Windows encryption feature defeated by $10 and a YouTube tutorial
  • @rtxn@lemmy.worldEnglish
    215 months ago

    Fixed title:

    Raspberry Pi Pico cracks BitLocker in under a minute (under very specific circumstances, but where’s the sensationalism in that?)

    • @thantik@lemmy.worldEnglish
      95 months ago

      Still incorrect - it didn’t crack shit. It merely intercepted the unencrypted communication. :[

      • themeatbridgeEnglish
        75 months ago

        It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).

        “Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.

        • @thantik@lemmy.worldEnglish
          45 months ago

          If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.

          This is kind of a moot point now because most TPM nowadays are not external modules and nobody focused on security is keeping this kind of hardware around.

          • HandlesEnglish
            15 months ago

            Fair point, let’s acknowledge the preparation and research that goes into something like this. While the Pico may have performed the decryption in less than a minute, there were days and weeks of labour leading up to that.

            A stage magician will pull a rabbit out of a hat in less than a minute, but the audience must never see the effort of the performance. Too often, for the sake of brevity and a catchy headline, journalists tend to make every slightly technological performance sound like a magic trick.

          • @DoomBot5@lemmy.worldEnglish
            -15 months ago

            If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.

            That’s not what anyone means when they say quick. They’re talking from the moment the attempt is initiated until the time data is extracted. In this case countdown starts the moment you get access to the hardware.

            • @thantik@lemmy.worldEnglish
              25 months ago

              And the moment he got access to the hardware was weeks ago when he opened it up and started probing around for the right points to access; prior to him making a custom PCB for it; which would (in most secure instances) require tripping a case-open switch present in most devices where security is a priority.

              You can’t just hand-wave away all the prep work he was doing here…it’s great for the sensationalist news headline for sure, but not entirely accurate.

              Seriously, watch the video all the way through - he spends quite some time pulling the motherboard, probing around in order to figure out where signals go, and developing a custom solution for that VERY specific computer, that VERY specific motherboard revision. He can’t just go use that tool on any PC he runs across.

              Please watch the whole video and not just the first 30 seconds of it.

              • @DoomBot5@lemmy.worldEnglish
                -25 months ago

                That’s great and all, but he owned that hardware. You’re not developing hardware exploits on a target’s hardware, you do it on a copy of the target’s hardware.

                That’s like claiming the NSA spent months breaking into your phone. In reality, they spent months developing exploits on the iPhones they bought and minutes breaking into your phone once they have it.

                • @thantik@lemmy.worldEnglish
                  25 months ago

                  And that says nothing about the fact that this hardware is old. The problem has already been fixed in modern hardware, where the TPM is internal to the CPU and doesn’t have external access points like this. So…the problem has already been fixed as well. That’s why I’m calling it such a silly, overhyped article. It’s great clickbait, but it has very little basis in the real world as of today.

  • AutoTL;DRBEnglish
    15 months ago

    This is the best summary I could come up with:

    We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers.

    However, if you get your hands on a similarly vulnerable device secured with BitLocker, gaining access to the encrypted storage appears embarrassingly simple.

    This particular laptop had connections that could be put to use alongside a custom connector to access the signals between chips.

    Stir in an analyzer running on the Raspberry Pi Pico and for less than $10 in components, you can get hold of the master key for the laptop hardware.

    At less than a minute in the example, we’d dispute the “plenty of time” claim, and while the Raspberry Pi Pico is undoubtedly impressive for the price, at less than $10, the hardware spend is neither expensive nor specific.

    It’s enough to send administrators scurrying to their inventory lists to check for hardware they would be forgiven for assuming had been safely encrypted.

    The original article contains 363 words, the summary contains 169 words. Saved 53%. I’m a bot and I’m open source!