alt Hacker NewsSecurity researcher says Microsoft built a Bitlocker backdoor, releases exploit
Comments
This doesn't sound bitlocker specific, sounds more like a login bypass. If you rely on TPM without PIN then it gets decrypted automatically. This should be fine normally as attackers shouldn't be able to get past login screen. But this exploit shows a way allegedly to get a unrestricted shell in the recovery environment.
The researcher claims a way to bypass PIN too but hasn't revealed it.
"Security professionals generally recommend avoiding reliance on any single encryption system and instead evaluating well-reviewed full-disk encryption alternatives such as VeraCrypt".
If they put a backdoor into FDE it would make more sense to advise people to stop using windows at all and using Linux instead. If they put a backdoor in FDE you can be sure there is not just one backdoor in the operating system itself. You shouldn't trust proprietary software at all. You shouldn't even trust open source if it isn't properly audited.
At what point will Security professionals start turning down roles that involve “securing” MS Products? I’m already at this point.
Securing Microsoft products is busy work while waiting to have it undercut by the next wave of MS’s insane tech debt and greed. And now backdoors!
> The vulnerability may also work without a USB drive if the FsTx files are copied to the Windows EFI partition and the encrypted disk is temporarily disconnected from the system. After placing the FsTx folder, an attacker would need to reboot a BitLocker-protected machine, enter the Windows Recovery Environment, and follow a specific sequence of inputs.
At the point where you're able to mount the EFI partition and effectively modifying the bootloader, it's game over anyway - just run `manage-bde -unlock`, you already have to be root to mount the EFI partition.
That should be the fastest way to make them patch it.
Well I doubt anyone would be surprised with a backdoor in MS product, there have been many of them already, I frankly doubt anyone with "disk encryption" on Windows would think that it's NSA-proof (or script-kiddy clever, as shown in this article :))
This doesn't surprise me at all. Microsoft is a Chinese company and Chinese companies have to work with the government on such matters. Oh sorry, I meant an US company, whatever..
As long as Microsoft will continue to use dark patterns to convert local accounts to online accounts and automatically, without user consent, encrypt the storage drives preventing any computer use until the user goes to aka.ms and through the hoops, this is a good thing.
No one should have their data encrypted and kept from them without consent unless they do something. Microsoft does that now. They may not be requring a monetary ransom like others, but it is a ransom nevertheless.
I know this is controversial. Bitlocker helps protect one's property and information when used intentionally. And that being impacted is a shame.
Title sounds conspiratorial, but it lines up well with the controversy around TrueCrypt's discontinuation which, I believe, specifically called out BitLocker as an alternative to use in future.
Maybe I’m an outlier but I don’t want my drives encrypted at all. I rather have all my data be accessible if things go catastrophic, I.E. having to pull the drive out of a broken computer and put it in another computer to access the files. I just want it to be plug and play.
Seems this traces back almost a week, from Nightmare-Eclipse who is the researcher who found this:
Tuesday, 12 May 2026 - "Here are the links, yes, two vulnerabilities this time [YellowKey] [GreenPlasma] [...] Next patch tuesday will have a big surprise for you Microsoft"
Wednesday, 13 May 2026 - "I can't wait when I will be allowed to disclose the full story, I think people will find my crashout very reasonable and it definitely won't be a good look for Microsoft."
Author's blog: https://deadeclipse666.blogspot.com/
First post in March 2026 is "[...] someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine."
I'm not sure what to make of it, is this someone essentially "leaking" things from the inside? Sure sounds like it, and others are able to reproduce the results.