News YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico

[Admin]

A YouTuber discovered that Windows Bitlocker can be hacked on systems featuring dedicated TPMs.

YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico : Read more

 

[Alvar "Miles" Udell]

Makes me think of this article for some reason...

https://www.tomshardware.com/news/where-to-buy-tpm-2.0-for-windows-11

 

[hotaru251]

what was MS's reason for requiring TPM for win11 again? kek

 

[USAFRet]

what was MS's reason for requiring TPM for win11 again? kek

Security. Which was not necessarily a bad idea.

Security is always a cat and mouse thing.
Just like the various versions of SSL/TLS.

Each side ups their game.

 

[digitalgriffin]

The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.

 

[Suurin_]

The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.

Is that really still an issue? My 5950X on a Dark Hero motherboard with latest BIOS/Firmware update has not exhibited any of these lag spikes since an update in late 2021. I remember hearing about that at the beginning of that year and waited to pick up my motherboard and CPU at that time. The issue was manifesting early on but was fixed later in the year and now I have no lag spikes on my hardware.

 

[Kamen Rider Blade]

Or maybe we don't use TPM and find a different way.

 

[garydgregory]

Wrong word at the end of the post: "regulated to" -> "relegated to".

 

[voyteck]

what was MS's reason for requiring TPM for win11 again? kek

Well, they required at least ix-8xxx CPUs, and...

The good news is that this flaw appears to be an issue regulated to discrete TPMs. If you have a CPU with a built-in TPM, like the ones in modern Intel and AMD CPUs, you should be safe from this security flaw since all TPM communication occurs within the CPU itself.

 

[dehjomz]

What if the attacker steals a hard disk or usb or nvme drive encrypted by bitlocker, and plugs it into the system with the compromised external TPM.

Can the attacker get the encryption key and the data?

 

[ingtar33]

The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.

maybe on zen 2 or earlier... and even then i think this issue was patched out during the pandemic. I am currently on a zen3 and never observed this issue.

 

[ZipleR]

So, it's really not a problem unless you have access to the TPM.
RMA'd or recycled drives would still be safe... just make sure you separate them from the machine that has the keys.

 

[Makaveli]

I use an external TPM module in my system so this would work.

However it requires physical access to my system!

 

[ezst036]

what was MS's reason for requiring TPM for win11 again? kek

Sell more licenses.

Their stated reasoning, was security. But reason != reasoning.

 

[ukperson]

Wit

I use an external TPM module in my system so this would work.

However it requires physical access to my system!

Witch is what bitlocker is supposed to protect from (if stolen)

Unfortunately enabling tpm + pin/key isn't fully straight forward

Bitlocker can use pre boot bitlocker if you change it to allow it (password on boot) witch this does protect you if pc/laptop is stolen (but no protection from hardware tampering)

if your using dedicated tpm (dTpm) if it's stolen you can get the bitlocker key because it isn't encrypted between the dedicated tpm chip and cpu (if you enable TPM pin or/and security key this removes the issue as the tpm won't unlock to send the bitlocker key until pin or/and security key is inserted)

if your using a cpu tpm (fTpm) you "should" still be protected even if the device is stolen (but still recommend pin/secure key to be enabled)

Microsoft is already aware of this type of attack

https://learn.microsoft.com/en-us/w...ity/data-protection/bitlocker/countermeasures

https://www.dell.com/support/kbdoc/en-uk/000142382/how-to-use-bitlocker-with-pin (other systems will be similar turning off fast boot or minimum > Thorough in the bios)

Recommend turning off fast boot in windows (under classic power options) as well

 

[palladin9479]

Yeah bitlocker is pretty bad as far as full disk encryption schemes work, the only reason it exists is so that IT departments can have backdoor access to decrypt disks when executives accidentally forget the decrypt pin code or end up damaging the device.

Veracrypt is a far superior full disk encryption scheme, the downside (or upside depending on your viewpoint) is that there is no backdoor for the IT department to use to recover your data. You lose the passphrase and that device's data is unrecoverable. There is zero reliance on some sort of magical blackbox to store encryption keys. Instead the Media Encryption Key is ridiculously long, encrypted and stored on the disk itself. The passphrase gets turned into a Key Encryption Key and is used to decrypt the MEK. You lose that KEK and your MEK is effectively unrecoverable. The single method is that when you first do the disk encryption, you have the option to make a "recovery" USB that stores the MEK encrypted on it. You still need the passphrase to decrypt that MEK so useless if you lost that passphrase too.

