Security researcher stacksmashing has successfully intercepted BitLocker encryption keys, utilizing a low-cost Raspberry Pi Pico, challenging the perceived robustness of Microsoft's encryption method. A video demonstration of the method, which undermines the Trusted Platform Module (TPM)-dependent security, reveals the attack execution time as merely 43 seconds.
The Attack Vector: Hijacking TPM Communications
Stacksmashing's approach capitalizes on the vulnerabilities of external TPM modules that interface with the central processing unit (CPU) over the Low Pin Count (LPC) bus, a communication pathway that is, notably, unencrypted at startup. These modules are intended to safeguard sensitive information, including Platform Configuration Registers and the Volume Master Key—both critical to BitLocker's encryption efficacy.
By tapping into the LPC bus during the system's boot-up sequence using a Raspberry Pi Pico attached to an LPC connector, which is present on some older motherboards, stacksmashing could capture the binary data transmitted to the TPM. The extracted information allowed reconstruction of the Volume Master Key necessary to decrypt the protected drive.
Mitigation and Microsoft's Response
While Microsoft acknowledges the potential for such attacks, it downplays the risk, citing the need for sophisticated tools and significant physical access time. Despite the brevity of the demonstrated attack, Microsoft recommends establishing a BitLocker PIN via Group Policy to enhance security.
The described technique targets systems with external TPMs, with many modern devices possessing fTPM—TPM functionality integrated directly within the CPU, which is not susceptible to the same attack method. The revelation of this vulnerability emphasizes the importance of additional security measures and challenges the reliability of existing protections in TPM-dependent encryption solutions.