Ever wondered about the security of your data on your computer? Here is a revelatory piece that questions the efficacy of Microsoft's encryption system and its vulnerability to simple bypass with inexpensive tools.
The Security Promise of Microsoft’s Encryption System
Microsoft has consistently stood by the robustness of its encryption system, asserting its difficulty to bypass. At the core of this system security is the Trusted Platform Module (TPM), which is required for Windows 11 installation. The TPM simplifies the encryption of data on hard drives. However, this key strength is also perceived as its most significant weakness by some.
A Remarkable Flaw in BitLocker
BitLocker, Microsoft's encryption system, was found to have a significant vulnerability. The effective operation of the system necessitates a connection between the device's Central Processing Unit (CPU) and the TPM installed on the motherboard. The major flaw here is that this communication path lacks protection.
Bypassing the System
On some motherboards, easily accessible connectors facilitate the reading of data transmitted between the CPU and TPM. With the use of a Raspberry Pi Pico and some probes, one researcher managed to extract encryption information from an SSD. Remarkably, the components used for this bypass cost a mere . The encryption key from an operational computer could be extracted in under a minute, specifically 43 seconds.
This flaw potentially leaves outdated PCs prone to security breaches, numbering in the millions. Once the encryption key has been extracted, the hard drive of the target computer can be connected to another PC for data reading. The most prevalent versions of Windows and TPMs still offer some form of protection, but BitLocker does not offer complete protection for older PCs. Consequently, files and folders could potentially be accessible to unauthorized users.
Addressing the Issue
More modern devices have rectified this flaw by consolidating all processes within the processor itself. However, potential bypasses still exist due to the fact that TPMs transmit unencrypted data. Consequently, the disposal and erasure of hard drives or SSDs should never be overlooked, given the potential access to sensitive data.