Caution: Bitlocker is only really secure when used with a password.
Bitlocker is used on Windows systems (from Windows 8) to encrypt the entire hard disk.
This protects against a thief removing the hard drive and installing it in another computer and gaining access to the data there.
In practice, however, Bitlocker is also used to protect the hard disk of a stolen computer (typically a notebook) from access. And here you have to be careful: this protection is only complete if a Bitlocker password or PIN has to be entered when the computer is started.
However, this setting is not the default. In the standard setting, Bitlocker stores the cryptographic key in the hardware TPM chip (TPM = Trusted Platform Module) of the computer. The key is safely stored there. When the computer is started, however, the key must be read out of the TPM and transferred to the Bitlocker software. And it is precisely at this point that an attacker who is in physical possession of the computer can read out the key by means of additional hardware and thus decrypt the hard disk – despite Bitlocker, UEFI password and SecureBoot.
This attack can be prevented by configuring Bitlocker in such a way that a Bitlocker password or a sufficiently long PIN must always be entered when the computer is started (or at least outside the company LAN). The password must be as secure as possible (i.e. long), since the attacker has the device in his hands and can make as many attempts as he likes.
Conclusion: always use Bitlocker with a forced password, especially for notebooks and especially for business trips abroad.
This loophole was found by the Doles Group.
Details of the procedure can be found here:
- https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
- https://www.heise.de/news/Lesetipp-Gestohlenes-Laptop-als-Hintertuer-6151527.html
- https://www.golem.de/news/verschluesselung-windows-verschluesselung-bitlocker-trotz-tpm-schutz-umgangen-2107-158524.html