Windows 11 BitLocker Still Vulnerable to Hackers

A recent presentation at the Chaos Communication Congress (CCC) by hacker Thomas Lambertz revealed that Windows 11 BitLocker's default encryption remains vulnerable, even after a supposedly fixed bug (CVE-2023-21563). The exploit, dubbed "Screwed without a Screwdriver," allows hackers to bypass BitLocker with a simple one-time physical access and a network connection. How the Exploit Works This attack, categorized as a "bitpixie" attack, leverages an outdated Windows bootloader via Secure Boot to extract the encryption key into memory. By using Linux to access memory contents, hackers can retrieve the BitLocker key. This bypass occurs even if the system has been updated to address earlier Bitpixie vulnerabilities, demonstrating that the fix was not comprehensive. The issue lies in the limitations of UEFI firmware storage space. New Secure Boot certificates are not expected until 2026. In the meantime, users must implement their own protection, either by backing up…