Microsoft's Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi

trackcharlie , 3 months ago

The concept and implementation of TPM use has been a joke since inception.

veracrypt or luks; bitlocker is a total joke.

gennygameshark , 3 months ago

Yet we still can't crack Denuvo...

LainTrain , 3 months ago

Requires physical access. A non-story outside of cybersec academia/research

Natanael , 3 months ago

Bitlocker's threat model is physical access, though. And it's 50% of TPM's threat model too.

LainTrain , 3 months ago

Yeah which is why no one cares about either. The threat vector is usually not discussed and mostly ignored by non state-level actors in practice.

I do agree that it's fascinating. My master's degree thesis was on sourcing trust and eliminating various evil maid type attacks, including supply side targeted poisoned hardware aimed at state level.

Netrunner , 3 months ago

This is categorically false. Laptops are not a story but rather company property.

helenslunch , 3 months ago

BAN RASPBERRY PI'S!

BAN COMPUTERS!

PeterPoopshit , 3 months ago (edited 3 months ago)

There probably will someday be a push to prevent common normal people from having access to computer systems that offer the user root or superuser access. "ThE aVeRaGe PeRsOn DoEsNt NeEd AdMiN pErMiSsIoNs" or "think of the children". Ipads and surface pros will be allowed but something like a socket 1155 motherboard won't.

Specal , 3 months ago

No one wants LGA1155 anymore anyway so it's Gucci, my i7-2600 was far past it's life span 5 years ago

femboy_bird , 3 months ago

Speak for yourself, I'll take anything that executes code and find a use for it

Specal , 3 months ago

The IPC just isn't good enough of those chips anymore, making them really inefficient. You'd be better off buying a modern celeron

femboy_bird , 3 months ago

A modern celeron costs like 150 bucks after a motherboard and ram, you can buy an old pc that's bound for a landfill for like 20 bucks, and they are perfectly usable for something like a nas, a tor node, or a minecraft server

Edit: 150's a bit high prolly like 90 is possible

Specal , 3 months ago

The old wholesale of PCs for 20 buckeroos doesn't really exist here in the UK so I never considered that

v81 , 3 months ago

This is already happening with smart phones.

PeterPoopshit , 3 months ago

When the government starts taking away unlocked bootloader phones, I will be switching to ham radio instead of getting a locked down phone. Fuck the system.

v81 , 3 months ago

Sad thing is there is no way to securely communicate via ham radio.

But I'd be fully open to going pirate!

And with regard to unlocked bootloaders, I think it's the manufactures wanting to lock away choice and options that is the issue more than the government.

kugiyasan , 3 months ago

Someday? Canada is already trying to ban the Flipper Zero, we're living in your nightmare.

Piemanding , 3 months ago

We're gonna have problems getting enough software engineers in the future. How is anyone supposed to learn when everything is locked away. It's already happening in the repair industry and the trades.

TORFdot0 , 3 months ago

Fake news. Nobody is getting a raspberry pi for $10 lol

Hiro8811 , 3 months ago

With shipping it's more than ten but on it's own it's 6,10 for the H model

f4f4f4f4f4f4f4f4 , 3 months ago

I get your joke, but it's even cheaper than a "Raspberry Pi". Pi Pico, one RP2040 chip, that's basically RPi's new version of a Teensy. I just installed one in my GameCube to defeat its "BIOS" and boot from micro SD card :P

andrewth09 , 3 months ago

I just installed one in my GameCube to defeat its "BIOS" and boot from micro SD card :P

Coolest thing I heard all day. Didn't know that was a thing.

helenslunch , 3 months ago

It's a Zero W. $15

topinambour_rex , 3 months ago

It's a pico

helenslunch , 3 months ago

YOU'RE A PICO

Evil_Shrubbery , 3 months ago

We all are pica pica!!

v81 , 3 months ago

Yeah, is a Pico... $5

homesweethomeMrL , 3 months ago

Hey - hey member that time when Truecrypt was like, “Peace, we out. Use bitlocker. lol”

When’s the new Truecrypt coming out? Yeah yeah Veracrypt, I know. It’s cool, its just not. I dunno.

ryannathans , 3 months ago

Veracrypt does fine

homesweethomeMrL , 3 months ago

I know, I know.

bruhduh , 3 months ago

Yet another example of "hardware access is root access"

jabjoe , 3 months ago

As it should be really so you can repair things.

bruhduh , 3 months ago

I agree

SkyNTP , 3 months ago

Pis are 10$ again? That's the real story.

