YellowKey can be triggered simply by merely copying some files to a USB stick and rebooting to the Windows Recovery Environment. We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit’s files disappearing from the USB stick after it’s used once.
Bitlocker was developed entirely inside MSFT. Upon further review, there is a chance that this is all somewhat normal behaviour. Part of MSFT safeOS to make it convenient to recover bitlocker access, and update windows.
100% certainty of backdoor. Is bitlocker developed outside of MSFT? Would seem to need MSFT cooperation to implement.
Bitlocker was developed entirely inside MSFT. Upon further review, there is a chance that this is all somewhat normal behaviour. Part of MSFT safeOS to make it convenient to recover bitlocker access, and update windows.
Normal behaviour?
-“Well it turns out we just said your data was protected, for your, ehrm, satisfaction?”
And be able to easily comply with law enforcement requests for decryption.
Ergo, the encryption is actually worthless.