BitLocker’s Encryption Security Compromised in Just 43 Seconds
BitLocker’s encryption, one of the most widely used encryption methods for Windows hard drives, has come under scrutiny after a successful hacking attempt using equipment worth less than $10, raising concerns about its reliability.
Since its introduction with Windows Vista, BitLocker has been a popular tool for data protection. However, it was already known that BitLocker could be bypassed with direct access to the hardware. Microsoft has previously claimed that hacking requires advanced skills and prolonged access to equipment, but recent experiments have shown otherwise.
Researcher Stacksmashing conducted an experiment to determine the length of access required, and the results were astonishing. It was discovered that it takes only 43 seconds and a simple set of equipment to steal BitLocker keys. The vulnerability lies in the way encryption keys are stored. The keys are stored in the Trusted Platform Module (TPM) and transmitted through the Low Pin Count (LPC) bus during computer boot-up, creating an interception point.
Stacksmashing demonstrated the vulnerability using an old Lenovo ThinkPad laptop (X1 Carbon of the first or second generation) that had an unused connector on the motherboard, providing easy access to the LPC bus. To intercept the keys, a Raspberry Pi Pico was used, connected to the necessary points using a specially designed fee with Pogo PINS spring contacts. Stacksmashing has also published the attack code on Github.
It is important to note that even after stealing the keys, the attacker still needs to make efforts to retrieve the data from the disk, such as copying them through USB. Nonetheless,