You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New attack could extract BitLocker encryption keys from a TPM

New attack could extract BitLocker encryption keys from a TPM
New attack could extract BitLocker encryption keys from a TPM- March 14, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_496421011.jpg)
- The new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
- All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.
A security researcher from Pulse Security named Denis Andzakovic has come up with a new attack vector that could extract BitLocker encryption keys from a computer’s TPM (Trusted Platform Module). All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.
“By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board,” Andzakovic said.
The big picture
To be precise, this attack would require physical access to a device, which means an attacker needs to hardwire equipment into the system’s motherboard or TPM chip and sniff communications via the Low Pin Count (LPC) bus.
The attacker could then access the highly valuable information such as proprietary business documents, cryptocurrency wallet keys, and other sensitive data stored in the system.
Worth noting
The security researcher described that the new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
- Andzakovic tested on an HP laptop running a TPM 1.2 chip by using an expensive Logic Analyzer
- He also tested the attack against a Surface Pro 3 running a TPM 2.0 chip by utilizing a cheap FPGA board and open source code.
It is to be noted that in both the attacks, the BitLocker was running a standard configuration.
The bottom line - Andzakovic’s research revealed that using standard BitLocker configuration is not very secure.
This is why Andzakovic and Microsoft recommend using a pre-boot authentication method to prevent such attacks. Pre-boot authentication is setting a TPM/BIOS password before the OS boots, which will prevent the BitLocker encryption keys from reaching the TPM and getting sniffed.
Get such articles in your inbox
News
-
Previous News Point-of-Sale malware DMSniff targets credit card information
- March 14, 2019
- |
- Malware and Vulnerabilities
-
Next News Kathmandu Holdings suffered a data breach compromising customers’ personal information
- March 14, 2019
- |
- Breaches and Incidents
Popular News
Related News
-
Researchers unveil quantum cryptographic method
- November 26, 2019
- |
- New Cyber Technologies
Categories
Get such articles in your inbox
News
-
Previous News Point-of-Sale malware DMSniff targets credit card information
- March 14, 2019
- |
- Malware and Vulnerabilities
-
Next News Kathmandu Holdings suffered a data breach compromising customers’ personal information
- March 14, 2019
- |
- Breaches and Incidents
Popular News
Related News
-
Researchers unveil quantum cryptographic method
- November 26, 2019
- |
- New Cyber Technologies
Categories
