We recently reported on a BitLocker security flaw that enables attackers to steal BitLocker encryption keys with a cheap sub-$10 Pico. However, some of our commenters mentioned that the laptop used to demo this flaw was 10 years old, supposing that modern laptops no longer have this vulnerability. Unfortunately, stacksmash on X / Twitter) reports that modern 2023 laptops running Windows 11 still have this vulnerability.
The process to grab the encryption key is a little bit harder now, but nevertheless, the encryption key is still accessible through the same means. As a reminder, this specific BitLocker security flaw takes advantage of the unencrypted communication lanes between the CPU and a laptop's discrete TPM, by tapping into those lanes with an external sniffing device.
Stacksmash forwarded a post by Stu Kennedy on X (Twitter) unveiling the same vulnerability on a Lenovo X1 Carbon Gen 11 — a modern 2023 Lenovo laptop running Windows 11. The security specialist showed where the vulnerability points were on the TPM, and showed the exact soldering points to hook a sniffing tool to the system.
BitLocker Key retrieval on a Windows 11, Lenovo X1 Carbon Gen 11 via SPI Sniffing.The TPM on the backside of the Motherboard, there are various test pads. pic.twitter.com/JGu0riEr1cFebruary 7, 2024
Lenovo's X1 Carbon isn't the only modern laptop with this vulnerability; theoretically, all modern laptops with a discrete TPM module are at risk. Stu Kennedy has a GitHub page dedicated to TPM sniffing, educating people on the different methods users can employ to grab the BitLocker encryption key from the TPM. Kennedy's page alone has cracking tutorials for seven modern laptops (including the X1 Carbon).
There are various methods for cracking a TPM, including attacking the SPI, I2C, or LPC buses, but they all rely on the same general attack: Hijacking the communication lanes between the CPU and the TPM.
The good news is that this attack method is only exploitable if the attacker has physical access to the laptop, making it impossible for someone to do it remotely.
But, there are ways you can defend yourself from this security flaw if you are worried someone might steal your laptop. One way is to not use the TPM module at all to secure BitLocker. You can use either are secondary password at startup or an external security key such as a USB thumb drive. TPM is the default method BitLocker will use to secure a system with a TPM. But you can override this by going into the Group Policy Editor and choosing a different security method.
One interesting tidbit about this TPM hack is that it has only been done on laptops featuring discrete TPMs. Logically, it should be impossible for hackers to use this attack on systems that utilize the CPU's TPM to secure the system. Sensitive information that is being passed from a built-in TPM to the CPU and vice versa should all be done through the CPU, making it impossible to physically access. So if you still want to use a TPM, the built-in TPM module found in modern Intel and AMD CPUs should be a more secure option.
