In 43 seconds, you can find out everything that the user is hiding.
Hacking BitLocker protection in 43 seconds using hardware costing less than $10 has become possible, which calls into question the reliability of one of the most popular methods of encrypting hard drives in Windows.
Since its introduction in Windows Vista, BitLocker has enjoyed widespread popularity, offering users an effective data protection tool. However, it has long been known that with direct access to the hardware, BitLocker can be bypassed. Microsoft claims that successful hacking requires significant skills and long-term access to hardware, but experiments show otherwise.
Key interception via the bus
A researcher under the pseudonym Stacksmashing decided to test how long access should be, and the results of his experiment are amazing. It turns out that only 43 seconds and a simple set of hardware is enough to steal BitLocker keys. The problem is storing the encryption keys. Simply put, keys are stored in the Trusted Platform Module (TPM) and transmitted via the LPC bus (Low Pin Count) when the computer boots. It is at this stage that keys can be intercepted.
Stacksmashing demonstrated the vulnerability using an old Lenovo Thinkpad laptop (X1 Carbon first or second generation), where the motherboard has an unused connector that facilitates access to the LPC bus. To intercept the keys, a Raspberry Pi Pico was used, installed on a specially designed board with Pogo Pins spring contacts, which made it easy to connect to the necessary points. Stacksmashing also published the code of the attack software on GitHub.
Video demonstration of BitLocker hacking
It is worth noting that even after stealing the keys, an attacker will still have to make an effort to get data from the disk, for example, by copying it via USB. However, the experiment shows that older laptop models, such as the X1 Carbon, are at risk, despite the presence of USB 3.0.
However, modern computers have additional protection, including integration of TPM directly into the processor, which complicates the process of key interception. However, the development of technologies constantly poses new challenges for developers of security systems, and future experiments may show new vulnerabilities even in the most modern devices.
Hacking BitLocker protection in 43 seconds using hardware costing less than $10 has become possible, which calls into question the reliability of one of the most popular methods of encrypting hard drives in Windows.
Since its introduction in Windows Vista, BitLocker has enjoyed widespread popularity, offering users an effective data protection tool. However, it has long been known that with direct access to the hardware, BitLocker can be bypassed. Microsoft claims that successful hacking requires significant skills and long-term access to hardware, but experiments show otherwise.
Key interception via the bus
A researcher under the pseudonym Stacksmashing decided to test how long access should be, and the results of his experiment are amazing. It turns out that only 43 seconds and a simple set of hardware is enough to steal BitLocker keys. The problem is storing the encryption keys. Simply put, keys are stored in the Trusted Platform Module (TPM) and transmitted via the LPC bus (Low Pin Count) when the computer boots. It is at this stage that keys can be intercepted.
Stacksmashing demonstrated the vulnerability using an old Lenovo Thinkpad laptop (X1 Carbon first or second generation), where the motherboard has an unused connector that facilitates access to the LPC bus. To intercept the keys, a Raspberry Pi Pico was used, installed on a specially designed board with Pogo Pins spring contacts, which made it easy to connect to the necessary points. Stacksmashing also published the code of the attack software on GitHub.
It is worth noting that even after stealing the keys, an attacker will still have to make an effort to get data from the disk, for example, by copying it via USB. However, the experiment shows that older laptop models, such as the X1 Carbon, are at risk, despite the presence of USB 3.0.
However, modern computers have additional protection, including integration of TPM directly into the processor, which complicates the process of key interception. However, the development of technologies constantly poses new challenges for developers of security systems, and future experiments may show new vulnerabilities even in the most modern devices.
