Security researchers from Dolos Group demonstrated how a locked-down corporate laptop using the latest defenses, including a Trusted Platform Module (TPM) and BitLocker full-disk encryption, could be compromised in under 30 minutes without soldering or privileged information.
By tapping into the unencrypted SPI bus shared by the TPM and CMOS chip, they were able to extract the BitLocker key, decrypt the drive, and leverage a preconfigured VPN client to access the internal company network.
The findings highlight significant weaknesses in relying solely on TPM-backed disk encryption without additional user authentication and offer actionable recommendations for improving security.
The story underscores the ongoing contest between attackers and defenders and the need for stronger, multi-layered hardware and software defenses.
Action Items
Security/IT Teams: Review and update disk encryption policies to require user PIN/password in addition to TPM for sensitive devices.
Security/IT Teams: Assess endpoint VPN deployment practices; consider storing VPN keys on TPM securely or requiring additional user authentication.
Security/IT Teams: Consider implementing additional hardware protections such as case tamper switches and review use of discrete vs. integrated TPMs.
Security/IT Teams: Investigate and, where possible, enable encrypted communication between CPU and TPM (parameter encryption).
Security/IT Teams: Explore remote attestation mechanisms to verify device integrity before granting network access.
Security/IT Teams: Educate staff that VPN or domain presence is not sufficient to trust a device; incorporate in security training.
Vulnerability Demonstration on TPM and BitLocker
Dolos Group received a fully secured Lenovo laptop with BitLocker, Secure Boot, locked BIOS, and a TPM, configured for corporate network access.
Typical attack vectors (DMA attacks, Kon-boot, USB-based exfiltration) were blocked by existing defenses.
Researchers identified that default BitLocker configuration (no pre-boot PIN/password) left the cryptographic key accessible only via TPM.
They located the SPI bus connecting the TPM and a CMOS chip, which had physically accessible pins.
Using a Saleae logic analyzer and open-source tools, they intercepted SPI traffic and extracted the BitLocker key.
This allowed full decryption of the SSD, giving access to OS and applications as if physically present at the machine.
Leveraging Preconfigured Applications for Network Intrusion
The decrypted laptop included a pre-installed, preconfigured Palo Alto Global Protect VPN client, capable of connecting before user login.
By replacing Utilman.exe with cmd.exe (a known logon bypass), researchers gained command-line access to the virtualized machine.
VPN authentication via computer certificate allowed the attackers to gain basic privileges on the corporate Active Directory domain.
They demonstrated the ability to list users, groups, and internal file shares, and to read and write files on internal servers, proving significant potential for lateral movement and internal attacks.
Defensive Recommendations from the Community
Require user password/PIN in addition to TPM-sealed key for drive decryption.
Implement TPM parameter encryption to protect traffic between TPM and CPU.
Do not trust devices solely based on VPN or domain presence; combine with attestation and behavioral checks.
Store more secrets (e.g., VPN keys) on TPM, making post-extraction use more difficult.
Use TPM features (cpHash, rpHash) and anti-interposer protections (like TPM Genie detection).
Hardware enhancements: case tamper switches, integrated (fTPM) use where possible.
Enable remote attestation to verify system integrity before granting access.
Decisions
Default BitLocker configuration with TPM-only unlock is inadequate for high-security threat models — rationale: Attackers with physical access can extract keys without soldering or inside knowledge, bypassing primary defenses.
Open Questions / Follow-Ups
What is the feasibility and user impact of enabling PIN/password requirements for all company BitLocker deployments?
Are there plans to transition to parameter-encrypted TPM communication in future device rollouts?
How should VPN and internal system trust models be revised in light of hardware-level attacks?
What training or awareness is needed for IT and end users regarding device trust on VPN?