You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Anyway, if you rely on BitLocker in TPM mode (boot without PIN), you should know that anyone can steal your computer, sniff 32 bytes off of the LPC bus, stick them into libbde, and decrypt your disk. Yes, it's that easy. Solder 7 wires to $favorite_fpga_board, decrypt drive.
We all knew it was going to be this dumb, but today I'm here to tell you it *is* this dumb and I just implemented it.
Also many computers (e.g. anything with an external TPM module, but also the many that have LPC on a debug or other extension port) have headers for LPC, so then you don't even need to solder anything.
What is a FDE solution meant to protect if it can’t protect the data when the computer is stolen? ô0
MitM with physical access to the peripheral bus? This is not part of the targeting attacker model. Of course it is possible to retrieve a key bound to hardware only, if you own the device.
That would make a great blog post or another YouTube stream
Great work! Do you think a similar attack could be made against Android "DE" storage on a Pixel phone?
ARM devices are usually a few orders of magnitude closer to being potentially secure than x86 systems. The "TPM" on those is integrated into the SoC. I'm sure you could still find a way in though, like a glitching attack. This is why I refuse to use Android FBE.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
