Researchers Use Raspberry Pi Pico to Crack BitLocker Under a Minute

BitLocker is a computer program provided by Microsoft that users can use to encrypt their entire volumes, preventing unauthorized access in case of device theft.

Many organizations have been using this security feature to prevent data theft, stolen devices leading to intellectual property theft, and many other threats.

However, researchers have found a novel technique that costs less than $10, which defeats this BitLocker encryption feature. To do this, researchers used a Raspberry Pi Pico device that took less than a minute to provide access to the encrypted volumes of the device.

Document
Protect Your Network From Data Breach

Perimeter’s 81 Malware Protection for Network Based Threats

Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser. .

Raspberry Pi Pico to Crack BitLocker

According to the researcher, a Lenovo laptop was used for demonstration alongside a Trusted Platform Module separated from the CPU. This is not a common scenario in real life.

However, once the BitLocker encrypted the device’s physical access was gained, breaking the encryption was relatively simple. The method involved sniffing out the BitLocker key from the TPM since the key is passed from the TPM to the CPU during operation. 

In addition, the key passed from the TPM module is not encrypted, making it extremely simple to gain access to the encrypted volume. Microsoft already knew and had claimed that these kinds of attacks were possible and were carried out in several scenarios. 

Microsoft’s BitLocker documentation states, “[BitLocker] Targeted attack with plenty of time; the attacker opens the case, solders, and uses sophisticated hardware or software.” To mitigate attacks, Microsoft suggests

  • Preboot authentication set to TPM with a PIN protector
  • Disable Standby power management and shut down or hibernate the device before it leaves the control of an authorized user.

Furthermore, a video demonstrating the methodology has been published, showcasing Raspberry Pi Pico’s capabilities and the vulnerability of BitLocker encryption.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…

4 hours ago

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…

4 hours ago

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information…

4 hours ago

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the start…

4 hours ago

Hackers Deploy Weaponized LNK Files for Malicious Payload Delivery

Researchers reported a phishing attack on December 4th, 2024, where malicious emails purportedly from the…

4 hours ago

APT-C-60 Hackers Penetrate Org’s Network Using a Weapanized Google Drive link

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed an advanced cyber attack…

6 hours ago