Microsoft's Windows "disk encryption," which creates a backup copy of users' vital information, can lead to a vulnerability to hackers and even government agencies like the Federal Bureau of Investigation (FBI).
The Intercept reported that disk encryption is one of the best features of the latest Windows devices that protect data when users' devices gets stolen or lost. However, unbeknownst to most, users who log in to their Windows 10 through their Microsoft account, the computer automatically uploads a copy of their recovery key.
According to Real Independent News & Film, once the double is created, it could lead to vulnerability, making it easier for hackers and government authorities to access users' accounts and information. Users are not notified by this process and have no options to disable it.
"In order for this 'vulnerability' to be exploited, an attacker must be able to both gain access to the backed up key and gain physical access to the encrypted storage," said Tripwire cybersecurity researcher Craig Young in a report by Top Tech News. "There is essentially an infinitely long list of easier ways for an intruder to bypass disk encryption and retrieve data from a protected device by attacking the endpoint."
Windows' "disk encryption" can be compared to the Clipper chip program that was pushed by the National Security Agency and the White House in the 1990s, during Bill Clinton's leadership. It aimed to have telecom companies sell crypto phones backdoor. This means all the phones that have a Clipper chip will have an encryption key, that the government could also have a copy of. This whole system is called key escrow. It comes with the promise that it will only be used under a valid warrant. It was discontinued by 1996.
Windows process of backing up users' recovery key is somehow similar with the key escrow of the 1990s.
