The modules TPM (Trusted Module Platform) are so important that the Microsoft has put this type of component into the Windows 11 minimum requirements list. But there is nothing 100% secure. Experts at the digital security company Dolos Group needed less than 30 minutes to bypass the TPM module of a Lenovo notebook.
You can understand in detail what TPM is here, but in summary, this is a security component that, in Windows, is used for disk encryption through BitLocker, malware detection during the boot process, Windows authentication Hello, among others.
TPM may not be well known to home users (at least until the Windows 11 announcement highlighted the feature), but for rather obvious reasons, it is widely used on computers targeted at corporate environments.
In the case in question, Dolos received a corporate notebook with a series of security mechanisms enabled. The computer was provided to the company to check the security of a customer’s network. However, no password was provided, nor any other information that could help researchers to access the equipment.
How the TPM was circumvented
The team soon noticed that, once turned on, the computer goes straight to the login screen, with no PIN or password fields appearing in the way. This behavior suggests that the drive’s decryption key is obtained solely from the TPM.
After this finding, the researchers had the idea of extracting the key from the chip. But how? Modules of this type usually have several protection elements. O Ars Technica notes, for example, that Infineon designed a TPM chip to self-destruct if physical access is attempted.
Furthermore, TPM chips often have such small motherboard contact points that intercepting their communication through soldering, for example, is a task that borders on impossible.
Trying to find alternatives, the researchers noticed that the notebook’s TPM module communicates with the CPU through a serial bus, the SPI (Serial Peripheral Interface).
Ideally, communication between the two components would be done from a dedicated bus, but for design and cost reasons it is not uncommon for SPI to be used for this purpose. The problem is that this approach opened up for researchers to obtain the key by intercepting the connection between TPM and CPU.
After an investigation, the Dolos team discovered that the same SPI bus was shared with the CMOS chip, which is responsible for storing the device’s BIOS settings.
This chip has much higher contact points compared to the TPM module. It was then enough for the researchers to connect a logic analyzer to the CMOS to extract the data traffic that passes through the SPI bus. Using a tool called bitlocker-spi-toolkit, they were able to isolate the key from the extracted data volume.
Ready. The protection provided by the TPM had been surpassed. The entire procedure took less than 30 minutes.
With the decryption key in hand, the researchers accessed the notebook’s storage drive and found a preconfigured corporate VPN client. This type of client has a peculiarity: the connection with the server is established before the user starts the session.
This means that if the computer is hacked, the server accessed via the VPN can be compromised in several ways. This is not the only danger: the hacked machine can also be used in a series of malicious actions or give access to sensitive data eventually stored on it.
TPM modules remain secure
Although Dolos Group experts have managed to bypass the TPM, this module remains an important security component. Note that the vulnerability was not in the chip itself, but in its method of implementation on the motherboard.
Furthermore, this type of attack requires physical access to the equipment and a lot of technical knowledge about the subject.
Overall, the experiment serves to reinforce that care is taken when it comes to digital security and that, based on that, it is not prudent to rely on a single solution or default settings.
In this specific case, requiring the user to have a password or PIN to access the computer (and not just a Windows login password) and not classifying a machine as trusted just because it is on the organization’s VPN are among the various measures that would have served of protective barrier.