news.volyx.in

Security researcher says Microsoft built a Bitlocker backdoor, releases exploit (techspot.com)

594 points by nolok · 58 days ago · 263 comments on HN

Article summary

A security researcher claims to have found a backdoor in Microsoft's BitLocker encryption system, which could allow attackers to bypass full-volume encryption. The researcher released an exploit called YellowKey, which can be used to access encrypted data without a password. Microsoft has released a mitigation for the issue, but the researcher believes it may be an intentional backdoor. The vulnerability can be exploited using a USB stick and the Windows Recovery Environment.

Main themes

  • BitLocker backdoor
  • encryption without consent
  • data protection
  • security vs accessibility
  • physical theft and unauthorized access
  • default encryption settings

What commenters say

  • Some users feel that encryption without their consent is a form of ransom, and this backdoor is a good thing because it allows them to access their own data.
  • Others argue that encryption is necessary to protect sensitive data, and that users should take responsibility for setting up recovery keys and backups.
  • There is a debate about the importance of encryption for different types of devices, such as laptops versus desktops.
  • Some users prioritize ease of access to their data in case of a catastrophic event, while others prioritize security and encryption.
  • The use of encryption is seen as a way to protect against physical theft and unauthorized access to data.
  • There is a disagreement about whether encryption should be enabled by default, and whether users should be allowed to opt-out.
  • Some users believe that encryption is not necessary for non-sensitive data, and that it can be an obstacle to accessing their own files.