Bitlocker This is an application integrated with the Windows, which seeks to create greater security for the data that we have stored on a computer with this operating system, and we can really doubt its effectiveness. And now we can say that Bitlocker It is not extremely secure, as it is possible to obtain encrypted information through this program with just one Raspberry pieand less than a minute of our time.
Applications used to encrypt data provide additional protection for people who want to maintain as much privacy as possible when saving documents on a computer, it is very difficult to know that we can overcome this layer of security with a device that costs less than a normal USB, and it also allows us to do it in less time than it takes to move a large document.
Is Bitlocker no longer secure?
As we stated at the beginning, Windows disk encryption has been compromised, but that doesn’t mean it’s a big problem that can leave our data completely unprotected. Indeed, the practice used to compromise encrypted information on a computer with Bitlockerrequires physically connecting the Raspberry pie to one of the computer’s data channels in order to use the sniffer, This is a key factor to take into account, as it involves disassembling certain parts of the PC to be able to achieve this exploit.
But that doesn’t mean it’s not a problem, because even though it has to be done physically, it’s still a pretty serious safety issue, because the reason it happens is mainly because the roads of communication between the CPU and the external TPM are completely decrypted when the computer starts. But in this case, we return again to the physical configuration, since Bitlocker
What security breach does this cause?
As we indicated previously, the main security flaw that exists is that the data bus that connects the external TPM to the CPU does not encrypt the data when the PC boots, allowing an integrated unit to be connected with software capable of get this information in a fairly simple way. Because ultimately, if there is no data encryption, it is possible to extract the information from any site, that is why on the Internet, for example, they stopped using plain text documents to store and share information.
In this way, the youtuber Crushing the batteries (creator of the Raspberry Pi which allows this vulnerability to be exploited), takes advantage of this encryption flaw to directly connect the modified model of the Raspberry by making contact with the metal pads which protrude from the data buses, so as to intercept the information that they contain, which makes Bitlocker dangerous. In any case, the configuration it uses is specifically vulnerable to this connection, since in more current motherboard models it is more complicated to try to intercept the data they transfer.
