Business

Microsoft’s Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi and a bit of braininess-

The point of Microsoft’s Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bitlocker, it shouldn’t matter if you lose your laptop or somebody pinches your SSD. Your data still can’t be accessed.

Except it can and all that’s needed is a $10 Raspberry Pi and a little (OK, a lot of) ingenuity, according to YouTube channel Stacksmashing(via Hardwareluxx). How so? Well, it involves the TPM or Trusted Platform Module chip.

The TPM is a secure crypto-processor designed to carry out cryptographic operations and installed in many Windows PCs. Microsoft says Bitlocker works best when used in combination with a TPM chip. Which is ironic, because Stacksmashing’s hack is only possible thanks to the TPM chip.

Long story short, Stacksmashing physically intercepts signals from the TPM chip and isolates the master encryption key. It’s then relatively straightforward to pull the SSD, plug it into a Linux machine and use open source tool to fully decrypt the drive.

To make the process of physically connecting to the laptop’s TPM chip simpler, Stacksmashing cooked up a bespoke Raspberry Pi Pico PCB to which spring loaded contact pins were attached in an arrangement to perfectly align with the contact pads for the TPM in the Lenovo laptop that was subject to the attack. Apparently, the total cost of the parts were less than $10.

In the video, it all looks incredibly simple. Just pull the back cover of the laptop off, uncover the TPM contact points, physically apply the modded Pi’s pins, boot the machine and—boom!—within a few seconds you have your enrcyption keys, allowing the SSD to be fully decrypted.

You can dive into the comments below the video for a discussion of the merits of the TPM module in this context, what Microsoft perhaps should or shouldn’t have done to prevent all this, whether this applies to all versions of TPM and other measures you can take to ensure your drive is secure (or largely secure) even in the event of an attack like this.

Moreover, this doesn’t necessarily make Bitlocker and TPM totally pointless. And given enough effort, most security measures are vulnerable. But if you thought your data was secure courtesy of those technologies to all but the most well-resourced attacks in the event you lost your laptop, well, you might want to think again.

Related Posts

Nifty to continue its winning streak or fall in trade- See GIFT Nifty, FII data, F&O ban, crude, more before market opens

GIFT Nifty traded up 19 points, or 0.10%, at 19,849, indicating a positive opening for domestic indices NSE Nifty 50 and BSE Sensex on Thursday. Previously on Wednesday,…

Markets close at record high! Nifty at 23,399, Sensex up 204 points; Nifty Midcap 100 outperforms 

Indian equity Indices closed on a higher note on Thursday after hitting new highs. The NSE Nifty 50 hit a new all-time high of 23,481.05. The index later…

Aadhar Housing Finance gets Sebi nod for Rs 5,000-cr IPO

The Securities and Exchange Board of India (Sebi) has given its approval for the Rs 5,000-crore initial public offering (IPO) of Aadhar Housing Finance. The proposed IPO will combine…

Rupee rises 4 paise against US dollar in early trade

The rupee stayed on the upward track for the third day in a row, appreciating by 4 paise to 83.14 against the US dollar in early trade on…

The Elder Scrolls V- Skyrim Is Getting A Board Game

The Elder Scrolls V: Skyrim is on just about everything now. Well, almost everything. Modiphius Entertainment sees one more platform it can be on: cardboard. The Elder Scrolls…

The Beloved TMNT- The Last Ronin Graphic Novel Getting A New Covers Collection

The Last Ronin has proven to be one of the most popular Teenage Mutant Ninja Turtles stories of all time, and in case you’re looking for some extra…