A recent presentation at the Chaos Communication Congress (CCC) by hacker Thomas Lambertz revealed that Windows 11 BitLocker's default encryption remains vulnerable, even after a supposedly fixed bug (CVE-2023-21563). The exploit, dubbed "Screwed without a Screwdriver," allows hackers to bypass BitLocker with a simple one-time physical access and a network connection.
How the Exploit Works
This attack, categorized as a "bitpixie" attack, leverages an outdated Windows bootloader via Secure Boot to extract the encryption key into memory. By using Linux to access memory contents, hackers can retrieve the BitLocker key. This bypass occurs even if the system has been updated to address earlier Bitpixie vulnerabilities, demonstrating that the fix was not comprehensive.
The issue lies in the limitations of UEFI firmware storage space. New Secure Boot certificates are not expected until 2026. In the meantime, users must implement their own protection, either by backing up BitLocker with a PIN or by disabling network access in the BIOS. Even a USB network adapter provides a vulnerable network access point for this attack.
Implications
For everyday users, this attack is unlikely to pose a significant risk as it requires physical access to the device. However, it presents a substantial threat in corporate, enterprise, and government environments where cybersecurity is paramount. With just a single instance of physical access and a USB network adapter, full BitLocker decryption is possible.
For more detailed information, a full English presentation titled "Windows BitLocker: Screwed without a Screwdriver" is available at the CCC media hub. View the Presentation
