BitLocket Back Door: TPM Only


Userlevel 7
Badge +9

This is a recent research by security specialists of the Dolos Group to determine if an attacker can access the organisation network from a stolen device and also perform lateral network movement.

They were handed a Levovo Laptop preconfigured with the standard security stack for this organization. No prior information about the laptop, test credentials, configuration details, etc were given. They stated it was a 100% blackbox test.

Once the got hold of the device, they headed straight to work and performed some reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) and noted a lot of best practices were being followed, negating many common attacks. For example:

  • Pcileech/DMA attacks were blocked because Intel’s VT-d BIOS setting was enabled.
  • All BIOS settings were locked with a password.
  • The BIOS boot order was locked to prevent booting from USB or CD.
  • Secureboot was fully enabled and prevented any non-signed operating systems.
  • Kon-boot auth bypass did not work because of full disk encryption.
  • LAN turtle and other Responder attacks via USB ethernet adapters returned nothing usable. 
  • The SSD was full disk encrypted (FDE) using Microsoft’s BitLocker, secured via Trusted Platform Module (TPM)

With nothing else working, they had to take a look at the TPM and they noticed from the reconnaissance that the laptop boots directly to the Windows 10 Login screen. This is a TPM-Only implementation. Here is a guide I have written on “Insight on Full Disk Encryption with PBA / without PBA, UEFI, Secure Boot, BIOS, File and Directory Encryption and Container Encryption”.
- You may want to see How to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines

That, coupled with the BitLocker encryption means that the drive decryption key is being pulled only from the TPM, no user supplied PIN or password was needed which is the default for BitLocker.

They stated that, with with the introduction of additional security such as a Password or a PIN, this would have thwarted this attack.

  • This means, they recommend using TPM + Pin or TPM with a Password.

For those using VPN with Pre-Logon, after gaining access to the device, without requiring access, this could lead to a lot of lateral movement within the network. This guide will help in configuring BitLocker PIN bypass: How to configure Network Unlock in Windows. You may want to learn how to deploy Microsoft BitLocker Administration and Monitoring Tool.

 

Summary: TPM is very secure and an attack on it is near impossible. The flaw is BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows. If an attacker grab that key, they should be able to decrypt the drive, get access to the VPN client config, and maybe get access to the internal network.

Until this is fixed, I will recommend using TPM + Pin or Password!!!.

 

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

 

 


0 comments

Be the first to comment!

Comment