Comments on: Evil Maid https://pthree.org/2009/10/23/evil-maid/ Linux. GNU. Freedom. Wed, 20 Sep 2017 12:29:42 +0000 hourly 1 https://wordpress.org/?v=4.9-alpha-41547 By: Aaron Toponce : How Travelers Can Protect Their Data https://pthree.org/2009/10/23/evil-maid/#comment-110583 Sun, 03 Jan 2010 15:56:18 +0000 http://pthree.org/?p=1175#comment-110583 [...] CDROM, network or USB. This step is necessary to hopefully avoid the Evil Maid attack, something I’ve already blogged about here. In summary, the Evil Maid attack is booting your computer from a USB or CDROM, replacing your [...]

]]>
By: Charles Curley https://pthree.org/2009/10/23/evil-maid/#comment-110441 Sat, 07 Nov 2009 14:22:03 +0000 http://pthree.org/?p=1175#comment-110441 "Mossad reportedly used a Trojan to hack into a Syrian official's laptop while he stayed in a London hotel."

http://www.theregister.co.uk/2009/11/06/mossad_syria_trojan_hack/

OK, probably not everyone here is a Syrian official, but still...

]]>
By: Aaron https://pthree.org/2009/10/23/evil-maid/#comment-110377 Mon, 26 Oct 2009 08:48:02 +0000 http://pthree.org/?p=1175#comment-110377 @Kevin DuBois- Maybe, maybe not. Do you trust that assumption? 🙂

]]>
By: Kevin DuBois https://pthree.org/2009/10/23/evil-maid/#comment-110376 Mon, 26 Oct 2009 00:56:52 +0000 http://pthree.org/?p=1175#comment-110376 Yeah, but if they're skilled enough to do this attack, they're probably not gonna be cleaning hotel rooms for a living...

Right? 😉

]]>
By: Aaron https://pthree.org/2009/10/23/evil-maid/#comment-110372 Sun, 25 Oct 2009 14:25:14 +0000 http://pthree.org/?p=1175#comment-110372 @me no, it's not wrong. It will still work against Windows, and it will still work against Bitlocker. Just because you can change the default settings, daesn't mean it doesn't apply to Windows any longer. I didn't say THIS WILL WORK AAGAINST EVERY KNOWN CONFIGURATION, did I. So, it's still effective against Windows, and it's still effective against Bitlocker. Sure, there are ways to mitigate this attack, such as using hard drive passwords or TPM, but the point of that statement is that this attack is platform and software independent.

]]>
By: me https://pthree.org/2009/10/23/evil-maid/#comment-110371 Sun, 25 Oct 2009 11:17:31 +0000 http://pthree.org/?p=1175#comment-110371 "THIS WILL WORK ON ANY OPERATING SYSTEM AND IS EFFECTIVE AGAINST ANY FILESYSTEM ENCRYPTION SOFTWARE"

WRONG!

Windows Vista and 7 have Bitlocker that can be configured to use TPM chip on motherboard. If you will change anything in boot loader the checksum will change and TPM will notify you about it.

Additionally some laptops like Lenovo Thinkpads use ATA password mechanism that can lock the drive, that mechanism adds complexity to this kind of attack.

TPM works only with Windows and Bitlocker.

]]>
By: Joseph Scott https://pthree.org/2009/10/23/evil-maid/#comment-110361 Fri, 23 Oct 2009 17:40:06 +0000 http://pthree.org/?p=1175#comment-110361 I agree with Daniel, once physical access has been gained then everything else is just a matter of time. That isn't to say that throwing up a few barriers to extend the length of time required to gain control isn't worth while, they just shouldn't be viewed as anything more than that.

]]>
By: Daniel T Chen https://pthree.org/2009/10/23/evil-maid/#comment-110359 Fri, 23 Oct 2009 14:55:21 +0000 http://pthree.org/?p=1175#comment-110359 Right, we've pretty much always equated physical access with game over.

]]>
By: jimcooncat https://pthree.org/2009/10/23/evil-maid/#comment-110358 Fri, 23 Oct 2009 14:15:34 +0000 http://pthree.org/?p=1175#comment-110358 My advice:

Set BIOS to boot only from hard drive
Password protect BIOS setup
Take out two of the screws that hold it together and liberally apply epoxy.

]]>