New BitLocker attack puts laptops storing sensitive data at risk

New Zealand security researcher details never-before-seen attack for recovering BitLocker keys.
Written by Catalin Cimpanu, Contributor
New BitLocker attack on TPM LPC buses
Image: Denis Andzakovic

A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.

To be clear, this new BitLocker attack require physical access to a device and will result in the device's destruction as the attacker needs to hard-wire equipment into the computer's motherboard.

Nonetheless, the attack yields the desired results and should be considered a threat vector for owners of devices storing highly-valuable information, such as classified materials, proprietary business documents, cryptocurrency wallet keys, or other similarly sensitive data.

Attack targets TPM LPC buses

The attack was detailed for the first time today in a report by Denis Andzakovic, a New Zealand-based security researcher at Pulse Security.

His method is different from past BitLocker attacks because it requires hard-wiring into a computer's TPM chip and sniffing communications via the Low Pin Count (LPC) bus.

TPMs are dedicated microcontrollers (also known as chips, cryptoprocessors) that are usually deployed on high-valued computers, such as those used in enterprise or government networks, but also data centers and sometimes personal computers.

TPMs have different roles, and one of them is to support Microsoft's BitLocker, a full volume disk encryption feature that has been added way back in Windows Vista.

In his research, Andzakovic detailed a new attack routine that extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.

He tested his research on an HP laptop running a TPM 1.2 chip (attack carried out using an expensive Logic Analyzer) and against a Surface Pro 3 running a TPM 2.0 chip (attack carried out using a cheap FPGA board and open source code).

In both attacks, BitLocker was running in its standard configuration.

Researcher & Microsoft: Use pre-boot authentication

Andzakovic's research showed once again why using standard BitLocker deployments is a very bad idea and the reason why even Microsoft is warning against it in the official BitLocker documentation.

Both the researcher and Microsoft recommend using a BitLocker PIN, which is a password required even before the OS boots, a protection that should prevent the BitLocker keys from reaching the TPM and getting sniffed using this new attack.

Andzakovic's finding joins the ranks of other BitLocker attacks that involved direct memory access (DMA) methods [1, 2, 3], brute-force attacks, but also vulnerabilities in self-encrypting SSDs and the Windows Update process.

Microsoft Surface Go: First impressions

More vulnerability reports:

Editorial standards