BitLocker cracked by YellowKey exploit using USB files

Microsoft BitLocker, the full-disk encryption tool built into Windows, has been broken by a zero-day exploit called YellowKey [Tom's Hardware]. Attackers can unlock encrypted drives by inserting a USB stick containing a few crafted files—no password or recovery key needed. The exploit targets the BitLocker To Go feature and works on multiple Windows versions, including recent builds, when drives are unlocked in certain modes [Tom's Hardware].

YellowKey exploits what appears to be a design-level flaw, not a traditional bug. It leverages the way BitLocker handles pre-boot authentication and recovery processes, effectively tricking the system into decrypting the drive using manipulated configuration files on removable media. Researchers describe the behavior as resembling a backdoor, though no evidence suggests intentional implementation.

Microsoft has not issued a patch or public response. The company typically requires physical access to a device for such attacks to succeed, but that threshold is routinely crossed in corporate theft, border seizures, and targeted intrusions. The vulnerability undermines the assumption that BitLocker-protected drives remain secure when powered off.

Why it matters:

— The exploit defeats a core Windows security feature used by enterprises, governments, and individuals to protect lost or stolen devices.

— No workaround exists beyond disabling BitLocker’s auto-unlock features or restricting USB access during boot—measures most organizations don’t enforce by default.

— The lack of a patch leaves millions of BitLocker-protected systems exposed, especially laptops with suspended sessions or frequent unlock cycles.