If you have a Windows 10 Pro or Windows 11 Pro device, with a dedicated external Trusted Platform Module (TPM), all your encrypted data can be easily decrypted and read; all it takes is a little brainpower, a $10 Raspberry Pi Pico. and physical access to the destination endpoint.
A YouTuber with the alias stacksmashing has demonstrated what they call a “colossal security flaw” that allowed him to bypass Windows Bitlocker in less than a minute and gain access to the encryption keys, all with the help of a cheap, publicly available device. market. .
You can read about the technical aspects of the flaw and its exploitation. here, but the short story is that the communication paths between the CPU and the external TPM are not encrypted at all during boot. So if an attacker had an unoccupied connector on the motherboard that could read data from the LPC bus, they could connect the Pico to it and have the device read raw zeros and ones from the TPM. That would grant them access to the master volume key stored on the module.
Important supervision
During his demo, stacksmashing used a ten-year-old laptop with Bitlocker encryption, but explained that the same method works on newer motherboards with an external TPM.
Devices with a TPM built into the CPU should be safe (which includes most Intel and AMD CPUs on sale today). In the video, the YouTuber is seen first removing the back cover of a laptop with a screwdriver, before touching the connectors with his Pico device. At the same time, a smartphone stopwatch showed that the entire process took less than a minute.
While some viewers praised stacksmashing's findings and said the tool could be really useful for people who lost their encryption keys, others suggested the flaw was a “major oversight.”
Through registration
