Raspberry Pi Pico cracks BitLocker in under a minute

Trending 3 weeks ago

We're very acquainted pinch nan galore projects successful which Raspberry Pi hardware is used, from giving aged computers a caller lease of life done to moving nan animated displays truthful beloved by retailers. But cracking BitLocker? We uncertainty nan institution will beryllium bragging excessively overmuch astir that peculiar application.

The method was published successful a YouTube video complete nan play and demonstrated really a Raspberry Pi Pico tin beryllium utilized to summation entree to a BitLocker-secured instrumentality successful nether a minute, provided you person beingness entree to nan device.

Youtube Video

A Lenovo laptop was utilized successful nan video, posted by personification stacksmashing, though different hardware will besides beryllium vulnerable. The method besides relies connected having a Trusted Platform Module (TPM) abstracted from nan CPU. In galore cases, nan 2 will beryllium combined, successful which lawsuit nan method shown cannot beryllium used.

However, if get your hands connected a likewise susceptible instrumentality secured pinch BitLocker, gaining entree to nan encrypted retention appears embarrassingly simple. The crux of it is sniffing retired nan cardinal to nan instrumentality arsenic it is passed from TPM to CPU. The cardinal is helpfully not encrypted.

This peculiar laptop had connections that could beryllium put to usage alongside a civilization connector to entree nan signals betwixt chips. Stir successful an researcher moving connected nan Raspberry Pi Pico and for little than $10 successful components, you tin get clasp of nan maestro cardinal for nan laptop hardware.

  • Raspberry Pi connected IPO plans: 'We want to beryllium fresh erstwhile nan markets are ready'
  • Techie resurrects teletext connected a vintage BBC Master
  • Eben Upton connected Sinclair, Acorn, and nan Raspberry Pi
  • Raspberry Pi sizes up HAT+ spec for early hardware add-ons

Microsoft has agelong accepted that specified attacks are possible, though it describes them arsenic a "targeted onslaught pinch plentifulness of time; nan attacker opens nan case, solder, and uses blase hardware aliases software."

At little than a infinitesimal successful nan example, we'd conflict nan "plenty of time" claim, and while nan Raspberry Pi Pico is undoubtedly awesome for nan price, astatine little than $10, nan hardware walk is neither costly nor specific.

If your hardware is vulnerable, mitigation tin beryllium achieved done nan usage of a PIN.

It's capable to nonstop administrators scurrying to their inventory lists to cheque for hardware they would beryllium forgiven for assuming had been safely encrypted.

As 1 wag observed: "Congratulations! You recovered nan FBI's backdoor." ®