27 comments

[ 4.9 ms ] story [ 53.3 ms ] thread
Remarkable. Does MS take a huge reputational hit for having a backdoor, or are they so essential to most places this won’t matter?
I’m assuming the EU speeds up the uncoupling cause of some of this.
As far as I can tell, there's no concrete evidence that it is actually an intentional "backdoor."
It's not an actual backdoor. An attacker found a way to exploit Windows after booting it up in this recovery mode. The security of files on the device depends on it being impossible for Windows to be pwned by an attacker on any surface exposed before the user is unlocked.

This is why operating systems like GrapheneOS disable the USB port on the initial boot to limit the attack surface that an attacker has.

I think anybody who has been paying attention has assumed for at least 20 years that all of Microsoft’s shit is backdoored anyway. I mean, the original Snowden revelations made that abundantly clear if it wasn’t before then.

Businesses use Microsoft because they figure if it’s backdoored it doesn’t matter and won’t affect them (because they aren’t terrorists or child pornographers or whatever, and they’d comply with a subpoena regardless of if Bitlocker is backdoored or not) and individuals who care about security and privacy put their shit on a Veracrypt drive somewhere else.

I don’t think anyone is using Windows for privacy, so I’d say nobody will care.
The BitLocker exploit seems simple and very dangerous. Companies and individuals have been relying on BitLocker to protect information if the device is lost. Despite promises, Microsoft doesn’t seem to be serious about security.

What will it take for more companies to truly understand their risks with Windows and being locked into Microsoft’s platforms?

How is this even possible, backdoor or no? Isn't the whole point of this type of encryption that even a compromised machine can't decrypt without the passphrase? If this works it means that the key is stored unencrypted somewhere?
For those who use password (not PIN) based pre-boot authentication with BitLocker... do we know if that setup is safe?

I can't imagine there would be a way to bypass that if a password is required, unless it was a situation where like, there was originally some secret secondary key made that needs no password... or the password was never tied to the key in the first place.

This looking so much like an intentional backdoor just makes me wonder even more about TrueCrypt's sudden recommendation in 2014 that everyone switch to BitLocker. This particular backdoor didn't exist then (it's only Win11 apparently) but this sure makes it seem more plausible that another one might have.

Though if TrueCrypt was killed to try and get people to switch to encryption that could be backdoored, then why allow its successor VeraCrypt to exist? It's open source and independently audited, so it really shouldn't be backdoored.

What's with all the replies on these threads downplaying this? Why is it mainly brand new accounts? What's going on here?

I've seen every variant of:

1) "this is an authentication/privilege escalation bug, not a bitlocker exploit" (? what are you even trying to say)

2) "even though the attacker explicitly warns that this is capable of bypassing TPM+PIN, that isn't actually true or what he meant"

3) "we shouldn't jump to conclusions that this is a backdoor"

4) "we already knew BitLocker with just TPM isn't secure" (? except many organizations depend on it to be)

bitlocker is generally useless unless the hardware is secure to begin with and while we have tons of 'boot guard' implementations which fuse the certificate into hardware meaning that only the OEM can create firmware that will boot there have been at least 2 instances of these certificates leaking exposing all hardware with that signature and other bypass methods (some boot guards are 'flash' guards were you can only flash signed firmware, but doesn't stop you from directly flashing the spi bios chip).

I had someone demo me preserving PCR values by patching SMM module in firmware without triggering any bitlocker lockout, this also means that you can externally write bios with the smm module as long as you have ~2 minutes to disassemble the laptop or desktop and flash firmware.

This hurts the most when you don't have PIN authentication which means you just need to steal the laptop to exfiltrate data, if you do then you have to have the user boot which then drops a payload exfiltrating data over network or just stealing the laptop again as you can write back decryption keys into non encrypted partition or corrupt some sectors at the end of the disk and write them there.

* modifying smm allows you to patch the boot process loading a malicious payload into hypervisor/kernel.

What's with these two new accounts, `aiscoming` and `forestry`, being weirdly aggressive in their defense of bitlocker?
So is bitlocker not using TPM vulnerable? Bitlocker at rest? It is not really clear.
When I see a bug that walks like a backdoor and swims like a backdoor and quacks like a backdoor I call that bug a backdoor.
Properly secure symmetric encryption needs a key with at least 128 bits of entropy. In the "device lost/stolen" scenario, that key must not be on the device. Key inside a TPM on the device itself is DRM, nothing more. There's better and worse DRM, I think the iPhone bootloader one is one of the better ones, but it's still just DRM.

You either need to enter a 128-bit entropy password on every boot (good luck with that) or you need to hold it on some external device, with some variant of USB / smartcard / NFC / Bluetooth to transmit it. NB. this is one of the cases where the usual "key for signing only, never leaves device, ephemeral DH and ZK protocols" like for SSH will not work on its own; you need the high-entropy key physically separate from the device.

The NSA realised this a while ago: https://en.wikipedia.org/wiki/KSD-64

Linux/LUKS etc. doesn't change any of this, by the way.

P.S. If Eclipse really has beef with Microsoft, he could always make an exploit that lets you set up a PC without making a Microsoft account.

Crikey, it seems that the big news - a backdoor is somewhat burried.

It also strikes me that these are several very high value (all but one complete) exploits.

Surely the value of these on the market would be astronomical and best suited to law enforcement agencies using unlock as a service businesses.

So I have to say I applaud the open disclosure

My only doubt about YellowKey is, does it require having access to an already unlocked machine (i.e., the user is logged in) to copy the required files?
I saw someone on Reddit ask if it would be possible to write a known vulnerable WinRE version on the drive (or another drive ?) if this got patched?

I do not know bitlocker/TPMs a lot, do they also prevent this sort of thing ?

I'm not sure that copying a key after unlocking the system counts as a backdoor? If the OS promises to lock access to the key and fails to do so then I can see the logic that people might then call that a backdoor. But it's different from there being a key bypass, or a pre-shared key (or such), which it seems like the article suggests? For the record, I don't use Windows (so glad).
Does anybody know what FsTx actually is? Is there any documentation about it?
On my newest laptop, an Asus Zenbook A16, the BIOS (a Insyde 309 3.08) has NO way to disable USB boot or even to change the boot priority. I enabled a BIOS password, secure boot, and a Bitlocker PIN (so my computer boots into a special boot screen before Bitlocker is unlocked) but I'm still not sure if this is enough.