Comments on: Evil Maid

By: Aaron Toponce : How Travelers Can Protect Their Data

Aaron Toponce : How Travelers Can Protect Their Data — Sun, 03 Jan 2010 15:56:18 +0000

[...] CDROM, network or USB. This step is necessary to hopefully avoid the Evil Maid attack, something I’ve already blogged about here. In summary, the Evil Maid attack is booting your computer from a USB or CDROM, replacing your [...]

By: Charles Curley

Charles Curley — Sat, 07 Nov 2009 14:22:03 +0000

“Mossad reportedly used a Trojan to hack into a Syrian official’s laptop while he stayed in a London hotel.”

http://www.theregister.co.uk/2009/11/06/mossad_syria_trojan_hack/

OK, probably not everyone here is a Syrian official, but still…

By: Aaron

Aaron — Mon, 26 Oct 2009 08:48:02 +0000

@Kevin DuBois- Maybe, maybe not. Do you trust that assumption?

By: Kevin DuBois

Kevin DuBois — Mon, 26 Oct 2009 00:56:52 +0000

Yeah, but if they’re skilled enough to do this attack, they’re probably not gonna be cleaning hotel rooms for a living…

Right?

By: Aaron

Aaron — Sun, 25 Oct 2009 14:25:14 +0000

@me no, it’s not wrong. It will still work against Windows, and it will still work against Bitlocker. Just because you can change the default settings, daesn’t mean it doesn’t apply to Windows any longer. I didn’t say THIS WILL WORK AAGAINST EVERY KNOWN CONFIGURATION, did I. So, it’s still effective against Windows, and it’s still effective against Bitlocker. Sure, there are ways to mitigate this attack, such as using hard drive passwords or TPM, but the point of that statement is that this attack is platform and software independent.

By: me

me — Sun, 25 Oct 2009 11:17:31 +0000

“THIS WILL WORK ON ANY OPERATING SYSTEM AND IS EFFECTIVE AGAINST ANY FILESYSTEM ENCRYPTION SOFTWARE”

WRONG!

Windows Vista and 7 have Bitlocker that can be configured to use TPM chip on motherboard. If you will change anything in boot loader the checksum will change and TPM will notify you about it.

Additionally some laptops like Lenovo Thinkpads use ATA password mechanism that can lock the drive, that mechanism adds complexity to this kind of attack.

TPM works only with Windows and Bitlocker.

By: Joseph Scott

Joseph Scott — Fri, 23 Oct 2009 17:40:06 +0000

I agree with Daniel, once physical access has been gained then everything else is just a matter of time. That isn’t to say that throwing up a few barriers to extend the length of time required to gain control isn’t worth while, they just shouldn’t be viewed as anything more than that.

By: Daniel T Chen

Daniel T Chen — Fri, 23 Oct 2009 14:55:21 +0000

Right, we’ve pretty much always equated physical access with game over.

By: jimcooncat

jimcooncat — Fri, 23 Oct 2009 14:15:34 +0000

My advice:

Set BIOS to boot only from hard drive
Password protect BIOS setup
Take out two of the screws that hold it together and liberally apply epoxy.