An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it.
The name refers to the scenario where a maid could subvert a device left unattended in a hotel room – but the concept itself also applies to situations such as a device being intercepted while in transit, or taken away temporarily by airport or law enforcement personnel.
In a 2009 blog post, security analyst Joanna Rutkowska coined the term "Evil Maid Attack" due to hotel rooms being a common place where devices are left unattended. [1] [2] The post detailed a method for compromising the firmware on an unattended computer via an external USB flash drive – and therefore bypassing TrueCrypt disk encryption. [2]
D. Defreez, a computer security professional, first mentioned the possibility of an evil maid attack on Android smartphones in 2011. [1] He talked about the WhisperCore Android distribution and its ability to provide disk encryption for Androids. [1]
In 2007, former U.S. Commerce Secretary Carlos Gutierrez was allegedly targeted by an evil maid attack during a business trip to China. [3] He left his computer unattended during a trade talk in Beijing, and he suspected that his device had been compromised. [3] Although the allegations have yet to be confirmed or denied, the incident caused the U.S. government to be more wary of physical attacks. [3]
In 2009, Symantec CTO Mark Bregman was advised by several U.S. agencies to leave his devices in the U.S. before travelling to China. [4] He was instructed to buy new ones before leaving and dispose of them when he returned so that any physical attempts to retrieve data would be ineffective. [4]
The attack begins when the victim leaves their device unattended. [5] The attacker can then proceed to tamper with the system. If the victim's device does not have password protection or authentication, an intruder can turn on the computer and immediately access the victim's information. [6] However, if the device is password protected, as with full disk encryption, the firmware of the device needs to be compromised, usually done with an external drive. [6] The compromised firmware then provides the victim with a fake password prompt identical to the original. [6] Once the password is input, the compromised firmware sends the password to the attacker and removes itself after a reboot. [6] In order to successfully complete the attack, the attacker must return to the device once it has been unattended a second time to steal the now-accessible data. [5] [7]
Another method of attack is through a DMA attack in which an attacker accesses the victim's information through hardware devices that connect directly to the physical address space. [6] The attacker simply needs to connect to the hardware device in order to access the information.
An evil maid attack can also be done by replacing the victim's device with an identical device. [1] If the original device has a bootloader password, then the attacker only needs to acquire a device with an identical bootloader password input screen. [1] If the device has a lock screen, however, the process becomes more difficult as the attacker must acquire the background picture to put on the lock screen of the mimicking device. [1] In either case, when the victim inputs their password on the false device, the device sends the password to the attacker, who is in possession of the original device. [1] The attacker can then access the victim's data. [1]
Legacy BIOS is considered insecure against evil maid attacks. [8] Its architecture is old, updates and Option ROMs are unsigned, and configuration is unprotected. [8] Additionally, it does not support secure boot. [8] These vulnerabilities allow an attacker to boot from an external drive and compromise the firmware. [8] The compromised firmware can then be configured to send keystrokes to the attacker remotely. [8]
Unified Extensible Firmware Interface (UEFI) provides many necessary features for mitigating evil maid attacks. [8] For example, it offers a framework for secure boot, authenticated variables at boot-time, and TPM initialization security. [8] Despite these available security measures, platform manufacturers are not obligated to use them. [8] Thus, security issues may arise when these unused features allow an attacker to exploit the device. [8]
Many full disk encryption systems, such as TrueCrypt and PGP Whole Disk Encryption, are susceptible to evil maid attacks due to their inability to authenticate themselves to the user. [9] An attacker can still modify disk contents despite the device being powered off and encrypted. [9] The attacker can modify the encryption system's loader codes to steal passwords from the victim. [9]
The ability to create a communication channel between the bootloader and the operating system to remotely steal the password for a disk protected by FileVault 2, is also explored. [10] On a macOS system, this attack has additional implications due to "password forwarding" technology, in which a user's account password also serves as the FileVault password, enabling an additional attack surface through privilege escalation.
In 2019 a vulnerability named "Thunderclap" in Intel Thunderbolt ports found on many PCs was announced which could allow a rogue actor to gain access to the system via direct memory access (DMA). This is possible despite use of an input/output memory management unit (IOMMU). [11] [12] This vulnerability was largely patched by vendors. This was followed in 2020 by "Thunderspy" which is believed to be unpatchable and allows similar exploitation of DMA to gain total access to the system bypassing all security features. [13]
Any unattended device can be vulnerable to a network evil maid attack. [1] If the attacker knows the victim's device well enough, they can replace the victim's device with an identical model with a password-stealing mechanism. [1] Thus, when the victim inputs their password, the attacker will instantly be notified of it and be able to access the stolen device's information. [1]
One approach is to detect that someone is close to, or handling the unattended device. Proximity alarms, motion detector alarms, and wireless cameras, can be used to alert the victim when an attacker is nearby their device, thereby nullifying the surprise factor of an evil maid attack. [14] The Haven Android app was created in 2017 by Edward Snowden to do such monitoring, and transmit the results to the user's smartphone. [15]
In the absence of the above, tamper-evident technology of various kinds can be used to detect whether the device has been taken apart – including the low-cost solution of putting glitter nail polish over the screw holes. [16]
After an attack has been suspected, the victim can have their device checked to see if any malware was installed, but this is challenging. Suggested approaches are checking the hashes of selected disk sectors and partitions. [2]
If the device is under surveillance at all times, an attacker cannot perform an evil maid attack. [14] If left unattended, the device may also be placed inside a lockbox so that an attacker will not have physical access to it. [14] However, there will be situations, such as a device being taken away temporarily by airport or law enforcement personnel where this is not practical.
Basic security measures such as having the latest up-to-date firmware and shutting down the device before leaving it unattended prevent an attack from exploiting vulnerabilities in legacy architecture and allowing external devices into open ports, respectively. [5]
CPU-based disk encryption systems, such as TRESOR and Loop-Amnesia, prevent data from being vulnerable to a DMA attack by ensuring it does not leak into system memory. [17]
TPM-based secure boot has been shown to mitigate evil maid attacks by authenticating the device to the user. [18] It does this by unlocking itself only if the correct password is given by the user and if it measures that no unauthorized code has been executed on the device. [18] These measurements are done by root of trust systems, such as Microsoft's BitLocker and Intel's TXT technology. [9] The Anti Evil Maid program builds upon TPM-based secure boot and further attempts to authenticate the device to the user. [1]
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).
ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.
Laptop theft is a significant threat to users of laptop computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims of laptop theft can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorize access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.
TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the whole storage device.
Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.
Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.
This is a technical feature comparison of different disk encryption software.
dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.
In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.
Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.
Pre-boot authentication (PBA) or power-on authentication (POA) serves as an extension of the BIOS, UEFI or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed they have the correct password or other credentials including multi-factor authentication.
Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. As businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage capacities.
Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.
A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA).
VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.
IPSW is a file format used to install iOS, iPadOS, tvOS, HomePod, watchOS, and most recently, macOS firmware for devices equipped with Apple silicon. All Apple devices share the same IPSW file format for iOS firmware and their derivatives, allowing users to flash their devices through Finder or iTunes on macOS or Windows, respectively. Users can flash Apple silicon Macs through Apple Configurator 2.
Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.