Researchers successfully sniffed Windows Bitlocker encryption keys

The latest attack method by security researchers made Windows Bitlocker less secure, sniffing encryption keys with the help of external devices. Windows Bitlocker is a hard disk encryption system introduced by Microsoft many years ago to encrypt the entire hard disk to prevent unauthorized access. The encryption system is still the preferred hard disk encryption solution for many users and is available for free on Windows Professional and Enterprise and Education Editions. For example, when you encrypt the hard disk, if someone steals your hard disk, they can’t read the file. Even if you put the hard disk on another computer, you need to decrypt the key.

Normally, when you start Windows Bitlocker for encryption, you only need to enter the password. This password is used as the primary password of the encryption system for decryption. The researchers spent $30 to purchase a field-programmable gate array FPGA connected to the hard drive and then retrieve the key from the LPC bus via a sniffing tool.

The researchers initially found the hard drive decryption key for Surface Pro 3 in the Infineon Trusted Platform Module TPM 2.0. To prove that this was not accidental, the researchers also tested the TPM version 1.2 chip and obtained the decryption key on an older HP laptop.

The encryption verification methods supported by Windows Bitlocker include a combination of a pure password and a password plus a smart card. The smart card is a special authentication module similar to a USB flash drive. Microsoft has previously warned users of the dangers of using Windows Bitlocker without the use of additional security such as smart card PINs. Verification without smart card verification or smart card but without setting a PIN code is more convenient, but its performance is greatly reduced in terms of security.