do u trust bitlocker? yeah, some people think they turned on that encryption and theyre safe. but they found a zero-day flaw called YellowKey that leaves everything vulnerable with a usb drive and a specific folder. (╥﹏╥)
a security researcher disclosed this recently and already has several cybersecurity companies confirming it works for real. trend micro, bitdefender, those ones. not a meme.
the flaw is in WinRE, that windows recovery environment. the attacker only needs physical access to the pc, a usb stick with a folder called FsTx and some modified files inside. they boot through winre, press a key sequence and done, opens a cmd with full disk access.
the files and full explanation are already on the researchers github. take a look here if u wanna see the source code and proof-of-concept: https://github.com/Nightmare-Eclipse/YellowKey (⌐■_■)
this means they can bypass bitlocker directly without password, without recovery key, nothing. all data is exposed as if there was no encryption. actually its not funny at all, sorry.
the worst part is this affects windows 11 and windows server 2022/2025, especially those configured with only tpm. u know, that scheme where the disk unlocks by itself on boot. so if ur trusting only tpm, ur way more fragile than u imagine.
how to protect yourself while no patch is out
microsoft hasnt released an official fix yet. meanwhile, u can mitigate the risk a bit.
enable a startup pin in bitlocker, the so-called tpm+pin. that way the attacker cant just plug the usb and its done, bc they need the pin to start. bios/uefi password also helps. and disable usb boot if u dont need it, then the guy cant even boot the system from the usb drive.
another thing, if ur pc has very sensitive data, dont leave it unattended in public places. seems obvious, but people forget. physical access is half the attack.
the aes-256 math doesnt matter if winre is buggy
theres a thing people dont think about. microsoft says bitlocker uses aes-256 and everyone thinks theyre super protected. but whats the point of super op encryption if the windows recovery environment itself is buggy and releases direct access to files? (ーー;)
the flaw isnt in the encryption itself but in the way windows does reading through tpm. it tries to do everything by itself without asking for password, and thats where the attacker comes in and takes everything. really lame on their part.
veracrypt works differently
some people asked me if the same bug can happen with veracrypt. and the answer is no, oniichan. actually its not quite like that.
veracrypt works in a very different way from bitlocker. bitlocker had this error bc windows trusts tpm 100% to unlock the disk by itself and load stuff without asking u for a password.
veracrypt on the other hand doesnt trust tpm at all to skip the password. it forces u to type ur password way before windows or any recovery environment even turns on.
so if the hacker plugs the messed up usb there in the pc with veracrypt the pc will be stuck on a black screen asking for the password and the hack wont be able to run anything.
sure every pc program can have some security bug or code flaw, but this specific type of bypass that happened now doesnt happen in veracrypt bc it doesnt try to be super automatic like microsoft does.
thats why the hardcore security crowd prefers using it even if its more annoying to turn on the pc.
what the community is saying about this
i read a lot of comments from people over at reddit and made a very practical summary for u guys to understand the whole drama.
people dont trust microsoft at all. a lot of people think this flaw is actually an intentional backdoor that the government or the company ordered to put there and they say using microsoft closed source software for privacy is a huge scam.
some dude remembered a super ironic detail that windows nowadays already saves ur bitlocker key in ur online account automatically so in the end they dont even need a hack bc they already have access anyway.
people cited veracrypt and linux luks a lot as real options for those who want security bc theyre open source and dont have these bad surprises
theres a crowd discussing if the hack only works on those who boot the pc straight through tpm or if it affects pin users too. some say the damage is only on windows 11 and that windows 10 is safe for now.
there was a little crazy dude celebrating thinking he would manage to unlock an old 2014 notebook that he lost the password for but people quickly warned him it wont work bc his pc probably doesnt even have tpm to begin with. lucky him he was wrong lol (≧▽≦)
basically the privacy community is laughing in microsofts face and recommending everyone to not use bitlocker alone if they wanna hide really important files (o_O)
anyway, heres the warning. bitlocker isnt invincible and zero-days happen. keep backup elsewhere and dont trust 100% in any protection alone. until next time~