For several years, Windows users have been able to secure their data with BitLocker, Microsoft’s encryption tool. It is super simple to set up, and manufacturers have long adopted it by integrating the well-known TPM (Trusted Platform Module) chip into their computers.
This integration allows BitLocker to store all critical information related to the computer’s configuration and, most importantly, the Master Key—that is, the key that allows the decryption of all contents.
Enter security researcher StackSmashing, who has devised a method to physically extract this key using a Raspberry Pi Pico, less than ten bullets, some software, and a small homemade PCB. With the pins of his PCB, he can connect directly to the LPC bus of the TPM chip, which is located on the motherboard’s back, allowing him to intercept the messages (i.e., the master key) transmitted between the TPM chip and the computer’s CPU.
As demonstrated in the video, his tinkering is specific to certain Lenovo laptop models (ThinkPad), but it can be easily adapted to any type of computer, as shown at the end with the Surface Pro (and a small hole in its casing).
However, do not assume that your computer is necessarily vulnerable to this attack, especially if it is recent. Processor manufacturers like Intel and AMD have now integrated the TPM directly into the CPU, making such attacks less feasible.