New attack could extract BitLocker encryption keys from a TPM

• The new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
• All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.

A security researcher from Pulse Security named Denis Andzakovic has come up with a new attack vector that could extract BitLocker encryption keys from a computer’s TPM (Trusted Platform Module). All it requires to extract BitLocker keys is a $27 FPGA board and some open-sourced code or a Logic Analyzer.

“By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board,” Andzakovic said.

The big picture

To be precise, this attack would require physical access to a device, which means an attacker needs to hardwire equipment into the system’s motherboard or TPM chip and sniff communications via the Low Pin Count (LPC) bus.

The attacker could then access the highly valuable information such as proprietary business documents, cryptocurrency wallet keys, and other sensitive data stored in the system.

Worth noting

The security researcher described that the new attack method extracts BitLocker encryption keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.

• Andzakovic tested on an HP laptop running a TPM 1.2 chip by using an expensive Logic Analyzer
• He also tested the attack against a Surface Pro 3 running a TPM 2.0 chip by utilizing a cheap FPGA board and open source code.

It is to be noted that in both the attacks, the BitLocker was running a standard configuration.

The bottom line - Andzakovic’s research revealed that using standard BitLocker configuration is not very secure.

This is why Andzakovic and Microsoft recommend using a pre-boot authentication method to prevent such attacks. Pre-boot authentication is setting a TPM/BIOS password before the OS boots, which will prevent the BitLocker encryption keys from reaching the TPM and getting sniffed.