys. However, the communication lines (LPC ports) between the CPU and the external TPM are unencrypted at boot, allowing an attacker to monitor any information traffic between these two components and extract the encryption key.
To perform the demonstration attack, Stacksmashing used a 10-year-old BitLocker-encrypted laptop and then programmed a Raspberry Pi Pico to read the raw binary code from the TPM to get the Volume Master Key. Then, he used Dislocker with the newly obtained Volume Master Key to decrypt the drive.
This is not the first time BitLocker has been cracked. researcher Last year, cybersecurity Guillaume Quéré demonstrated how the BitLocker full-disk encryption system allows users to monitor any information between a separate TPM chip and the CPU via the SPI port. However, Microsoft claims breaking BitLocker encryption is a long and complicated process, requiring long-term access to the hardware.
The latest attack shows that BitLocker can be bypassed much more easily than previously thought, and raises important questions about current encryption methods. Whether Microsoft will fix this specific vulnerability in BitLocker remains unknown, but in the long run, cybersecurity researchers need to do a better job of identifying and patching potential security vulnerabilities before they occur. become a problem for users.
