We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.
The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.
A Lenovo laptop was used in the video, posted by user stacksmashing, although other hardware will also be vulnerable. The technique also relies on having a Trusted Platform Module (TPM) separate from the CPU. In many cases, the two will be combined, in which case the technique shown cannot be used.
However, if you get your hands on a similarly vulnerable device secured with BitLocker, gaining access to the encrypted storage appears embarrassingly simple. The crux of it is sniffing out the key to the device as it is passed from TPM to CPU. The key is helpfully not encrypted.
This particular laptop had connections that could be put to use alongside a custom connector to access the signals between chips. Stir in an analyzer running on the Raspberry Pi Pico and for less than $10 in components, you can get hold of the master key for the laptop hardware.
Microsoft has long accepted that such attacks are possible, although it describes them as a “targeted attack with plenty of time; the attacker opens the case, solder, and uses sophisticated hardware or software.”
At less than a minute in the example, we’d dispute the “plenty of time” claim, and while the Raspberry Pi Pico is undoubtedly impressive for the price, at less than $10, the hardware spend is neither expensive nor specific.
If your hardware is vulnerable, mitigation can be achieved through the use of a PIN.
It’s enough to send administrators scurrying to their inventory lists to check for hardware they would be forgiven for assuming had been safely encrypted.
As one wag observed: “Congratulations! You found the FBI’s backdoor.”
This is relatively old news at this point, but for those who read this for the first time, this was only possible because the old Lenovo laptop uses an external TPM, which allows this trick. Most laptops and desktops now have Internal TPMs inside the motherboard, where a trick like this won’t work anymore.
That being said, there might be ways to do it in that case as well, and if that’s a fear you have, Veracrypt has always been and always will be the best way to encrypt your device.