BitLocker is a computer program provided by Microsoft that users can use to encrypt their entire volumes, preventing unauthorized access in case of device theft.
Many organizations have been using this security feature to prevent data theft, stolen devices leading to intellectual property theft, and many other threats.
However, researchers have found a novel technique that costs less than $10, which defeats this BitLocker encryption feature. To do this, researchers used a Raspberry Pi Pico device that took less than a minute to provide access to the encrypted volumes of the device.
Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser..
Raspberry Pi Pico to Crack BitLocker
According to the researcher, a Lenovo laptop was used for demonstration alongside a Trusted Platform Module separated from the CPU. This is not a common scenario in real life.
However, once the BitLocker encrypted the device’s physical access was gained, breaking the encryption was relatively simple. The method involved sniffing out the BitLocker key from the TPM since the key is passed from the TPM to the CPU during operation.
In addition, the key passed from the TPM module is not encrypted, making it extremely simple to gain access to the encrypted volume. Microsoft already knew and had claimed that these kinds of attacks were possible and were carried out in several scenarios.
Microsoft’s BitLocker documentation states, “[BitLocker] Targeted attack with plenty of time; the attacker opens the case, solders, and uses sophisticated hardware or software.” To mitigate attacks, Microsoft suggests
- Preboot authentication set to TPM with a PIN protector
- Disable Standby power management and shut down or hibernate the device before it leaves the control of an authorized user.
Furthermore, a video demonstrating the methodology has been published, showcasing Raspberry Pi Pico’s capabilities and the vulnerability of BitLocker encryption.