Microsoft’s data security technology exploited by BitLeaker tool

BitLocker sleep mode vulnerability can bypass Windows full disk encryption

A vulnerability in BitLocker’s “tamper-resistant” security technology can be exploited to break the full disk encryption technology that comes bundled with Windows devices.

At the virtual Black Hat Asia security conference today, researcher Seunghun Han introduced a tool that can be used to subvert BitLocker security protections.

BitLocker is Microsoft’s implementation of full disk encryption. It is compatible with Trusted Platform Modules (TPMs) and encrypts data stored on disk to prevent unauthorized access in cases of device theft or remote attacks.

Han explained how the tool BitLeaker, built for Windows 10, can leverage a vulnerability in the ACPI S3 sleeping state to bypass full disk encryption.

Leaking secrets

Two types of TPM – hardware-based discrete TPM (dTPM) and firmware-based TPM (fTPM) – are used to protect BitLocker’s Volume Master Key (VMK), the key that decrypts partitioned files.

Back in 2018, Han and a team of researchers first discovered CVE-2018-6622, a local vulnerability in the dTPM 2.0.

An advisory explains: “An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.”

YOU MAY LIKE BitCracker: Password-cracking software designed to break Windows’ BitLocker

It was this vulnerability that allowed Han to access encrypted files by using the BitLeaker tool.

Han detailed a proof-of-concept in a video, in which he uses a USB bootloader.

Firmware flaws

In his presentation at Black Hat Asia today, Han introduced an update to BitLeaker, unveiling a new vulnerability related to the fTPM, specifically in the Intel Platform Trust Technology (PTT), that can also be exploited.

The bug – CVE-2020-0526 – was assigned a ‘medium’ risk level, as is was found that the security bug could also lead to privilege escalation.

“The sleep mode vulnerability can subvert not only the fTPM but also the dTPM with system sleep mode, and it can forge Platform Configuration Registers (PCRs),” Han explained.

Read more of the latest Microsoft security news

“PCRs are core parts of the sealing and unsealing functions to protect the VMK of BitLocker.

“By exploiting the vulnerability, we extracted the VMK from TPMs and decrypted a BitLocker-locked partition with our custom tool, BitLeaker.

“Additionally, we present detailed information on BitLocker’s VMK protection process related to the TPM and countermeasures.”

Researcher Seunghun Han detailed his research during Black Hat Asia's virtual eventResearcher Seunghun Han detailed his research during Black Hat Asia's virtual event

Open source toolbox

BitLeaker can be downloaded from the GitHub repository. Users also have the option to create a USB bootable device.

As it stands, only one device – the ASUS Q170M-C – is still vulnerable to the attack, Han said. All other devices have been patched.

READ MORE Black Hat Asia: Need for global security perspectives underlined at virtual event