Windows BitLocker broken by security researcher with $10 RaspBerry Pi in 43 seconds

Windows BitLocker, the encryption solution built into Windows 10 Pro and Windows 11 Pro, has been shown to be potentially vulnerable to a security breach. A YouTuber and security researcher known as stacksmashing recently demonstrated how he managed to intercept BitLocker data and steal encryption keys, enabling him to decrypt stored system data.

In a video posted a few days ago, stacksmashing revealed that he achieved this feat in under a minute using a Raspberry Pi Pico, a device that costs less than $10. The method involved exploiting a design flaw common to many systems that use a Trusted Platform Module (TPM), a dedicated microcontroller designed to secure hardware.

Stacksmashing accomplished this by accessing an unused connector at the rear of a laptop motherboard, which has the required lines to access the TPM. This vulnerability made it possible to connect a small Raspberry Pi Pico board to this connector and retrieve the BitLocker Volume Master key, the key that can decrypt the drive and access the files.

However, this potential security risk may not affect all PCs. Devices with preboot authentication enabled or those that feature an integrated Firmware TPM (fTPM) are not vulnerable to this type of attack. Modern PCs typically come with an integrated fTPM, providing an additional layer of security against this potential vulnerability.