Online security experts have found a vulnerability in Microsoft Windows that leaves users’ “encrypted” hard drives completely open to hackers.
The massive security flaw was first reported by Twitter user @atomicthumbs, who warned that BitLocker is storing users’ keys on their drives in clear text – meaning hackers can potentially obtain the key, unlock the drive and steal all their information.
“…if you install Windows 11 with a local account instead of a Microsoft account, it still encrypts your drive with Bitlocker, but it keeps the key on the drive… in cleartext… until you sign in with a Microsoft account,” he tweeted on Sunday.
“This serves the dual purpose of making it difficult to recover your data, AND providing a false sense of security, since that Bitlocker key may well be compromised before you upload it to Microsoft,” he continued.
Microsoft’s “Security” Theater
The VMK is the master key used for encrypting the FVEK, which encrypts a users drive data. Normally the VMK is itself encrypted via a password. In this case of Microsoft and Bitlocker, however, it is encrypted with just a clear key.
Why is Microsoft engaging in security theater and pretending to users their data is secure when it obviously isn’t