Business

Microsoft’s Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi and a bit of braininess-

The point of Microsoft’s Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bitlocker, it shouldn’t matter if you lose your laptop or somebody pinches your SSD. Your data still can’t be accessed.

Except it can and all that’s needed is a $10 Raspberry Pi and a little (OK, a lot of) ingenuity, according to YouTube channel Stacksmashing(via Hardwareluxx). How so? Well, it involves the TPM or Trusted Platform Module chip.

The TPM is a secure crypto-processor designed to carry out cryptographic operations and installed in many Windows PCs. Microsoft says Bitlocker works best when used in combination with a TPM chip. Which is ironic, because Stacksmashing’s hack is only possible thanks to the TPM chip.

Long story short, Stacksmashing physically intercepts signals from the TPM chip and isolates the master encryption key. It’s then relatively straightforward to pull the SSD, plug it into a Linux machine and use open source tool to fully decrypt the drive.

To make the process of physically connecting to the laptop’s TPM chip simpler, Stacksmashing cooked up a bespoke Raspberry Pi Pico PCB to which spring loaded contact pins were attached in an arrangement to perfectly align with the contact pads for the TPM in the Lenovo laptop that was subject to the attack. Apparently, the total cost of the parts were less than $10.

In the video, it all looks incredibly simple. Just pull the back cover of the laptop off, uncover the TPM contact points, physically apply the modded Pi’s pins, boot the machine and—boom!—within a few seconds you have your enrcyption keys, allowing the SSD to be fully decrypted.

You can dive into the comments below the video for a discussion of the merits of the TPM module in this context, what Microsoft perhaps should or shouldn’t have done to prevent all this, whether this applies to all versions of TPM and other measures you can take to ensure your drive is secure (or largely secure) even in the event of an attack like this.

Moreover, this doesn’t necessarily make Bitlocker and TPM totally pointless. And given enough effort, most security measures are vulnerable. But if you thought your data was secure courtesy of those technologies to all but the most well-resourced attacks in the event you lost your laptop, well, you might want to think again.

Related Posts

Sony quietly stops shipping PlayStation TV in Japan

Reports are circulating today that Sony is quietly halting sales of the PlayStation TV, at least in Japan, as the microconsole's official Japanese product page lists it as…

New Deadpool And Wolverine Trailer Is Maybe The Best One Yet

The final trailer for Deadpool & Wolverine has arrived, and it’s possibly the best one yet. This trailer is a little more serious and somber, setting up the…

A Surprise Plague Inc. Sequel Is Out Now, Centers On Healing The World After Apocalypse

Plague Inc. developer Ndemic just dropped a surprise sequel to the smash hit Plague Inc. Instead of a pessimistic pandemic simulator, the sequel is a sunny strategy game…

Lord Of The Rings Star Has A Blunt Response When Asked If He Would Come Back For New Movies

Actor Hugo Weaving played Elrond in Peter Jackson’s The Lord of the Rings and The Hobbit film trilogies, but could he come back for the next set of…

Across The Spider-Verse Has Third Best Start At Box Office In Spider-Man History

Spider-Man: Across the Spider-Verse is doing big business at the box office. It earned $120.5 million in the US over its opening weekend to become the biggest blockbuster…

Amazon Brings On Disney Veteran To Work On The Lord Of The Rings TV Show

Amazon Studios has announced a new hire who will help lead the charge for the marketing and promotion of the network’s big-budget Lord of the Rings TV show…