YellowKey and TPM+PIN - differently bad but still bad
Posted by m1m1n0@reddit | sysadmin | View on Reddit | 3 comments
The original researcher claimed that TPM+PIN works. I tend to agree, however the issue is not the same as with TPM-only BitLocker bypass.
There are two scenarios we could consider - theft and unauthorized access by the user themselves.
TPM-only BitLocker-encrypted PC is vulnerable to thieves being able to read all data with the currently published exploit. It is already bad, but adding PIN is a sufficient protection against such scenarios.
However, this ~~vulnerability~~ backdoor opens unrestricted, unauthorized access to the file system for the users themselves. At this point consider that all regular users can read and write to any file, if they want. Files like SAM, the registry, anything that is on the file system (like the passwords for the BIOS you store in C:\IT only readable by SYSTEM and TrustedInstaller). TPM+PIN does not protect against this as the users do know the PIN.
༼ つ ◕◕ ༽つ SUMMON THE PATCH, MICROSOFT ༼ つ ◕◕ ༽つ
picklednull@reddit
This bypass doesn’t introduce anything novel. Physical possession of device equals unrestricted access to it and its data (this thread being about BitLocker, yes, encryption partially covers this).
What is the easiest way to get local admin (or unrestricted access to all data) on an end user device?
”Hello, service desk? I seem to have forgotten my disk encryption PIN, can I have the recovery key?” Or just ”it’s asking me for a recovery key”.
MeetJoan@reddit
Yeah, the user-side write access is the part most coverage glosses over. TPM+PIN protects against the thief scenario but leaves a regular user able to read or modify anything on disk - SAM hives, BIOS password stashes, registry, whatever - because they're authenticated to the box. Two different threat models, only one of them gets patched by the obvious mitigation.
Forumschlampe@reddit
Dont get whats the point, it should work with and without?