BitLocker is one of the most used storage drive encryption systems in the world. Your security has been compromised after a hacker demonstrated how to steal BitLocker encryption keys in 43 seconds, using a Raspberry Pi Pico card which only costs 12 euros.
The BitLocker hack is possible due to a serious security flaw in some computer configurations, where the TPM chip is not integrated into the CPU. Let’s see how the hack works.
BitLocker is a hard drive and SSD encryption system included in Windows 10 Pro and Windows 11 Pro. It stores the encryption keys in the TPM chip. Yes, the same one that requires Windows 11 to work, and that prevents millions of PCs that do not have it from being able to install said system.
This is how they have broken BitLocker encryption
The TPM chip is located in two different places, depending on the PC. In new computers it is already integrated into the CPU. But since they are a few years old, it is located on the motherboard.
When the computer boots, the CPU asks the TMP chip for the BitLocker encryption key, in order to access the encrypted hard drive and boot the operating system. If it is on the motherboard, communicates via the LPC bus.
The YouTube channel stacksmashing has discovered a major failure of the TPM protection system: During computer startup, the LPC bus is completely unprotected, the data flowing through it is not encrypted.
This bus can be accessed through a forgotten connector on the motherboard, next to the slots for the M.2 SSDs. So what this hacker has done is connect a Raspberry Pi Pico cardwhich barely costs 12 euros, to the aforementioned connector.
With the Pico you have managed to capture all the data that moves on the LPC bus during startup, when it is not protected. Among them… BitLocker encryption keys. In just 43 seconds the Raspberry Pi Pico captures the keys to decrypt BitLocker encrypted SSDs or hard drives. You can see it in this video:
This hack only works on PCs that have the TPM chip on the motherboard. If it is inside the CPU, the LPC bus is not accessed and the keys are protected. It has been proven to work with TPM 1.0 chips, and also with some TPM 2.0.
The problem is that many users without a TPM chip in the CPU have installed an external chip on the motherboard to be able to use Windows 11, and those are precisely the vulnerable ones.
Windows BitLocker encryption has been broken with a Raspberry Pi Pico in less than a minute, due to a serious security flaw in the external TPM chips. The problem is that there is no easy solution.