The 43-Second Challenge: How Stacksmashing Cracked BitLocker’s Code

Cracking BitLocker’s protection in just 43 seconds using equipment costing less than $10 has become feasible, casting doubt on the reliability of one of the most popular hard drive encryption methods in the Windows system.

Since its introduction with Windows Vista, BitLocker has enjoyed widespread popularity, offering users an effective means of data protection. However, it has long been known that BitLocker can be bypassed with direct access to the hardware. Microsoft contends that successful hacking requires significant skills and prolonged access to the equipment, but experiments suggest otherwise.

Cracking BitLocker

A researcher known as Stacksmashing decided to test how long access needs to be, and the results of his experiment are astounding. It turns out that stealing BitLocker keys requires only 43 seconds and a simple set of equipment. The issue lies in the storage of encryption keys. Simply put, the keys are stored in the Trusted Platform Module (TPM) and are transmitted through the LPC (Low Pin Count) bus when the computer boots. It is at this stage that the keys can be intercepted.

Stacksmashing demonstrated the vulnerability using an old Lenovo Thinkpad laptop (X1 Carbon first or second generation), where an unused connector on the motherboard facilitates access to the LPC bus. A Raspberry Pi Pico, mounted on a specially designed board with Pogo Pins spring contacts, was used to intercept the keys, allowing easy connection to the necessary points. Stacksmashing also published the attack software code on GitHub.

It should be noted that even after the keys are stolen, the perpetrator would still need to exert effort to access the data on the disk, such as copying them via USB. Nonetheless, the experiment shows that older laptop models, such as the X1 Carbon, are at risk despite the presence of USB 3.0.

However, modern computers have additional protection, including the integration of TPM directly into the processor, which complicates the key interception process. Nonetheless, technological advancements continuously pose new challenges to the developers of security systems, and future experiments may reveal new vulnerabilities even in the most modern devices.