Stacksmashing demonstrates that the communication between the CPU and TPM is unencrypted and can be snooped by attaching wires to the traces between them. This is not new, but now has all the source/board design to make it easier – on old systems with a long known security flaw of exposed traces.

This isn’t really new info. It requires numerous things to be right: physical access to the device and non-integrated TPM with a design flaw. Modern CPUs don’t have this easily exploitable design given the TPM is integrated into the die now. This was somewhat common in early days. At one point just connecting a firewire cable into a Mac let you read the encryption keys out of memory from a sleeping or running Apple.

Additionally, Bitlocker using TPM without pin was cracked years ago using fairly common electronic components. Any secure Bitlocker deployment has long been understood to be using TPM and a pin.

A reminder that security is only as good as its weakest link

Links:

• https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico
• https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/
• https://github.com/stacksmashing/pico-tpmsniffer