Security | Vulnerability Scans and Assessment

BitLocker Back Door – TPM Only: From stolen laptop to inside the company network

BitLocker34

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled. See the following guide on how to enable FileVault disk encryption on a Mac device and BitLocker Drive Encryption architecture and implementation scenarios. You may want to see “Insight on Full Disk Encryption with PBA / without PBA, UEFI, Secure Boot, BIOS, File and Directory Encryption and Container Encryption”, and How to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines.

The TPM-only mode uses the computer's TPM security hardware without any PIN authentication. This means that the user can start the computer without being prompted for a PIN in the Windows pre-boot environment, while the TPM+PIN mode uses the computer's TPM security hardware and a PIN as authentication. Users have to enter this PIN in the Windows pre-boot environment every time the computer starts. TPM+PIN requires a prepared TPM and the GPO settings of the system must allow the TPM+PIN mode.

This is recent research by security specialists of the Dolos Group to determine if an attacker can access the organization network from a stolen device and also perform lateral network movement. They were handed a Lenovo Laptop preconfigured with the standard security stack for this organization. No prior information about the laptop, test credentials, configuration details, etc were given. They stated it was a 100% Blackbox test. Once they got hold of the device, they headed straight to work and performed some reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) and noted a lot of best practices were being followed, negating many common attacks. For example:

  • Pcileech/DMA attacks were blocked because Intel’s VT-d BIOS setting was enabled.
  • All BIOS settings were locked with a password.
  • The BIOS boot order was locked to prevent booting from USB or CD.
  • Secureboot was fully enabled and prevented any non-signed operating systems.
  • Kon-boot auth bypass did not work because of full disk encryption.
  • LAN turtle and other Responder attacks via USB ethernet adapters returned nothing usable. 
  • The SSD was full disk encrypted (FDE) using Microsoft’s BitLocker, secured via Trusted Platform Module (TPM)

With nothing else working, they had to take a look at the TPM and they noticed from the reconnaissance that the laptop boots directly to the Windows 10 Login screen. This is a TPM-Only implementation.

That, coupled with the BitLocker encryption means that the drive decryption key is being pulled only from the TPM, no user-supplied PIN or password was needed which is the default for BitLocker. The advantage of using TPM-Only is, it eliminates the use of a second factor (Pin + Password) thereby convincing users to use to have their devices encrypted. You may want to see How to enable Bitlocker Pre-Boot Authentication via the Group Policy.

They stated that the introduction of additional security such as a password or a PIN would have thwarted this attack.
– This means, they recommend using TPM + Pin or TPM with a Password. This means, with a PIN you pretty much eliminate all forms of attack, and each time your device is switched on, your device will not be grabbing the Key from the TPM. An additional PIN is required to unlock the drive, so without the PIN you cannot even boot windows as described in this guide. But it’s another authentication layer that some users may find obtrusive.

For those using VPN with Pre-Logon, after gaining access to the device, without requiring access, this could lead to a lot of lateral movement within the network.

Summary: TPM is very secure and an attack on it is near impossible. The flaw is BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows. If an attacker grabs that key, they should be able to decrypt the drive, get access to the VPN client config, and maybe get access to the internal network.

Until this is fixed, I will recommend using TPM + Pin or Password!!! This guide will help in configuring BitLocker PIN bypass: How to configure Network Unlock in Windows. You may want to learn how to deploy Microsoft BitLocker Administration and Monitoring Tool.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x