[iscoelho]

What's with all the replies on these threads downplaying this? Why is it mainly brand new accounts? What's going on here?

I've seen every variant of:

1) "this is an authentication/privilege escalation bug, not a bitlocker exploit" (? what are you even trying to say)

2) "even though the attacker explicitly warns that this is capable of bypassing TPM+PIN, that isn't actually true or what he meant"

3) "we shouldn't jump to conclusions that this is a backdoor"

4) "we already knew BitLocker with just TPM isn't secure" (? except many organizations depend on it to be)

[Dylan16807]

1) These systems are set up for automatic decryption. It's super obvious that if you can successfully attack windows between unlock and user login, you can get to the files. If this is such an attack, it's not a flaw with bitlocker itself.

2) Is it unreasonable to say "show it"?

3) Correct, we shouldn't jump to conclusions.

4) It's not known-insecure but it is known-enormous-attack-surface.

[iscoelho]

1) Except that the entire premise behind BitLocker TPM's security relies on the login screen as a hard security boundary, and thus any attack on the login screen is an attack on BitLocker. It is semantics to dispute this and certainly fits "downplaying."

2) I'm sure many organizations are thankful that the researcher has decided not to release that exploit chain at this time. I am hopeful that Microsoft will not be as dismissive and will resolve it before it is publicly released.

3) It distracts from the point. The point is that Microsoft's security record is so bad that many of the vulnerabilities appear deliberate and obvious enough to be backdoors.

4) Yes, this also fits the definition of downplaying.

[Borealid]

If Microsoft wanted a backdoor, there is no need to hide it in the official Windows Recovery Environment image.

Just sign an alternate version of the recovery environment that doesn't bother displaying a login screen. Done - you can access any TPM-only Bitlocker setup freely. This is actually LESS risky than keeping the exploit in the publicly-available version of WinRE, because you don't have the risk of pesky security researchers finding your backdoor.

Hanlon's Razor and Occam's Razor both say this is probably a bug that lets you use some kind of early-boot filesystem-corruption-fixing code on the recovery image to break the login screen and leave the disk unlocked by accident. It deletes itself because it's, well, intended to be a filesystem fix log, and the log gets deleted when it's done being replayed so it doesn't happen a second time!

[iscoelho]

I don't disagree. Clarifying, I personally don't think this exploit is a backdoor, but rather that the negligence is enough to appear malicious.

Just for fun (not saying I believe this!): Did you ever consider that a malicious Microsoft employee may have intentionally planted this exploit? They don't have access to signing keys. They aren't able to make custom firmware. However, what they can do is leave innocent looking code in Windows that they and their co-conspirators can exploit later. Completely possible (-:

[Dylan16807]

1) It is semantics to dispute this and certainly fits "downplaying."

It's not semantics. A true bitlocker backdoor would let you in even if it's passworded.

And is it really downplaying? The ability to shove in a USB stick and get control over the drive is mostly equivalent to a bitlocker exploit when it comes to laptop theft. But for quick access to a desktop without bitlocker, and without the ability to open it and pull the drive, it's actually more damaging than a bitlocker exploit.

2) I am not personally being dismissive of the claim. I'm saying it's fine to hold off, and even if we assume the PIN version is real we shouldn't assume we know exactly what it looks like.

3) Saying it's not a backdoor distracts from the point? Can't agree with you there at all. The comments saying it's definitely a backdoor are the ones I point to as distracted.

4) Maybe it's downplaying but it's true. Replying on TPM-based bitlocker is a lot more dangerous than having a secure password. It's chosen because it's easier to enforce.

[iscoelho]

If the device doesn't have BitLocker, this exploit is pointless because you can already boot any OS USB and immediately have full access to the unencrypted disk.

This exploit is only ever relevant with BitLocker enabled (as a method to "bypass" BitLocker's security premise [categorically classifying this as, dare I say, a "BitLocker bypass"]).

To avoid typing 1)2)3)4) a bunch of more times, I'll just say 2/3/4) all still fit the definition of downplaying the situation.

[Dylan16807]

> If the device doesn't have BitLocker, this exploit is pointless because you can already boot any OS USB

For this hypothetical, assume the owner took basic precautions to lock booting to the hard drive and password protect the BIOS.

But I'm not 100% familiar with how recovery mode normally works, so maybe it doesn't matter.

> To avoid typing 1)2)3)4) a bunch of more times, I'll just say 2/3/4) all still fit the definition of downplaying the situation.

I think that level of pushback against the claims is a valid (and small) amount of "downplaying". I haven't seen anyone claiming this isn't a serious issue.

[iscoelho]

If the device does not have BitLocker, WinRE already by default provides full Administrator access to the unencrypted disk via Command Prompt.

> I think that level of pushback against the claims is a valid (and small) amount of "downplaying". I haven't seen anyone claiming this isn't a serious issue.

If you look in the other threads about this, it's much more obvious. Look for brand new users. There's comparatively few in this thread, but the pattern is there: if the user's name is green, they're downplaying this.

[gib444]

Most submissions involving criticism of big tech gets those kind of replies. Par for the course here.

You just have to skip reading them because it seems there's no stopping those 100% genuine replies