Hardware security is going more and more deeper. Hardware as root of trust is the heart of every secure operation. There are several devices and integrated components, made for security reasons, and among these we find the Trusted Platform Module.

Unfortunately, using secure hardware by itself is not enough. The manufacturers must use these components appropriately by designing security measurements into each step of the firmware execution.

In this presentation we would like to highlight the security weaknesses of the Bitlocker and Trusted Platform Module, focusing on how they can be exploited to gain access to personal data and the operating system. These weaknesses could on the one hand lead a malicious user to access sensitive information and on other could help the Red Teaming assessment or Digital Forensics analysis.
Finally will be present a tool made by our team to exploit these security flaws.

The purpose of this presentation is to describe the Trusted Platform Module and its use in the Bitlocker software architecture, highlighting the main security weaknesses.

The TPM is an integrated component present in most of our personal computers and not only that. It provides a series of security features to ensure, for example, the storage of cryptographic keys and the execution of sensitive routines in Trusted Execution Environment. Furthermore, we will also describe tools like Bitlocker, which use the TPM to increase security and guarantee user privacy.We will then go on to analyze in detail the tool and its basic functionality and the various ways it can be used, before moving on to security implications, vulnerability and weakness software features, that allow a malicious user to access sensitive data and the operating system.

Finally, we will show a tool created by our team which decodes part of the communication between BIOS and TPM in order to obtain the cryptographic key used by the software to encrypt the disk.

Luigi Fragale

Luigi Fragale est pentester chez Communication Valley Reply.