Close Menu
    A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it
    Technology

    A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

    Share.
    View 36 Comments

    36 Comments

    2. iamapizza on

      > just can’t come up with an explanation beside the fact that this was intentional

      Please can we not promote speculative clickbait here. 

    3. scamdrill on

      PoC works, but the “intentional backdoor” framing is a stretch. Win10 isn’t affected, only the Win11 WinRE image, so according the article, something specific got added to recovery that breaks encryption when you plug a USB folder in. Could be a sloppy regression, could be worse, but no way to tell from outside Microsoft. Important to note this needs physical access either way.

    4. notanfan on

      The researcher explained that they “just can’t come up with an explanation beside the fact that this was intentional. Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”

    6. randomthrowaway9796 on

      I think its more likely the slop did it without a human verifying that there should be one

    7. Sitbacknwatch on

      This can only access drives that have been accessrd recently right? Ive got ywo external drives that locked me out months ago that id love yo be able to access again.

    8. MutaitoSensei on

      Engineer that was forced to vibe-code Win11’s BitLocker using Copilot by Microsoft Execs: yes…. Yes, we meant for that backdoor to be there 🫥

    9. Grumpy-Man19 on

      IMHO I bet the government asked Microsoft for it. Like CISCO as recently revealed during the Iran invasion attempt.

    10. kaishinoske1 on

      And the government wants a backdoor to every single device. For what, for state actors to take over your device, government devices are not immune to this either.

    11. Hegiman on

      Haven’t they been doing this since like pgp3 basically everything has to be accessible by the government.

    13. New-Ranger-8960 on

      There has never been a better time to ditch Microsoft products and services

    14. TreeCitizen on

      To make sure you don’t have too much freedom from government and a certain blue flagged country.

    16. NoScallion2856 on

      It’s obvious they did this on purpose. Windows 11 has been nothing but a complete disaster, which perfectly explains why nobody wants to upgrade from Windows 10.

    17. RogueHeroAkatsuki on

      So…. people will still insist that Chinese companies are bigger threat to user privacy than American big tech?

    24. roughback on

      Can’t have a backdoor exploited if you don’t use bitlocker *taps temple*

    25. thedefmute on

      This makes sense
      The US government was trying to pressure various companies to put backdoors in and we only found out when some companies refused

    26. Mama_Office_141 on

      Snowden leaks told us this in 2013. The whole world should be moving away from American software like France is doing

    27. northpalmetto on

      This might help explain why various European entities are ditching Microsoft and other American technologies.

    29. PmMeUrTinyAsianTits on

      Everyone should’ve known this when truecrypt went down, “suggested” using it, and gave no explanation. They gave the best warning they could that they were being told “put in a backdoor or be shut down, if you tell anyone you’ll go to prison.”

    30. N-9990 on

      I’ve known for years that Intel/NVIDIA hardware has had hidden management engines, telemetry, and potential backdoor-level access built in, and almost nobody cared because either people didn’t notice or felt powerless to do anything about it. So when stories like this BitLocker thing come out, I’m honestly not even surprised anymore.

      What really makes me question everything is how governments claim there are laws to protect privacy, while at the same time other laws allow mass surveillance and secret access “for security reasons.” How does that even make sense? You can’t seriously say users are protected while also normalizing built-in spying capabilities and backdoors everywhere.

    31. MrWZY on

      Must be an insider telling the researcher or how I hell would someone find out?

    33. Expensive_Shallot_78 on

      How often will this be reported again? Hearing this since day 1 bitlocker release

    34. TeeStar on

      I have been in IT for over 25 years, and this looks terrible on Microsoft.

      Either this is a legit backdoor or Microsoft is extremely incompetent.