Raspberry Pi Pico cracks BitLocker in under a minute

Am I missing something or is this the same TPM bus sniffing for the key exchange attack (from @marcan maybe?) that was detailed some years back but using a cheap Pi? Is this attack BitLocker specific somehow? It looks like it would affect LUKS or others just as well. Just trying to understand the novelty of this particular method or if it&#x27;s tied to BitLocker in particular.<p>Anyway, not to detract from the nice work of the author or to tout my own horn but I can hack a lot of encryptions in seconds with a simple keylogger. For the sake of this exercise I&#x27;ll consider the key exchange (user typing password) is an integral part of any encryption scheme :).<p>More seriously, I think fTPM or TPM+PIN+USB key would be good ways to avoid this scenario.

Previous discussions: &quot;Breaking Bitlocker – Bypassing the Windows Disk Encryption [video]&quot;[0](110 points, 3 days ago, 68 comments), &quot;BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico&quot;[1] (108 points, 11 hours ago, 62 comments)<p>[0]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39243305">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39243305</a> [1]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39284711">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39284711</a>

This particular bus sniffing attack is easily prevented... it&#x27;s just that Microsoft _chose_ to avoid implementing the protection.<p>Mission critical embedded devices are not designed by Microsoft, and would normally have tpm parameter encryption...<p><a href="https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;253776&#x2F;why-does-windows-not-enable-tpm-2-0-parameter-encryption-to-protect-against-bus" rel="nofollow">https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;253776&#x2F;why-does...</a>

Remember when Microsoft told you you can&#x27;t have Windows 11 because of your missing&#x2F;old TPM wouldn&#x27;t be secure enough?<p>Turns out it&#x27;s all security theater.

I&#x27;m not familiar at all with this kind of low-level knowledge so probably a stupid question but: does that require the device to be connected when the user types their password to actually retrieve the key, or is it an actual &quot;crack&quot; as in it can unlock BitLocker without key nor password ever being inputted on the device?

TFA: &gt; If your hardware is vulnerable, mitigation can be achieved through the use of a PIN.<p>Or, encryption passphrase on boot.<p>But in that case, you just need two accesses: Add h&#x2F;w keylogger, read h&#x2F;w keylogger.<p>You can at least make it somewhat more difficult by using ubsguard to prevent the most obvious keylogger ingress points.

Some prior art: <a href="https:&#x2F;&#x2F;dolosgroup.io&#x2F;blog&#x2F;2021&#x2F;7&#x2F;9&#x2F;from-stolen-laptop-to-inside-the-company-network" rel="nofollow">https:&#x2F;&#x2F;dolosgroup.io&#x2F;blog&#x2F;2021&#x2F;7&#x2F;9&#x2F;from-stolen-laptop-to-in...</a>

Oh no there goes all the windows 8 lenovos.

I saw this on hackaday 43 seconds to crack bitlocker is pretty badass.

Impressive technical feat, even if not completely new.<p>However, as tech people we need to stop downplaying our accomplishments. “43 seconds” (plus the lifetime of learning that allowed them to figure out how to do all these things: decoding the wire signals, writing a custom firmware, knowing how to probe the motherboard for the correct signals, etc.)