• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Microsoft screws up security encryption again, now it's Bitlocker

winjer

winjer

Gold Member




The hacker group Chaotic Eclipse, also known as Nightmare-Eclipse, has released two new Windows exploits called YellowKey and GreenPlasma. >YellowKey bypasses BitLocker encryption on Windows 11 and newer server versions by copying a special folder to a USB drive or the EFI partition and then rebooting while holding certain keys to gain full access to the locked drive. >GreenPlasma lets users gain higher system access through a CTFMON method that affects Windows 11 and some servers, with only part of the code shared as a challenge for others. In a signed blog post, the group warned Microsoft directly that the next Patch Tuesday will have a big surprise for them. They said they have never failed to deliver on a promise, noted their unhappiness with how Microsoft handled their past reports, and chose not to target Defender this time.
Click to expand...

If anyone needed another reason not to use Bitlocker, here it is.
 
I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?
 
BlackTron said:
I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?
Click to expand...

The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

www.forbes.com

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com www.forbes.com
 
winjer said:
The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

www.forbes.com

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com www.forbes.com
Click to expand...

LOL. I'm really not even that knowledgeable about it, because I just dropped attention totally from the outset, but it's exactly what I'd have expected. You got the feeling, back then, that MS put some kind of pressure or offered cash to the guy behind TrueCrypt to discontinue it and endorse theirs on its web site, to funnel people away from actual security.
 
Bitlocker was always bullshit in first place, so eh

I understand for enterprises, but for personal use is just plain bullshit
 
MS is failing big lately. Broken Windows updates. Teams and Office 365 are getting worse and worse. Now this.
But they still don't get the attention Apple is getting when they screw things up. Why is that?
 
iu


Is this 'feature' the "enhanced security" that this message is always telling me about?
Grin Smile GIF by iQiyi


Win 10 LTSC until they pry it from my cold dead fingers.
 
I've always thought it a bit weird that the Dell update software could suspend Bitlocker to install updates for a reboot. 3rd party software having that control feels exploitable as well.
 
Why would recovery be able to unlock your bitlocker drive without any credentials?
 
Last edited:
SScorpio said:
Screwed up the encryption? Or forced to include a bypass by governments which of course ends up getting out.
Click to expand...

Those are 2 different things. Is this specific case, it's a security flaw that allows anyone to decrypt data. It's just pure incompetence.
But not related, MS does store the Bitlocker keys on their servers, and they have been given them to the FBI when requested. And chances are to more organizations. This is intentional.
But both are very strong reasons not to use Bitlocker. In fact it's better to disable the service, because Bitlocker sometimes decides to start encrypting drives without user consent.
 
Id say anyone that takes security seriously would use their own turn-key solution rather than trust one baked into the OS.
 
winjer said:
Those are 2 different things. Is this specific case, it's a security flaw that allows anyone to decrypt data. It's just pure incompetence.
But not related, MS does store the Bitlocker keys on their servers, and they have been given them to the FBI when requested. And chances are to more organizations. This is intentional.
But both are very strong reasons not to use Bitlocker. In fact it's better to disable the service, because Bitlocker sometimes decides to start encrypting drives without user consent.
Click to expand...
I don't think it automatically stores them, you can choose to store them on MS's servers.
 
winjer said:
Those are 2 different things. Is this specific case, it's a security flaw that allows anyone to decrypt data. It's just pure incompetence.
But not related, MS does store the Bitlocker keys on their servers, and they have been given them to the FBI when requested. And chances are to more organizations. This is intentional.
But both are very strong reasons not to use Bitlocker. In fact it's better to disable the service, because Bitlocker sometimes decides to start encrypting drives without user consent.
Click to expand...
Putting in a request requires going through the proper channels, there's a paper trail and lawyers.

Having a "typo" that gets around the encryption is just like Apple's "Goto Fail" that bypassed SSL certificate signature verification. Governments have state level actors inside major corporations, change a line here, or over there. Was that a simple typo in the commit. Or something planned on purpose?
 
Last edited:
Automatic bitlocker is even being pushed on new Windows 11 Home installs. It one of the reasons Microsoft was forcing MS accounts. The recovery keys are attached to the users account.

The problem is people complain they don't know which email address they are using their computer with.

With a lot of PC usage moving to laptops that are more easily lost or stolen. Having an encrypted drive isn't a bad thing. The problem is making it seamless for the most non-technical user.
 
poppabk said:
I don't think it automatically stores them, you can choose to store them on MS's servers.
Click to expand...
You can save them to Intune or have a 3rd party RMM save them. Store them in AD or on a USB. Enabling BitLocker has been a big plus for businesses due to 256-bit encryption. I use Strelec to crack Windows passwords. What slows me down is when the drive is encrypted. A non encrypted drive is easy as hell to crack.

MS just needs to patch it. This is why we rely on white hats to break what's currently in place.
 
Last edited:
You must log in or register to reply here.

Similar threads

In-Home Security Cameras
46
978
Unknown? replied
GAF keeps asking me for security verification
5
205
Trilobit replied
LG webOS TVs are now installing Microsoft Copilot automatically with no option to remove it
News  2
65
2K
Hookshot replied
Former Microsoft VP says Microsoft missed the AI wave like the internet and mobile
News 
6
326
mitch1971 replied
Netflix price increase again.
49
838
AJUMP23 replied
Top Bottom