Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of Full Volume Encryption Keys (FVEKs) from memory.
This vulnerability underscores the risks associated with physical access attacks and highlights potential weaknesses in memory protection mechanisms.
The attack revolves around capturing the contents of a computer’s RAM during operation.
If an attacker has physical access to a device, they can abruptly restart it and dump the memory to extract sensitive information, including FVEKs.
This process leverages the fact that encryption keys are temporarily stored in memory while the system is running.
However, the technique is not foolproof. RAM contents degrade rapidly when power is cut off, making it crucial to minimize downtime.
To mitigate this degradation, researchers said that attackers could use methods such as physically cooling the RAM or maintaining power delivery using external sources.
In one demonstration, the attacker shorted the reset pins on the motherboard to restart the system without cutting power, preserving memory integrity... Read Full method
No comments:
Post a Comment