Categories: Cyber Security NewsMicrosoft

Researchers Use Raspberry Pi Pico to Crack BitLocker Under a Minute

BitLocker is a computer program provided by Microsoft that users can use to encrypt their entire volumes, preventing unauthorized access in case of device theft.

Many organizations have been using this security feature to prevent data theft, stolen devices leading to intellectual property theft, and many other threats.

However, researchers have found a novel technique that costs less than $10, which defeats this BitLocker encryption feature. To do this, researchers used a Raspberry Pi Pico device that took less than a minute to provide access to the encrypted volumes of the device.

Document
Protect Your Network From Data Breach

Perimeter’s 81 Malware Protection for Network Based Threats

Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser. .

Raspberry Pi Pico to Crack BitLocker

According to the researcher, a Lenovo laptop was used for demonstration alongside a Trusted Platform Module separated from the CPU. This is not a common scenario in real life.

However, once the BitLocker encrypted the device’s physical access was gained, breaking the encryption was relatively simple. The method involved sniffing out the BitLocker key from the TPM since the key is passed from the TPM to the CPU during operation. 

In addition, the key passed from the TPM module is not encrypted, making it extremely simple to gain access to the encrypted volume. Microsoft already knew and had claimed that these kinds of attacks were possible and were carried out in several scenarios. 

Microsoft’s BitLocker documentation states, “[BitLocker] Targeted attack with plenty of time; the attacker opens the case, solders, and uses sophisticated hardware or software.” To mitigate attacks, Microsoft suggests

  • Preboot authentication set to TPM with a PIN protector
  • Disable Standby power management and shut down or hibernate the device before it leaves the control of an authorized user.

Furthermore, a video demonstrating the methodology has been published, showcasing Raspberry Pi Pico’s capabilities and the vulnerability of BitLocker encryption.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Leave a Comment
Share
Published by
Eswar
Tags: computer securityCrack BitLockerCyber Security NewsVulnerability
1 year ago

Recent Posts

Google Launches Shielded Email to Keep Your Address Hidden from Apps

Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and…

5 hours ago

Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware

Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell…

6 hours ago

JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks

Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in…

6 hours ago

New Poco RAT Via Weaponized PDF Attacking Users to Capture Sensitive Data

A new variant of malware, dubbed "Poco RAT," has emerged as a potent espionage tool…

7 hours ago

U.S. Suspends Cyberattacks Against Russia

The United States has suspended offensive cyber operations against Russia under an order issued by…

7 hours ago

Hackers Abused Google and PayPal’s Infrastructure to Steal Users Personal Data

Cybersecurity researchers have uncovered a sophisticated phishing campaign leveraging Google Ads and PayPal’s infrastructure to…

7 hours ago