this post was submitted on 13 May 2026
930 points (99.6% liked)

Technology

84646 readers
4308 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
930
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor (www.tomshardware.com)
submitted 1 day ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
155 comments fedilink hide all child comments
 

YellowKey reportedly works in Windows 11, Windows Server 2022 and 2025, but not in Windows 10.

you are viewing a single comment's thread
view the rest of the comments
[–] homesweethomeMrL@lemmy.world 186 points 1 day ago (1 children)

YellowKey can be triggered simply by merely copying some files to a USB stick and rebooting to the Windows Recovery Environment. We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit's files disappearing from the USB stick after it's used once.

[–] humanspiral@lemmy.ca 41 points 1 day ago (1 children)

100% certainty of backdoor. Is bitlocker developed outside of MSFT? Would seem to need MSFT cooperation to implement.

[–] humanspiral@lemmy.ca 20 points 1 day ago (2 children)

Bitlocker was developed entirely inside MSFT. Upon further review, there is a chance that this is all somewhat normal behaviour. Part of MSFT safeOS to make it convenient to recover bitlocker access, and update windows.

[–] Dojan@pawb.social 19 points 1 day ago

And be able to easily comply with law enforcement requests for decryption.

Ergo, the encryption is actually worthless.

[–] Valmond@lemmy.dbzer0.com 2 points 17 hours ago

Normal behaviour?

-"Well it turns out we just said your data was protected, for your, ehrm, satisfaction?"