Bitlocker hacked using TPM communications sniffing

Encrypting your hard drive is good security. If you’re running Windows, the most popular system is BitLocker. But how secure it it?
Bitlocker runs silently in the background, decrypting data on demand. In a simplified sense, encryption keys are stored in the Trusted Platform Module (TPM). Longer description: The data is encrypted using the Full Volume Encryption Key (FVEK). The FVEK is in turn encrypted with the Volume Master Key (VMK). The VMK is encrypted by multiple protectors.

BitLocker’s reliance on a TPM for security seems to its own downfall. It looks like in some computers the TPM key storage is a real security problem. Even though most TPM chips might be secure by itself, not all the communications with it is secure. It looks like that it takes a short time to hack TPM in certain computers with very cheap DIY tools.

How long does it take to steal your Bitlocker keys? Security researcher Thomas “Stacksmashing” Roth has released a tool which turns the $4 Raspberry Pi Pico into a gadget capable of capturing the keys for Microsoft BitLocker-encrypted volumes from selected laptops in under a minute — by sniffing traffic on the Low Pin Count (LPC) bus.

The problem is that the key can be sniffed as it passes on the LPC bus. Some laptops even have connectors and test points directly on the LPC. This sniffing can be done quite easily looking way with older Lenovo Thinkpad (X1 Carbon 1st or 2nd Generation). “simply by poking it with a $4 Raspberry Pi Pico. This allows me to access all BitLocker protected data on this system, and even lets me backdoor it.”

This video shows how to use a cheap hardware attack to bypass TPM-based Bitlocker encryption as used on most Microsoft Windows devices.

Breaking Bitlocker – Bypassing the Windows Disk Encryption

Here are the plans to build the needed hardware and the software for it: The board (in /hardware/) is compatible with the “Debug Card” connector found on some Lenovo laptops. The firmware currently only supports LPC, not SPI TPMs.

Pico TPMSniffer

To be fair, stealing the keys doesn’t give one the data on the drive, the attacker would have to take the drive itself or spend extra time transferring the data over USB.

More modern computers include the TPM inside the CPU itself, which makes hacking them harder. It seems that in embedded systems also it pays to use a CPU that has built TPM rather than soldering a separate TPM chip to the circuit board.

Articles that are used as information sources:


BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM
BitLocker’s reliance on a TPM for security is its own downfall in this specific exploit

Thomas Roth Breaks Microsoft’s BitLocker in Under a Minute — with a $4 Raspberry Pi Pico
Sniffing traffic on the Low Pin Count (LPC) bus, this open-hardware quick-connect dongle targets specific models of Lenovo laptops.



Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *