New BitLocker attack puts laptops storing sensitive data at risk

[silversurfer]

Content source

https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/

A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.

To be clear, this new BitLocker attack require physical access to a device and will result in the device's destruction as the attacker needs to hard-wire equipment into the computer's motherboard.

Nonetheless, the attack yields the desired results and should be considered a threat vector for owners of devices storing highly-valuable information, such as classified materials, proprietary business documents, cryptocurrency wallet keys, or other similarly sensitive data.

The attack was detailed for the first time today in a report by Denis Andzakovic, a New Zealand-based security researcher at Pulse Security.

 

[n0k0m3]

Good read on how to mitigate these kinds of attacks: BitLocker Countermeasures (Windows 10)