Microsoft's Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi - eviltoast

Microsoft’s Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi::The point of Microsoft’s Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bi

  • Godort@lemm.ee
    link
    fedilink
    English
    arrow-up
    157
    arrow-down
    2
    ·
    9 months ago

    It should be noted that this attack was demonstrated on a nearly 10 year old laptop that has the TPM traces exposed on the motherboard.

    Most TPMs nowadays are built into the CPU which does not leave them vulnerable to this type of attack.

    • cheese_greater@lemmy.world
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      2
      ·
      edit-2
      9 months ago

      Its definitely sort or misleading but MS needs to really have its feet held to the fire when it comes to these things. It sort of pushes the narrative in the correct direction which is towards privacy AND security, not a half-ass balance where one or the other or both is compromised or is an illusion altogether

      The Outlook stuff has demonstrated how fundamentally irresponsible and unserious they are about their obligation to secure and regulate their own systems, they need all the bad press they can get so they are compelled to do betwr

      • Shadow@lemmy.ca
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        1
        ·
        edit-2
        9 months ago

        Because MS designed Lenovo motherboard for them and told them where to put the tpm debug pins? I think you’re casting blame at the wrong vendor here.

        Doesn’t matter how good the software is if the hardware vendor fucks up like that.

        • Natanael@slrpnk.net
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          They’re heavily involved with the development of the spec and guidance to OEMs on how to implement it