A team of experts has published a video on YouTube showing that they can bypass the security of Windows systems in just a few seconds.

Cybersecurity is a major need in the digital age, with millions of users entrusting their most sensitive data to tech giants like Microsoft. Data encryption has been a valuable ally in this battle for privacy, but what happens when one of the most trusted methods of protection is breached in less than a minute?

The encryption protocol of Windows systems was cracked in a few seconds – Sjbeez

Recently, the effectiveness of BitLocker, the encryption system built into Windows 10 and Windows 11 Pro, has been seriously questioned. A YouTuber demonstrated how, for just $6, you can bypass this defense and access protected data in just 43 seconds.

BitLocker has long been considered a reliable disk encryption tool, designed to protect information from unauthorized access. However, the YouTuber known as Stacksmashing revealed a significant vulnerability. Using a Raspberry Pi Pico, a device of negligible cost, he managed to steal the encryption keys necessary to decipher the safeguarded data.

An event that should scare users?

The heart of the vulnerability lies in the use of external Trusted Platform Modules (TPMs), which BitLocker relies on to store encryption keys. During the boot process, communications between the external TPM and the CPU occur over a completely unencrypted Low Pin Count (LPC) bus.

An event which, although worrying, should not have particular repercussions on Windows users – Sjbeez

Importantly, this attack method specifically targets devices that use an external TPM. Newer computers with a TPM built directly into the CPU, such as those produced by AMD and Intel in recent years, should not be vulnerable to this type of intrusion. This reduces, but does not completely eliminate, the risk for most users.

Faced with this discovery, the question arises: is it time to look for alternatives to BitLocker? Despite Microsoft’s clear failure to protect against this specific attack vector, the situation is not hopeless. BitLocker, along with the AES-128 or AES-256 encryption it uses, remains a robust protection method against most threats.

Additionally, Microsoft said it is already aware of the potential risk and is working to strengthen defenses against such vulnerabilities. Users should always be aware of potential threats and consider the combined use of multiple layers of security, such as VPNs, updated antivirus, and of course, common sense practices such as regularly changing passwords and using two-factor authentication.