857
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it (www.techspot.com)
submitted 1 day ago by Itwasntme223@discuss.online to c/technology@lemmy.world
70 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] hperrin@lemmy.ca 51 points 22 hours ago

Of course they did. They have no interest in protecting your privacy and every interest in making you think they do. I would’ve been way more surprised to learn there wasn’t a backdoor.

[-] smeenz@lemmy.nz 12 points 17 hours ago

I'm left puzzed as to how this works ...like.. the data on the disk should be encrypted sector by sector...it takes forever to encrypt or decrypt a disk which is consistent with that understanding.

When you boot into PE, I don't understand how that OS can read anything off the disk, yellowkey or not, without knowing the encryption key..so how does it get that key. Is the vulnerability here that the key is stored in the TPM and win PE can be convinced to retrieve it without the proper credentials being provided ?

If that's the case, and the TPM can just provide the key on request...then... where is the security here ?

[-] hperrin@lemmy.ca 9 points 15 hours ago

My guess is that the key to decrypt the disk is stored on the disk, encrypted by a Microsoft-known key. This seems to unlock that copy of the key rather than the copy encrypted by your own key.

Though he did say to put the disk back in the original system in part of the instructions, so it might be TPM based. The way to check would be to try this on a system with a disk from another system, or with a wiped TPM.

TPM is not security, it’s security theatre. If you don’t need to type a password in or insert a device with a key on it during boot, then it’s not secure, period.

this post was submitted on 17 May 2026
857 points (100.0% liked)

Technology

84734 readers
4759 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws