Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission.
Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more
Security researchers have identified a potential vulnerability in Microsoft’s BitLocker Drive Encryption, a popular tool for protecting sensitive data on Windows devices.
The vulnerability, demonstrated by YouTuber stack smashing in a recent video, involves intercepting communication between the Trusted Platform Module (TPM) and the CPU during boot-up, potentially allowing attackers to steal encryption keys and decrypt stored data.
The exploit hinges on that some older devices with external TPM modules rely on an unencrypted communication channel (LPC bus) to exchange critical data with the CPU during boot.
Stack smashing was able to leverage this vulnerability by connecting a readily available Raspberry Pi Pico to an unused LPC connector on the motherboard, capturing the data stream, and extracting the Volume Master Key used for decryption. This process reportedly took less than a minute to complete.
It’s crucial to note that this attack has limitations. It primarily affects older devices with external TPM modules, while newer systems with fTPM (firmware TPM) where data resides within the CPU are not vulnerable. Additionally, physical access to the device and specific technical knowledge is required to execute the attack successfully.
Last month, another vulnerability in BitLocker was discovered, allowing attackers to bypass encryption through the Windows Recovery Environment (WinRE). Microsoft addressed this issue with security patch KB5034441, emphasizing the importance of updating systems.
