A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.
BitLocker is the full volume encryption system that has been shipped with higher-end versions of Windows since Vista, which in the case of Windows 10 requires running or upgrading to Pro, Enterprise or Education versions on a computer with a TPM 1.2 or 2.0 chip.
Inevitably, being the Windows encryption platform has made it a target for researchers looking for weaknesses in something many people use, of which the method published by Denis Andzakovic of Pulse Security last week is only the latest example.
The weakness he exploits is that in its most basic and insecure configuration, BitLocker boots encrypted drives without the user needing to enter a password or PIN other than their normal Windows login. Writes Andzakovic:
The idea behind this is that if the laptop is stolen, and the attacker does not know your login password, they cannot pull the drive and read the contents.
No login, no access to the computer’s encrypted drive. Simply removing the drive and putting it in another computer won’t work either because the encryption key is secured inside the old machine’s TPM.
However, there is one theoretical line of attack – boot the target computer and figure out how to discover the encryption key (or Volume Master Key) as it travels from the TPM across something called the Low Pin Count (LPC) bus.
Microsoft already warns BitLocker users about the risk of using the technology without additional security such as a PIN:
This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
The innovation of the latest attack is, therefore, less to do with the fact it was able to retrieve the keys than the cheap setup and relative simplicity with which this was achieved.
Andzakovic’s attack involved wiring an Infineon TPM 2.0 from a Microsoft Surface Pro 3 to a drive through a $30 Field-Programmable Gate Array (FPGA). To simplify a bit, after using a sniffer tool, he was able to discover the Volume Master Key (VMK) from the LPC bus by executing a boot.
To demonstrate this wasn’t a one-off, he repeated the technique against an older TPM 1.2 chip from an HP laptop.
What to do
As Andzakovic acknowledges, the simplest defence is to follow Microsoft’s advice and not use BitLocker with TPMs in this default state where security is important.
A more secure alternative is either to configure a USB flash drive containing a startup key, set up PIN access or, ideally, add multifactor authentication by using both at the same time.
BitLocker has become an ultimate test of hacking nous for some researchers, which is why they’ll keep picking away at it. Known weaknesses included possible bypasses involving the design of Solid State Drives (SSDs), as well as during upgrade reboots.
0laf T. Hairy
I don’t think you need to be running Pro to have bitlocker. I have a rather weedy cheap Win10 netbook. After one MS update it started requesting a Bitlocker recovery key. Not only was it running W10 Home, I have never attempted to switch on Bitlocker so it came as something of a surprise that MS had updated and encrypted my machine for me. Luckily unlike normal ransomware I was able to find the required key in my MS account and access the machine again. I switched off bitlocker, this machine as said being weedy and only really used for homework.
MS Helpfully switched it back on again later in another update but I knew where to find the key again.
Sometimes (some may say usually) MS are spectacularly useless. If this had happened to anyone else in my family this piece of hardware would have been effectively bricked.
Paul Ducklin
In “TPM only” mode, your disk can be encrypted without you needing a password (or even being aware of the encryption) – the key is essentially managed by the system itself. This is how modern mobile phones ship, before you set a passcode – the passcode is added as an additional part of the decryption process.
As for the version of Windows needed, AFAIK the BitLocker you get on modern Windows 10 Home laptops protects the internal disk only. IIRC you can’t use it on removable drives, so it’s not strictly a full-function flavour of BitLocker.
John E Dunn
Windows 10 Home comes with cut-down version of BitLocker called Device Encryption which is based on the same technology. It’s roughly equivalent to using BitLocker without any additional security authentication.
Wilderness
Good example. MS needs to greatly improve customer service and overall clarity of their products.