Do you think BitLocker is safe? Guess again, it takes less than a minute to break it

It costs less than $10 to bypass BitLocker encryption

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

bitlocker bypass

BitLocker is the encryption method of choice for many users since it will protect your data in case your PC gets stolen.

However, it seems that BitLocker isn’t as secure as we previously thought, and it can be bypassed easily with Raspberry Pi Pico.

YouTuber shows how to break BitLocker protection with Raspberry Pi

According to Betanews, it seems that YouTuber stacksmashing managed to bypass BitLocker encryption all by using a Raspberry Pi Pico.

To make matters worse, it only took him 43 seconds to do so, and that includes the necessary time to open the laptop case and access the motherboard!

He has a pretty informative video that shows this in action while explaining the process in detail.

According to the video, he managed to do so by using an unused connector at the back of the laptop motherboard. The connector has the necessary lines to access the TPM, which makes it vulnerable to this type of attack.

To get the BitLocker key, stacksmashing created a small Raspberry Pi Pico board that connects to this connector and retrieves the BitLocker Volume Master key.

After obtaining the master key, you can use one of many available tools to decrypt the drive and access the files.

While this is worrying, there are some precautions you can take to protect yourself. Firstly, you should use preboot authentication with a strong PIN. By doing so, this type of attack will be useless.

Unfortunately, this option isn’t easily accessible, and you can enable it only from Group Policy Editor.

Secondly, this isn’t method isn’t 100% compatible with all laptops. It works usually with Lenovo laptops, as well as other models that have a similar connector. Microsoft Surface Pro is also vulnerable to this type of attack.

The attack also doesn’t work on PCs that have a firmware TPM that is integrated into the CPU, but if your laptop has a dedicated TPM chip, it might be vulnerable.

While this looks extremely troublesome, your PC should be safe as long as you have a preboot authentication enabled or if your device comes with fTPM that is integrated into the CPU, which modern PCs usually do.

This isn’t the only security concern for Microsoft, and Microsoft is investigating Outlook security vulnerability and dealing with the aftermath of the Midnight Blizzard attack, so fixing this probably isn’t at the top of their priorities.

More about the topics: Bitlocker, TPM

User forum

0 messages