A hobbyist has successfully extracted the Bitlocker decryption key of a notebook by using a Raspberry Pi Pico, which is available for less than 10 euros in this country. This allowed him to access the encrypted contents of an SSD protected with Bitlocker. The trick was to intercept the communication between the TPM chip soldered onto the notebook’s motherboard and the CPU.
Bitlocker is a software for encrypting data drives, which comes pre-installed on modern Windows systems such as Windows 10, 11, as well as Windows Server 2016, 2019, and 2022. Microsoft claims in the Bitlocker documentation that the application, when used with a Trusted Platform Module (TPM), provides “maximum protection”.
The validity of this statement was tested in a video released on Saturday on the YouTube channel Stacksmashing. At least on systems with external TPM chips, the protection seems to be bypassed within a very short time using an inexpensive single-board computer.
A TPM is designed, among other things, to securely store cryptographic keys like the one from Bitlocker and to transfer them to the CPU when needed, allowing the user to access their encrypted data. The key transfer occurs via an LPC bus (Low Pin Count).
The YouTuber identified the contacts of the TPM chip on the motherboard of his notebook, through which he could intercept the data transfer with a Raspberry Pi Pico. It took only 43 seconds to read the Bitlocker key, including the time to open the notebook case.
Subsequently, he was able to access the data on the Bitlocker-protected SSD using a Linux system – both reading and writing – using the key.
It is important to note that this attack is only possible with external TPM chips. Modern CPUs, both from Intel and AMD, typically have integrated TPMs, which means that the key transfer occurs within the CPU and cannot be easily intercepted via contacts on the motherboard.
Security researchers had already pointed out the possibility of such attacks on systems with external TPM chips in the summer of 2021. This is due to the unencrypted transmission of the encryption key, allowing the key to be intercepted via the TPM contacts.