 

[TJ Hooker]

What if the attacker steals a hard disk or usb or nvme drive encrypted by bitlocker, and plugs it into the system with the compromised external TPM.

Can the attacker get the encryption key and the data?

The disk encryption key is stored on the TPM with which Bitlocker was originally enabled. So no, connecting the drive to a different system with a different TPM wouldn't get them anything.

Or maybe I'm misunderstanding your question.

 

[TJ Hooker]

TPM does have a feature, referred to as parameter encryption, that would encrypt the traffic sent over the LPC/SPI bus. But it sounds like it's up to whatever application is using the TPM to enable and use that feature, which is evidently not the case with Bitlocker.

 

[Makaveli]

Wit

Witch is what bitlocker is supposed to protect from (if stolen)

Unfortunately enabling tpm + pin/key isn't fully straight forward

Bitlocker can use pre boot bitlocker if you change it to allow it (password on boot) witch this does protect you if pc/laptop is stolen (but no protection from hardware tampering)

if your using dedicated tpm (dTpm) if it's stolen you can get the bitlocker key because it isn't encrypted between the dedicated tpm chip and cpu (if you enable TPM pin or/and security key this removes the issue as the tpm won't unlock to send the bitlocker key until pin or/and security key is inserted)

if your using a cpu tpm (fTpm) you "should" still be protected even if the device is stolen (but still recommend pin/secure key to be enabled)

Microsoft is already aware of this type of attack

https://learn.microsoft.com/en-us/w...ity/data-protection/bitlocker/countermeasures

https://www.dell.com/support/kbdoc/en-uk/000142382/how-to-use-bitlocker-with-pin (other systems will be similar turning off fast boot or minimum > Thorough in the bios)

Recommend turning off fast boot in windows (under classic power options) as well

Good write up.

And yes they would need to steal my desktop computer i'm not using a laptop.

 

[Kamen Rider Blade]

Yeah bitlocker is pretty bad as far as full disk encryption schemes work, the only reason it exists is so that IT departments can have backdoor access to decrypt disks when executives accidentally forget the decrypt pin code or end up damaging the device.

Another reason to never use it, if the IT department can easily break it, then it's worthless as security.

Veracrypt is a far superior full disk encryption scheme, the downside (or upside depending on your viewpoint) is that there is no backdoor for the IT department to use to recover your data.

IMO, it's only a Upside!

You lose the passphrase and that device's data is unrecoverable. There is zero reliance on some sort of magical blackbox to store encryption keys. Instead the Media Encryption Key is ridiculously long, encrypted and stored on the disk itself. The passphrase gets turned into a Key Encryption Key and is used to decrypt the MEK. You lose that KEK and your MEK is effectively unrecoverable. The single method is that when you first do the disk encryption, you have the option to make a "recovery" USB that stores the MEK encrypted on it. You still need the passphrase to decrypt that MEK so useless if you lost that passphrase too.

Exactly

 

[digitalgriffin]

maybe on zen 2 or earlier... and even then i think this issue was patched out during the pandemic. I am currently on a zen3 and never observed this issue.

Yep. 3900X still experiences issues.

 

[HaninTH]

Veracrypt is a far superior full disk encryption scheme, the downside (or upside depending on your viewpoint) is that there is no backdoor for the IT department to use to recover your data.

That we know of! VeraCrypt is a variant of TrueCrypt, which was abandoned in a very odd way. The FUD and subterfuge that ensued shortly after never made me fully confident that the 3 Letter Organizations hadn't somehow strong armed the devs into making the product useless.

I use a combination of products to secure my data under the auspices that at least one of them "should" be actually secure. The rest is up to physical security.

 

[palladin9479]

That we know of! VeraCrypt is a variant of TrueCrypt, which was abandoned in a very odd way. The FUD and subterfuge that ensued shortly after never made me fully confident that the 3 Letter Organizations hadn't somehow strong armed the devs into making the product useless.

I use a combination of products to secure my data under the auspices that at least one of them "should" be actually secure. The rest is up to physical security.

Veracrypt is opensource, you are free to go peruse through it at your leisure.

And just in case you didn't know where to find it.

https://github.com/veracrypt/VeraCrypt

 

[HaninTH]

Veracrypt is opensource

I am not a software developer and wouldn't know what I am looking at nor do I care to learn it. Have you any reputable 3rd parties that have actually reviewed the entire code and kept up with all changes up until now?

From what I know of even basic software, things can easily get lost in the code when you're not even trying to hide anything.

Unfounded paranoia?

 

[j_123]

So this is a flaw in TPM, not really in BitLocker, specifically ... right?