Advertisement

Microsoft's Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi and a bit of braininess

 Bitlocker exploit.
Bitlocker exploit.

The point of Microsoft's Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bitlocker, it shouldn't matter if you lose your laptop or somebody pinches your SSD. Your data still can't be accessed.

Except it can and all that's needed is a $10 Raspberry Pi and a little (OK, a lot of) ingenuity, according to YouTube channel Stacksmashing(via Hardwareluxx). How so? Well, it involves the TPM or Trusted Platform Module chip.

The TPM is a secure crypto-processor designed to carry out cryptographic operations and installed in many Windows PCs. Microsoft says Bitlocker works best when used in combination with a TPM chip. Which is ironic, because Stacksmashing's hack is only possible thanks to the TPM chip.

Long story short, Stacksmashing physically intercepts signals from the TPM chip and isolates the master encryption key. It's then relatively straightforward to pull the SSD, plug it into a Linux machine and use open source tool to fully decrypt the drive.

To make the process of physically connecting to the laptop's TPM chip simpler, Stacksmashing cooked up a bespoke Raspberry Pi Pico PCB to which spring loaded contact pins were attached in an arrangement to perfectly align with the contact pads for the TPM in the Lenovo laptop that was subject to the attack. Apparently, the total cost of the parts were less than $10.

Your next upgrade

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards
Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards

Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.

In the video, it all looks incredibly simple. Just pull the back cover of the laptop off, uncover the TPM contact points, physically apply the modded Pi's pins, boot the machine and—boom!—within a few seconds you have your enrcyption keys, allowing the SSD to be fully decrypted.

You can dive into the comments below the video for a discussion of the merits of the TPM module in this context, what Microsoft perhaps should or shouldn't have done to prevent all this, whether this applies to all versions of TPM and other measures you can take to ensure your drive is secure (or largely secure) even in the event of an attack like this.

Moreover, this doesn't necessarily make Bitlocker and TPM totally pointless. And given enough effort, most security measures are vulnerable. But if you thought your data was secure courtesy of those technologies to all but the most well-resourced attacks in the event you lost your laptop, well, you might want to think again.