ndiddy
9 hours ago
I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.
aiscoming
8 hours ago
this exploit works only if you dont use a PIN/password for your Bitlocker and the volume automatically unlocks
so it gives you access to an encrypted volume which automatically unlocks anyway
the only difference is that it immediately gives you root access to the volume instead of having to go through the Windows login procedure - this might be a stolen laptop you dont have an account on
ndiddy
8 hours ago
The author claims the exploit also works with TPM+PIN, he just hasn't released the PoC:
> Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.
https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...
aiscoming
8 hours ago
they might mean "after you enter the bitlocker PIN you get root access without having a login password on the system" - still just a privilege escalation bug
iscoelho
7 hours ago
That’s quite a stretch, to say the least.
aiscoming
7 hours ago
claiming to have a 10 times more impressive PoC but not releasing it "out of goodness of heart" is also quite a stretch
iscoelho
6 hours ago
Considering the researcher had already reported these to Microsoft, and delayed releasing them publicly until Microsoft "pulled every childish game possible" (quote) instead of patching them, it's not unreasonable for the researcher to be withholding another exploit from the public to limit harm.
I also disagree that the PIN bypass would be "10 times more impressive," but that's just my professional opinion.
sexylinux
6 hours ago
If you think about it for some minutes you will maybe understand that there are many reasons not to publish it.
otterley
9 hours ago
> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
jiggawatts
6 hours ago
Microsoft quietly dropped support for encryption offload support ("OPAL") in SSD drives because the hardware vendors were doing absolute clown-shoes things like a single static hard-coded key or the key was literally empty / all zeroes!
There's levels of trust/security.
I generally trust Apple's device encryption, assume BitLocker can be popped by a well-equipped nation state attacker, and the rest I trust about as far as I can throw them.
PS: A related issue was (is?) that the comms between the CPU and the TPM chip on the motherboard isn't encrypted, signed, or in any significant way protected! Apparently it's relatively trivial to extract various keys including BitLocker encryption keys by simply clipping an oscilloscope to the TPM chip pins.
Reference: https://www.techcentral.ie/windows-bitlocker-no-longer-trust...
kotaKat
3 hours ago
> OPAL
Ah, yes. Wave EMBASSY Suite, Wave Preboot, and all that other hot garbage.
Best part of Wave Systems was their horrid support organization. I loved being the tier 0 rep they contracted and trained with zero software knowledge and being a catch-and-throw for all the angry people that locked themselves out of their laptops. "Sorry, buddy, all I can do is make you a Dynamics CRM ticket."
thefz
9 hours ago
You mean aside from the NSA? https://en.wikipedia.org/wiki/PRISM
otterley
8 hours ago
I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element.
Care to share a quote?
ffsm8
8 hours ago
Prism targeted network communication to my knowledge, hence the data wouldn't be siphoned from at rest encrypted devices. Instead it would've been leaked before it was copied to that local encrypted device, whenever it was transmitted over the wire. Eg when your background task uploaded it to iCloud or similar.
dcrazy
8 hours ago
It’s worth remembering that since Snowden, much of iCloud is now end-to-end encrypted using keys that Apple cannot unwrap: https://support.apple.com/guide/security/secure-icloud-keych...
ffsm8
8 hours ago
Fwiw, that's a clear statement - but only that.
There is no way for us, the users, to know wherever they have the capability to add additional keys to decrypt the data because the platform isn't open source and doesn't have attestation wrt what's actually serving the requests.
And it's worth remembering that apple had similar articles published before prism too which were ultimately proven to be groundless by prism.
otterley
8 hours ago
What, exactly, was proven to be groundless?
Veserv
8 hours ago
Ah yes, the bizarro world where systems are normally unhackable so the default assumption is impenetrable security and you need to prove they are insecure.
Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.
zuzululu
6 hours ago
How does Bill Gates keep getting away with this
sexylinux
6 hours ago
Do you know of a backdoor for Apple FileVault?