Researchers at a security company have managed to bypass Trusted Platform Module (TPM) restrictions in as little as 30 minutes and without having to do any welding work, proving that if an attacker has actually ‘done their homework’ they can bypass all current security systems. What sense then does Microsoft impose the requirement of having TPM for Windows 11 ?
Let’s say you’re a large company that just sent an employee a new laptop, and let’s say the laptop comes preconfigured to use security best practices to prevent information leakage, including TPM, disk encryption, password-protected BIOS settings. , UEFI SecureBoot, and other recommendations.
If an attacker succeeds in taking over the machine, will he be able to access the data? And can he use it to attack the company network? Unfortunately, the answer to both questions is yes.
TPM and other security measures, broken in 30 minutes
Researchers at security consultancy Dolos Group, hired to test a customer’s network security, received a Lenovo laptop preconfigured to use the organization’s security standards, including TPM. They did not receive usernames or passwords, configuration details or any other information about the machine, to emulate what a hacker would find if they physically stole the laptop.
An analysis of the BIOS settings , boot operation, and hardware quickly revealed that the security measures in place could prevent common attacks, including:
- Pcileech / DMA attacks because Intel’s VT-d protection was enabled.
- Authentication bypasses the use of tools like Kon-boot.
- Using tools like LAN Turtle and Responder to extract data with USB Ethernet adapters.
With little else to go on, the researchers focused on the Trusted Platform Module, or TPM , a highly hardened chip installed on the laptop’s motherboard that communicates directly with other hardware installed on the machine. Researchers found that since this is the default for hard drive encryption with Microsoft’s BitLocker, the laptop would boot directly to the Windows screen without prompting for a PIN or password, meaning the TPM was the default. place where the cryptographic key was stored to unlock the unit.
Microsoft recommends overriding the default value and using a PIN or password, as this would require the attacker to have very advanced knowledge and to disassemble the laptop and do some soldering work on the TPM module to access it. However, the researchers said in this regard that Microsoft’s advice is inappropriate:
A pre-equipped attacker could complete the entire attack chain in less than 30 minutes without welding, with simple and cheap hardware and publicly available tools, putting this process directly within the reach of any user with advanced knowledge.”
TPM modules have multiple layers of defense that prevent attackers from extracting or manipulating the data they store. For example, an analysis conducted more than 10 years ago revealed that a TPM chip made by Infineon was designed to self-destruct if physically penetrated. With little hope of breaking the chip inside the laptop, the researchers looked for other ways to extract the key that decrypted the hard drive, and found that the TPM communicated with the CPU using a serial interface, a protocol communications for embedded systems.
Abbreviated as SPI, the firmware does not provide its own encryption capabilities, so any encryption must be handled by the devices that the TPM communicates with and not by the TPM. BitLocker does not use any of the encrypted communication features of the latest TPM 2.0 standard, so if researchers could take advantage of the connection between the TPM and the CPU, they could extract the encryption key and access everything on the laptop.
Analizer TPMSo the researchers connected a logic analyzer to the CMOS chip on the laptop’s motherboard, and in no time they were able to extract every byte that moved through the chip. Then, they used the bitlocker-spi-tool kit to isolate the key within this mass of data obtained and bingo! They were able to remove the encryption from the disk, and all “thanks” to the TPM.
With the hard drive decrypted, the researchers scoured its contents for passwords or confidential files to help them access the customer’s network, and they soon came up with something: the Palo Alto Networks VPN Global Protect client that came pre-installed and preconfigured.
A characteristic of VPN networks is that the connection can be established even before the user logs in. The ability is designed to authenticate an endpoint and allow domain scripts to run as soon as the PC is turned on, which is very useful to be able to manage large numbers of computers without system administrators having to even know their passwords .
But it also gave attackers free rein in the reverse direction: from the “stolen” PC to the company network.
Will Microsoft compromise on the TPM requirement in Windows 11?
Seen and demonstrated that the TPM module has not only not been effective as a security measure so that an attacker could take control of the computer and access the corporate network, but it has also been part of the culprit that has allowed this attack, now We can’t help but wonder what Microsoft will do about the controversial TPM requirement in order to use Windows 11, its next operating system.
It is true that the more obstacles you place on potential attackers, the more secure the system will be, but imposing this requirement on ordinary users does not seem to make much sense, especially when it has been shown that it is a security measure that can be broken with relative ease.
At the moment Microsoft has not ruled on the matter and the requirement remains essential for those who want to enjoy the next version of their operating system, but it is likely that popular pressure will end up taking effect sooner or later.