This week at the Chaos Computer Club's (CCC) annual Chaos Communication Congress, hacker Thomas Lambertz presented 'Windows BitLocker: Screwed without a Screwdriver,' detailing how users can beat BitLocker encryption and gain access to protected data. The old reported-fixed bug, CVE-2023-21563, can still be exploited on current versions of Windows with just one-time physical device access and a network connection. Still, the attack doesn't require opening up the PC or having hours of access as with other drive decryption exploits [h/t Heise].
This attack falls into the category of "bitpixie" attacks that have been well-documented since mid-2022. While this specific error was technically fixed via updates in November 2022, this demonstrates that this fix is, unfortunately, only surface-level. By using Secure Boot to start an outdated Windows bootloader to extract the encryption key into memory and subsequently using Linux to retrieve the contents of memory and find that BitLocker key, the updated version of Windows 11 can still effectively be attacked as if it were never updated to address bitpixie attacks at all.
Microsoft's attempt to fix this issue was insufficient because of UEFI firmware storage space limitations. Current estimates for new Secure Boot certificates are as far off as 2026. In the interim, users can only protect themselves by backing up BitLocker with their own PIN or disabling network access in the BIOS. Thomas Lambertz warned that even a simple USB network adapter could be enough to execute this attack.
This is unlikely to be a major issue for the everyday user, who is unlikely to have people on-site attempting to decrypt their BitLocker-protected drives. However, for corporate, enterprise, and government environments where cybersecurity is of the utmost importance, full BitLocker decryption is still possible with just a single instance of PC access, and a USB network adapter is undoubtedly a cause for concern.
The CCC is the EU's largest association of hackers and cybersecurity mediators. For those hungry for more surrounding information and with at least 56 minutes to spare, we recommend the full Windows BitLocker: Screwed without a Screwdriver presentation uploaded this morning to CCC's media hub. The whole talk is in English, unlike prior existing coverage. It gives detailed technical information on how the current exploits work and why they're so tricky to fix.
