TPM and BitLocker are interesting targets for security experts. Tarnovsky has recently reverse engineered a Trusted Platform Module (TPM) chip from Infineon. Five researchers from German Fraunhofer Institute have explored attacks on BitLocker when using TPM to seal the data.
The paper is interesting even if you are not familiar with TPM. The team targets the boot loader and especially the recovery strategy. If you illegaly modify the environment of the machine, the TPM will detect it but the sealing data for BitLocker will not be accurate anymore. Thus, Bitlocker uses a recovery mechanism independent from the TPM. The idea is to trick the user in this mode. They suggest five attacks: create a false plausible recovery situation, spoof the recovery message, Spoof then hide, replace the computer by a “‘phishing” computer, and preemptive modification (i.e. modify the computer before activating BitLocker. The two last attacks are less plausible. All attacks require physical access to the target.
Lesson: The attacks target the operating mode and process and not the technology itself. Therefore, they are clever.
Recovery systems are always BACKDOORS in a system!!
The paper is available at here.