Subverting BitLocker With One Vulnerability

Explore a critical vulnerability in Trusted Platform Module (TPM) that can subvert BitLocker encryption in this 29-minute conference talk from Hack In The Box Security Conference. Dive into the details of how both hardware-based discrete TPM (dTPM) and firmware-based TPM (fTPM) can be exploited to extract the Volume Master Key (VMK) of BitLocker without physical access. Learn about the novel sleep mode vulnerability affecting both dTPM and fTPM, including the newly discovered CVE-2020-0526 related to Intel Platform Trust Technology (PTT). Discover how this vulnerability allows forging of Platform Configuration Registers (PCRs), compromising the core protection mechanism of BitLocker. Gain insights into the custom tool 'BitLeaker' that leverages these vulnerabilities to decrypt BitLocker-locked partitions. Understand the intricacies of BitLocker's VMK protection process, its reliance on TPM, and explore potential countermeasures to mitigate these security risks.