A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.
To be clear, this new BitLocker attack require physical access to a device and will result in the device's destruction as the attacker needs to hard-wire equipment into the computer's motherboard.
Nonetheless, the attack yields the desired results and should be considered a threat vector for owners of devices storing highly-valuable information, such as classified materials, proprietary business documents, cryptocurrency wallet keys, or other similarly sensitive data.
Attack targets TPM LPC buses
The attack was detailed for the first time today in a report by Denis Andzakovic, a New Zealand-based security researcher at Pulse Security.
His method is different from past BitLocker attacks because it requires hard-wiring into a computer's TPM chip and sniffing communications via the Low Pin Count (LPC) bus.
TPMs are dedicated microcontrollers (also known as chips, cryptoprocessors) that are usually deployed on high-valued computers, such as those used in enterprise or government networks, but also data centers and sometimes personal computers.
TPMs have different roles, and one of them is to support Microsoft's BitLocker, a full volume disk encryption feature that has been added way back in Windows Vista.
In his research, Andzakovic detailed a new attack routine that extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
He tested his research on an HP laptop running a TPM 1.2 chip (attack carried out using an expensive Logic Analyzer) and against a Surface Pro 3 running a TPM 2.0 chip (attack carried out using a cheap FPGA board and open source code).
In both attacks, BitLocker was running in its standard configuration.
Researcher & Microsoft: Use pre-boot authentication
Andzakovic's research showed once again why using standard BitLocker deployments is a very bad idea and the reason why even Microsoft is warning against it in the official BitLocker documentation.
Both the researcher and Microsoft recommend using a BitLocker PIN, which is a password required even before the OS boots, a protection that should prevent the BitLocker keys from reaching the TPM and getting sniffed using this new attack.
Andzakovic's finding joins the ranks of other BitLocker attacks that involved direct memory access (DMA) methods [1, 2, 3], brute-force attacks, but also vulnerabilities in self-encrypting SSDs and the Windows Update process.
More vulnerability reports:
- Apple, Google, GoDaddy misissued TLS certificates with weak serial numbers
- Microsoft March Patch Tuesday comes with fixes for two Windows zero-days
- Google: Chrome zero-day was used together with a Windows 7 zero-day
- WDS bug lets hackers hijack Windows Servers via malformed TFTP packets
- Vulnerability in Swiss e-voting system could have led to vote alterations
- Cisco tells Nexus switch owners to disable POAP feature for security reasons
- DJI fixes vulnerability that let potential hackers spy on drones CNET
- Top 10 app vulnerabilities: Unpatched plugins and extensions dominate TechRepublic