Yellowkey Exposed: Why BitLocker 'On' Isn't Enough

Episode notes

Noel Bradford delivers a direct examination of YellowKey, the reported BitLocker bypass that exploits the Windows Recovery Environment on TPM-only configurations. This episode strips away vendor comfort narratives and green-tick dashboards to focus on what default encryption settings actually protect against when a laptop is stolen or accessed physically. He explains how YellowKey targets trusted recovery paths rather than breaking encryption mathematics, why TPM-only BitLocker represents a convenience trade-off rather than maximum assurance, and how businesses confuse enabled controls with proven protection. The episode provides practical guidance on identifying high-risk devices, reviewing BitLocker protectors, implementing TPM plus PIN where appropriate, locking firmware settings, restricting USB storage, and properly escrowing recovery keys. The episode argues that physical access remains a normal business risk through stolen laptops, lost devices, and compromised bags, not merely a theoretical attack scenario. The episode challenges boards and decision-makers to move beyond checkbox assurance and ask what their laptop security actually proves under adversarial conditions.