Bitlocker, the official Microsoft Ransomware

Friday I was not able to access my Surface Pro due to a Microsoft bitlocker issue.

I found a blue screen and I was asked to follow an online process to retrieve the bitlocker unlock code.

I followed the instructions but in order to get the information it was required an additional authentication with sms.

At that point I was stuck because, even if I waited for a couple of hours, the sms never came.

I tried to repeat the process few times but, since it was not working, I have choosen the only other option available that was to enter another phone contact.
At that point I was able to enter again my same number and received immediately the confirmation sms.

Even if I entered the same number and my contacts remained the same I got an information page warning that I was locked out from the bitlocker recovery code for 30 days.

At that point I had no other choice than contacting Microsoft customer service: three times via phone and one time via chat but, despite spending almost 2 days on the phone, the issue was not solved.

I cannot count how many Microsoft tech people I spoke to, having to explain the situation again and again. Their contact center works very well and after few passages online there is the possibility of being called back in few minutes. All the operators were really polite but, despite all their efforts and all the hours spent on international roaming mobile calls (I was abroad) no one had the power to unlock my account.

So why Microsoft systems were not able to send an sms to the same number stored in their systems?

I have to assume that this is related to the sms authentication issue.

In order to minimize authentication costs, automated systems are using sms p2p communication structures, sending a machine 2 person otp.

Since is cheaper to send this type of messages when the sender and the recipient are on the same network (avoiding termination costs) many systems make an illegal query to the “mobile number portability database” and store the informarion about the telco operator associated to that number.

In this case, if the customer changes his operator, there is no way that he can receive any more messages on that network. The customer cannot simply change that information because he is not aware that it is stored illegaly.

Comments

comments