Please check the box if you want to proceed. See also : physical securityhard drive encryptionmobile device management.
Whether the purpose of the attack is to change, steal or sell information, chances are high that the attacker will also make changes to the device's software that will permit remote entry later on.Įxperts recommend the following steps should be taken to lessen the chance of this type of physical attack.
The name "evil maid" has caught on with security professionals and the label has been used in a general fashion to describe scenarios in which the attacker doesn't simply steal the device - or access it once to clone the hard drive - but instead, returns multiple times to wreak havoc.Ĭompany executives, government officials and journalists are the most likely targets of evil maid attacks. Scene V: The following morning, while the CFO is downstairs at breakfast, the evil maid comes back and retrieves the keylogger which now knows the CFO's encryption key.
Suspecting nothing, she enters her encryption key and unlocks the laptop's disk drive. The evil maid then installs a keylogger to capture the CFO's encryption key and shuts the laptop back down. Scene II: An evil maid who is actually a corporate spy involved in industrial espionage spots the CFO leaving her room. Scene I: A Chief Financial Officer CFO at a conference leaves her laptop in her hotel room during dinner, confident that any corporate data on the laptop is safe because the hard drive is encrypted.
Besides giving this type of attack a very catchy name, Polish security researcher Joanna Rutkowska successfully demonstrated in that even full disk encryption FDE cannot be counted on to protect a laptop when an attacker has physical access to the device. An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's knowledge. An evil maid attack is a security exploit that physically targets an unattended computing device.