WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

680

Archive: https://archive.today/Lu4LC

From the post: "How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you’re running Windows, the most popular system is BitLocker, which has come with Windows since Vista. We’ve known for some time that Bitlocker could be defeated with direct access to the hardware. Microsoft claims that the process requires an attacker with skill and lengthy access to the hardware. [Stacksmashing] wanted to define lengthy, so he gave it a try. The result is a shockingly fast attack."

Archive: https://archive.today/Lu4LC From the post: "How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you’re running Windows, the most popular system is BitLocker, which has come with Windows since Vista. We’ve known for some time that Bitlocker could be defeated with direct access to the hardware. Microsoft claims that the process requires an attacker with skill and lengthy access to the hardware. [Stacksmashing] wanted to define lengthy, so he gave it a try. The result is a shockingly fast attack."

(post is archived)

[–] 1 pt (edited )

Some laptops even have connectors and test points directly on the LPC

Lenovo was nice enough to leave an unpopulated connector footprint on the motherboard. This was the key to stealing the key.

LOL!

Hackaday had another funny article about taking control of a DSC keypad by simply using hardware to press the buttons, completely bypassing all the security it put on the bus. LOL.

[–] 1 pt

Yeah, it also was using a MiTM to read the data going to the display since it could not be encrypted so you could tell what state the system was just by looking at what data was going to the MCD.

[–] 0 pt

more modern computers include the TPM inside the CPU itself. Sniffing that will take a bit more hardware than a Pi Pico.

Not to long ago it was a "lengthy process"... (((discretely moves goalposts)))