circuscritic , 3 months ago

It's a Pi Pico (RP2040), which is an MCU, not CPU. Similar to an Arduino UNO (ATmega328p).

kadu , 3 months ago

[Thread, post or comment was deleted by the author]

Godort , 3 months ago

Correct. However, if you have a way to run a PowerShell command as an administrator, you can run a single cmdlet to get access to the bitlocker recovery key.

n2burns , 3 months ago

Isn't the whole point of BitLocker protection from direct access? When a computer is turned off, encryption should keep the data safe. Also when a computer is turned off, basically no remote vector is going to work. AFAIK, when the computer is on, the drive is mounted and BitLocker provides no additional protection over an unencrypted drive.

kadu , 3 months ago

[Thread, post or comment was deleted by the author]

ryannathans , 3 months ago

Veracrypt drive encryption does not have the same problem, it would be secure even with physical access

kadu , 3 months ago

[Thread, post or comment was deleted by the author]

ryannathans , 3 months ago

Yeah, it's safe because of no TPM usage. You can boot from an encrypted drive, it'll prompt for the key instead of auto loading from vulnerable hardware

Natanael , 3 months ago

Bitlocker supports the same usecase, but everybody wants that automatic boot feature so...

It also lets you store a secondary key on a server and require the computer to be on trusted networks to be able to retrieve it to boot, but I've never ever heard of anybody using that

ryannathans , 3 months ago

Pretty sure it uploads the key to microsoft servers when you do that

Natanael , 3 months ago

That's the default, but you can block it in the command line configuration tool

circuscritic , 3 months ago

$10.. not really in video. He had a custom PCB made so the pogo pins were on the board, all in one.

Honestly, pretty awesome. Although as noted, this is for older boards without TPM integration in CPU.

It can also be done with a logic analyzer.

LazaroFilm , 3 months ago

The pi is $10. The rest is much more.

Treczoks , 3 months ago

That is a PI Nano. They gave them away for free at a trade fair. I've got a bag of them laying around for my next project.

LazaroFilm , 3 months ago

Pi Pico. With a RP2040 MCU. Which retails for [$9.91 on Amazon](Seeed Studio Raspberry Pi Pico Flexible Microcontroller Board Based on The Raspberry Pi RP2040 Dual-core ARM Cortex M0+ Processor for Gamecube, 1pc. https://a.co/d/0A0hAXX).

I’m sure they were giving away at some events because we’re trying to popularize the new chip to get more devs to jump on board. I use a RP2040 on my current project and it’s a great chip.

SatyrSack , 3 months ago

What does that have to do with the GameCube?

LazaroFilm , 3 months ago (edited 3 months ago)

I’m not quite sure what you’re asking but I believe you are talking about PicoBoot, which is a way to hack your GameCube using a Raspberry Pi Pico RP2040.

https://hackaday.com/2022/07/05/raspberry-pi-pico-modchip-unlocks-the-gamecube/

And

https://github.com/webhdx/PicoBoot

Edit: I just realized the Amazon sale says GameCube. Makes sense now.

Blackmist , 3 months ago

Just your standard Amazon SEO product name.

stevedidwhat_infosec , 3 months ago

Unsurprised. Physical security seems to be a lot tougher for the industry to “nail”

Just look at this UEFI boot fail vuln/exploit. Crazy.

Godort , 3 months ago

It should be noted that this attack was demonstrated on a nearly 10 year old laptop that has the TPM traces exposed on the motherboard.

Most TPMs nowadays are built into the CPU which does not leave them vulnerable to this type of attack.

jabathekek , 3 months ago

Too late, Canada's banned Raspberry Pi's already. :(

surewhynotlem , 3 months ago

I don't get the downvoting. This is solid commentary on the Flipper Zero idiocy.

Rai , 3 months ago

Prolly from people who don’t yet know about the Flipper Canada bullshit hahaha

cheese_greater , 3 months ago

Its definitely sort or misleading but MS needs to really have its feet held to the fire when it comes to these things. It sort of pushes the narrative in the correct direction which is towards privacy AND security, not a half-ass balance where one or the other or both is compromised or is an illusion altogether

The Outlook stuff has demonstrated how fundamentally irresponsible and unserious they are about their obligation to secure and regulate their own systems, they need all the bad press they can get so they are compelled to do betwr

Shadow , 3 months ago

Because MS designed Lenovo motherboard for them and told them where to put the tpm debug pins? I think you're casting blame at the wrong vendor here.

Doesn't matter how good the software is if the hardware vendor fucks up like that.

Natanael , 3 months ago

They're heavily involved with the development of the spec and guidance to OEMs on how to implement it