Defeating Microsoft’s Trusted Platform Module
This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes—without having to solder anything to the motherboard.
Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They received no test credentials, configuration details, or other information about the machine.
They were not only able to get into the BitLocker-encrypted computer, but then use the computer to get into the corporate network.
It’s the “evil maid attack.” It requires physical access to your computer, but you leave it in your hotel room all the time when you go out to dinner.
Original blog post.
Deimos • August 9, 2021 7:22 AM
For access to the enterprise network, this attack seems to require that GlobalProtect remote access be configured with the “pre-logon” connection method. I do not see how it could succeed if GlobalProtect were configured with the user-logon connection method, particularly if multi-factor authentication were used.