Raspberry Pi Pico Exploits BitLocker Vulnerability in Seconds

A $4 device bypasses Microsoft's encryption, highlighting the need for secure TPM communication.

A security researcher demonstrated how a $4 Raspberry Pi Pico can crack Microsoft BitLocker encryption in just 43 seconds by exploiting a flaw in devices with dedicated Trusted Platform Modules (TPMs).
The attack requires physical access to the device and exploits unencrypted communication between the CPU and an external TPM during boot-up to extract encryption keys.
This vulnerability does not affect devices with TPMs integrated into the CPU, such as modern AMD and Intel processors, which remain secure from this type of attack.
Microsoft has acknowledged the possibility of such targeted attacks but suggests that mitigation can be achieved through the use of a PIN.
The discovery raises concerns about the security of BitLocker encryption and the need for improved encryption methodologies to protect against hardware-based attacks.