According to TechSpot , although BitLocker is integrated into Windows 11 Pro, Enterprise, and Education versions to enhance data security using the AES encryption algorithm, a recent study shows that this encryption tool can be easily cracked with just a low-cost device.
Accordingly, in a YouTube video , security researcher Stacksmashing demonstrated how hackers could extract BitLocker encryption keys from a Windows computer in just 43 seconds using a Raspberry Pi Pico device. According to the researcher, targeted attacks can bypass BitLocker encryption by directly accessing the hardware and extracting the encryption key stored in the computer's Trusted Platform Module (TPM) via the LPC port.
Microsoft's well-known data encryption tool can be easily bypassed.
The vulnerability stems from a design flaw found in devices with dedicated TPMs, such as newer laptops and desktops. As the researchers explain, BitLocker sometimes uses an external TPM to store critical key information, such as Platform Configuration Registers and Volume Master Keys. However, the communication channels (LPC ports) between the CPU and the external TPM are not encrypted at boot, allowing attackers to monitor any traffic between the two components and extract the encryption key.
To perform the demonstration attack, Stacksmashing used a 10-year-old laptop that had been encrypted with BitLocker, then programmed a Raspberry Pi Pico to read the raw binary code from the TPM to obtain the Volume Master Key. He then used Dislocker with the newly obtained Volume Master Key to decrypt the drive.
This isn't the first time BitLocker has been cracked. Last year, cybersecurity researcher Guillaume Quéré demonstrated how BitLocker's full-drive encryption system allowed users to monitor any information between a separate TPM chip and the CPU via the SPI port. However, Microsoft claims that breaking BitLocker encryption is a long and complex process, requiring extensive access to the hardware.
The latest attack method shows that BitLocker can be bypassed much more easily than previously thought, raising important questions about current encryption methods. Whether Microsoft will fix this specific vulnerability in BitLocker remains to be seen, but in the long run, cybersecurity researchers need to do a better job of identifying and patching potential security vulnerabilities before they become a problem for users.
Source link
![[Photo] Prime Minister Pham Minh Chinh receives Lao Minister of Education and Sports Thongsalith Mangnormek](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765876834721_dsc-7519-jpg.webp&w=3840&q=75)
![[Photo] Prime Minister Pham Minh Chinh receives the Governor of Tochigi Province (Japan)](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765892133176_dsc-8082-6425-jpg.webp&w=3840&q=75)
![[Live] 2025 Community Action Awards Gala](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765899631650_ndo_tr_z7334013144784-9f9fe10a6d63584c85aff40f2957c250-jpg.webp&w=3840&q=75)
![[Image] Leaked images ahead of the 2025 Community Action Awards gala.](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765882828720_ndo_br_thiet-ke-chua-co-ten-45-png.webp&w=3840&q=75)
Comment (0)