Full disk encryption is one of the cornerstones of modern endpoint protection. It is not only an effective method to protect sensitive data against physical theft, but it also protects data integrity against tampering attacks. If this protection method could be compromised without significant effort, it would break the fundamental idea of endpoint protection.
Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks [0][1] that we have previously researched. In addition, various attacks based on TPM interface sniffing [2] or DMA [3] have been used to gain access to an encryption key.
Proof-of-Concept Video: LPC Bus Sniffing Attack against Microsoft BitLocker in TPM-only Mode
DOWNLOAD: https://urluso.com/2vG6th
In this post, we research a sniffing attack against an SPI interface of Trusted Platform Module (TPM) by using publicly available tools at a reasonable cost. In addition, we release a tool which extracts the BitLocker key from the sniffed SPI traffic.
TPM is often used to seal the full disk encryption key, and the chip itself is typically protected against a various range of different attacks. However, the communication between CPU and TPM is not encrypted by default, which leaves it vulnerable to sniffing attacks.
Capturing communication of TPM is not a new idea. For example, D. Andzakovic [2] demonstrated a BitLocker key extraction from the LPC bus, and J. Boone [5] researched an interposer attack against the I2C bus. However, there were no public research on sniffing the TPM communication from the SPI bus.
2ff7e9595c
Comments