alt Hacker NewsThe bug this guy brings up is very obviously a Bitlocker backdoor and raises very serious questions about what Microsoft is doing with the encryption. Pretty certainly they're able to decode the volumes without the user's key, which is extremely concerning.
Looks like they're trying to make it disappear, but it's in the wild now.
Replies
I wouldn't be surprised if this was intentionally put in, but I think its important to clarify that the encryption itself wasn't broken, and with this exploit specifically the drive also has to remain inside the original PC/TPM. It's a boot authentication bypass, not an encryption break.
As far as we know, having TPM+Pin or TPM+Startup Key breaks the exploit. TPM only was always known to be basically ineffective against threats like laptop theft, TPM only would only protect you if the drive was stolen out of the machine, which in that case, this exploit also would not work.
It’s a post-boot authentication bypass exploit. Any post-boot authentication bypass exploit against TPM-only sealed BitLocker effectively bypasses it. The user doesn’t have a key to start with in this setup, just the machine.
This exploit is cool but there are similar exploits discovered in any given year and nothing really reeks of a backdoor; this one seems to be gaining attention mostly because Microsoft’s robo-call level initial response caused the researcher to dramatically crash out.