A security researcher has developed a new way to extract BitLocker encryption keys from the Trusted Platform Module (TPM) of a computer that requires only a $27 FPGA board and some open source code. To be clear, this new BitLocker attack requires physical access to a device and will lead to destruction of the device as the attacker needs hard-wire equipment into the motherboard of the computer. Nevertheless, this attack produces the desired results and should be considered a threat vector for device owners who store valuable information, such as classified materials, proprietary business papers, cryptocurrency wallet keys or other equally sensitive data.
Attack Targets TPM LPC Buses
The attack was first reported today by Pulse Securité security researcher Denis Andzakovic. Its method differs from previous BitLocker attacks because it requires the hard cording of a computer’s TPM chip and the sniffing of Low Pin Count (LPC) bus communications. TPMs are microcontrollers, usually used on highly valued computers, such as corporate or government networks, and data centers and, at times, personal computers. TPMs are also known as chips. There are different roles for TPMs, and one is to support the full volume disk encryption function of Microsoft’s BitLocker, which was added back to Windows Vista. In his research, Andzakovic has detailed a new attack routine extracted from the LPC bus from both the TPM 1.2 and TPM 2.0 chips by BitLocker encryption keys. He has tested his research on an HP laptop with a TPM 1.2 chip (attack using an expensive logic analyser) and a Surface Pro 3 using a TPM 2.0 chip (attack with a cheap FPGA board and an open source code). BitLocker was running in its default configuration in both attacks.
RESEARCHER & MICROSOFT: The research by PRE-BOOT AUTHENTICATION
Andzakovic has once again shown why it is an extremely bad idea to use standard BitLocker deployments as well as why Microsoft is warning against them in the official BitLocker documentation. Both Microsoft and the researcher advise using the pre-boot authentication process by setting a TPM / BIOS password before the OS boots, a password to keep the BitLocker keys out of reach of the TPM and sniff with this new attack. The finding of Andzakovic joins the ranks of other BitLocker attacks involving direct memory access (DMA) methods, brute force attacks, but also vulnerabilities in SSD self-encryption and the Windows Update process.