QuoteIn a
YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico. According to the researcher, targeted attacks can bypass BitLocker's encryption by directly accessing the hardware and extracting the encryption keys stored in the computer's Trusted Platform Module (TPM) via the LPC bus.
The attack was possible due to a design flaw found in devices with dedicated TPMs, like modern laptops and desktops. As explained by the researcher, BitLocker sometimes uses external TPMs to store key information, such as the Platform Configuration Registers and Volume Master Key. However, as it turns out, the communication lanes (LPC bus) between the CPU and external TPM remain unencrypted on boot-up, allowing threat actors to sniff any traffic between the two modules and extract the encryption keys.