A hacker has demonstrated that Windows 11’s BitLocker encryption is still vulnerable, even after a reported fix.
At the Chaos Communication Congress, hacker Thomas Lambertz showcased how users can bypass BitLocker encryption with just one-time physical device access and a network connection.
Bitpixie Attack Still Works
This vulnerability, known as CVE-2023-21563, was believed to have been fixed in November 2022. However, Lambertz’s demonstration revealed that the fix was insufficient.
By exploiting a “bitpixie” attack, hackers can use Secure Boot to start an outdated Windows bootloader, extract the encryption key into memory, and then use Linux to retrieve the key.
Why the Fix Didn’t Work
Microsoft’s attempt to fix the issue was hindered by UEFI firmware storage space limitations. New Secure Boot certificates, which could address this vulnerability, may not be available until 2026.
In the meantime, users can protect themselves by adding a PIN to their BitLocker or disabling network access in the BIOS.
Risk for Businesses and Governments
While everyday users are unlikely to face this threat, the vulnerability poses a significant risk to businesses, enterprises, and government organizations.
With just a single instance of physical access and a USB network adapter, hackers could decrypt BitLocker-protected drives, making it a serious concern for high-security environments.
For more detailed technical insights, the full presentation from the Chaos Communication Congress is available online.
