This is the best summary I could come up with:
We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers.
However, if you get your hands on a similarly vulnerable device secured with BitLocker, gaining access to the encrypted storage appears embarrassingly simple.
This particular laptop had connections that could be put to use alongside a custom connector to access the signals between chips.
Stir in an analyzer running on the Raspberry Pi Pico and for less than $10 in components, you can get hold of the master key for the laptop hardware.
At less than a minute in the example, we’d dispute the “plenty of time” claim, and while the Raspberry Pi Pico is undoubtedly impressive for the price, at less than $10, the hardware spend is neither expensive nor specific.
It’s enough to send administrators scurrying to their inventory lists to check for hardware they would be forgiven for assuming had been safely encrypted.
The original article contains 363 words, the summary contains 169 words. Saved 53%. I’m a bot and I’m open source!
rtxn@lemmy.world 8 months ago
Fixed title:
thantik@lemmy.world 8 months ago
Still incorrect - it didn’t crack shit. It merely intercepted the unencrypted communication. :[
themeatbridge@lemmy.world 8 months ago
It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).
“Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.
cellardoor@lemmy.world 8 months ago
Thank you for that, wish this would stop popping up everywhere.