A YouTuber demonstrated a security flaw with Bitlocker, a built-in encryption feature of Windows 10 Pro and Windows 11 Pro.
By exploiting a design flaw in many systems that feature a Trusted Platform Module (TPM), the YouTuber was able to bypass Bitlocker in less than a minute with a cheap Raspberry Pi Pico, steal the master key, and gain access to the encryption keys that can unlock protected data.
This was possible because the communication lanes (LPC bus) between the CPU and external TPM are unencrypted on boot-up, enabling an attacker to sniff critical data as it moves between the two units.