Bad news for BitLocker users — its encryption can be cracked remarkable easily

YouTuber shows how BitLocker can be cracked in less than a minute

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you have aWindows 10Pro, orWindows 11Pro device, with a dedicated external Trusted Platform Module (TPM), all of yourencrypted datacould easily be decrypted and read - all that’s needed is a little brainpower, a $10 Raspberry Pi Pico, and physical access to the target endpoint.

A YouTuber with the alias stacksmashing hasdemonstratedwhat they call a “colossal security flaw” which allowed him to bypass Windows Bitlocker in less than a minute and gain access to the encryption keys, all with the help of the off-the-shelf cheap device.

You can read up on the technicalities of the flaw and its exploithere, but the short story is that the communication lanes between the CPU and the external TPM are completely unencrypted on boot-up. So, if an attacker were to have an unpopulated connector on the motherboard that can read LPC bus data, they would be able to connect the Pico to it and have the device read the raw ones and zeros from the TPM. That would grant them access to the Volume Master Key that’s stored on the module.

Major oversight

Major oversight

During their demonstration, stacksmashing used a ten-year-old laptop with Bitlocker encryption, but explained that the same method works on newer motherboards with an external TPM.

The devices with a TPM built into the CPU should be safe (which includes mostIntelandAMDCPUs for sale today). In the video, the YouTuber is seen first removing the back cover of a laptop with a screwdriver, before touching the connectors with their Pico device. At the same time, a stopwatch running on a smartphone showed the entire process lasting less than a minute.

While some viewers praised stacksmashing’s findings, saying the tool could be really helpful for people who lost their encryption keys, others suggested that the flaw was a “major oversight”.

ViaThe Register

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review