frase
Well-Known Member
- Reaction score
- 3,725
- Location
- Melbourne, Australia
YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico
- Thread starter frase
- Start date
phaZed
Well-Known Member
- Reaction score
- 2,968
- Location
- Richmond, VA
The specific attack he has there will work for pretty much only that board/TPM chipset. Good luck with fTPM, where the TPM is in the CPU (Which is most TPM-based devices these days. Super-interesting none-the-less. I've got some pico's sitting around - would make for an interesting and useful project to have around in the cases where it can help!
Sky-Knight
Well-Known Member
- Reaction score
- 5,164
- Location
- Arizona
So much click bait... and not a novel approach.
Only works if:
1.) The unit has a discrete TPM module. (This is actually a thing, because cheap means no TPM module and instead an fTPM module... IE CPU has it internal to itself)
2.) The unit isn't configured with a boot pin to unlock the TPM module.
3.) One has physical access to a functional laptop that can boot on its own.
4.) One has the ability to troubleshoot electronic components OR...
4a.) Mainboard has an exposed spare pinout for the TPM module in the exact same format as that specific Lenovo.
I do want to grab his code and such because it would be fun to probe older equipment to steal keys in various circumstances. But realistically this isn't a functional breach.
I do however... have ONE HUGE EXCEPTION to the above.
Servers.....
Servers almost always have discrete TPM modules...
Servers almost always do NOT HAVE boot pins...
BUT...
Servers are almost always in SECURE LOCATIONS, and if they aren't... they aren't digitally secure no matter what we do anyway.
I've been pulled into at least four conversations regarding this video's content in the last week in security circles and it's... exhausting. I'll simply close with some axioms in this industry.
1.) If you have no physical security, you have no digital security.
2.) Defending anything gets harder over time.
3.) Attacking anything gets EASIER over time.
4.) Understanding of your technology is always greater than ignorance of your technology. (such as being shocked about this)
I say that last one because what this guy did on YouTube didn't shock me, wasn't news to me, because I already knew it was possible. And it WILL ALWAYS BE POSSIBLE! The only way to fix this was to integrate the TPM into the CPU, which has already been done. Also, Apple separated their NVME's into storage and controllers... placing the controller into the CPU as well! They did this for many reasons, this situation is one of them.
I congratulate the author in making a video that will make him a small fortune in ad share, and I'm happy there are people gaining awareness of a weakness in TPM relative to how bitlocker works. (Start configuring those boot pins people!) But is this new? No... not at all to any of us that are working in the security space.
Only works if:
1.) The unit has a discrete TPM module. (This is actually a thing, because cheap means no TPM module and instead an fTPM module... IE CPU has it internal to itself)
2.) The unit isn't configured with a boot pin to unlock the TPM module.
3.) One has physical access to a functional laptop that can boot on its own.
4.) One has the ability to troubleshoot electronic components OR...
4a.) Mainboard has an exposed spare pinout for the TPM module in the exact same format as that specific Lenovo.
I do want to grab his code and such because it would be fun to probe older equipment to steal keys in various circumstances. But realistically this isn't a functional breach.
I do however... have ONE HUGE EXCEPTION to the above.
Servers.....
Servers almost always have discrete TPM modules...
Servers almost always do NOT HAVE boot pins...
BUT...
Servers are almost always in SECURE LOCATIONS, and if they aren't... they aren't digitally secure no matter what we do anyway.
I've been pulled into at least four conversations regarding this video's content in the last week in security circles and it's... exhausting. I'll simply close with some axioms in this industry.
1.) If you have no physical security, you have no digital security.
2.) Defending anything gets harder over time.
3.) Attacking anything gets EASIER over time.
4.) Understanding of your technology is always greater than ignorance of your technology. (such as being shocked about this)
I say that last one because what this guy did on YouTube didn't shock me, wasn't news to me, because I already knew it was possible. And it WILL ALWAYS BE POSSIBLE! The only way to fix this was to integrate the TPM into the CPU, which has already been done. Also, Apple separated their NVME's into storage and controllers... placing the controller into the CPU as well! They did this for many reasons, this situation is one of them.
I congratulate the author in making a video that will make him a small fortune in ad share, and I'm happy there are people gaining awareness of a weakness in TPM relative to how bitlocker works. (Start configuring those boot pins people!) But is this new? No... not at all to any of us that are working in the security space.
frase
Well-Known Member
- Reaction score
- 3,725
- Location
- Melbourne, Australia
Yes I would agree, though is good for those who tinker with things. I would not do this on a professional level on someone elses system, just a curious thing to see and do.
