Slashdot Mirror

← Back to Stories (view on slashdot.org)

Of Encrypted Hard Drives and "Evil Maids"

Posted by kdawson on from the take-the-second-factor-with-you dept.

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

16 of 376 comments (clear)

  1. surprise by jacquesm · · Score: 5, Informative

    physical access > digital security

    --
    MP3 Search Engine
    1. Re:surprise by Anonymous Coward · · Score: 1, Informative

      Version 6.0+ of Truecrypt does do full disk encryption. In fact, the original attack was against Truecrypts full disk encryption mode.

    2. Re:surprise by Anonymous Coward · · Score: 1, Informative

      Well, they only added FDE on the boot partition for Windows. OS X and Linux FDE is only supported in the sense you can encrypt a full partition on a separate drive. So if you want a FDE on the boot drive for those OS's, you'd need to look into something else (AES-Loop for Linux, and I don't know what for OS X).

      Actually, now that I think about it, a way that you could get around this attack would be to make the hard drive non bootable, and always boot from a trusted medium and keep that medium on your person at all times. For Windows (or Linux) that could be a thumb drive; for OS X, you could boot off your iPod.

    3. Re:surprise by malakai · · Score: 5, Informative

      My god the mod's today suck. All of these "Then don't leave yourself logged in" responses are getting +mod.

      This attack has NOTHING to do with you leaving your session authenticated and open. It's about a boot-loader level phish scheme.

      Basically, you come back to your laptop which you left off, you boot it up not noticing anything out of place, and you log in an unlock your drives. Meanwhile, little did you know that the intruder put a very small OS on to your laptop which runs your primary OS as a virtual OS. It's got low level hooks to all the basic INT's and can read any memory without chance of any program within your primary OS (now virtualized) detecting it.

      Then you log off and go out to dinner. The maid comes in, boots up, hits a key-sequence, and dumps a log to a USB drive. In that log somewhere is your password to your encrypted drives. Game over dude... game fucking over.

      --
      -Malakai
      A Dragon Lives in my Garage
  2. Bucket List by allknowingfrog · · Score: 1, Informative

    Someday I want to invent an attack, but only because I want the privilege of naming it.

  3. Just another good reason... by detachment2702 · · Score: 2, Informative

    Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.

  4. Just use a CD by AmiMoJo · · Score: 2, Informative

    When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.

    Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Re:Bootloader? BitLocker? by Anonymous Coward · · Score: 2, Informative

    I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?

    It does, and thus the attack doesn't work here:
    "The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified."
    Now we'd just need someone to reverse the decision that TPMs are all evil and should not be used.

  6. Re:At the next defcon... by MyLongNickName · · Score: 2, Informative

    Worse than that. It says the outfit is sold out. I am NOT going outside or answering the door this Halloween.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  7. Bitlocker? by Philip+K+Dickhead · · Score: 3, Informative

    Bullshit.

    The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.

    So... Start your engines.

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
    1. Re:Bitlocker? by Chaos+Incarnate · · Score: 2, Informative

      If you lose the TPM, you aren't going to be able to unencrypt the drive.

      --
      Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
    2. Re:Bitlocker? by Anonymous Coward · · Score: 1, Informative

      + TPM + USB flash drive

      Wheee! Not 1, not 2 but 3 factor authentication courtesy of the checkboxes sold with every copy of Windows 7. Of course, has bitlocker been independently verified not to have a backdoor? Hmm? If your motherboard crashes and the TPM chip goes pfft, is there a way to recover the drive? Hmmm? How much do you have to pay to get this protection?

      There is a better way that addresses all of these issues and uses industry standard encryption algorithms and you don't even have to trust anyone at all if there is a backdoor, you can see for yourself! Tada!

      Without walls... Who needs Windows?

  8. Re:bootloader checksum by Anonymous Coward · · Score: 1, Informative

    If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).

    Which is why you want a blackberry. One of the common complaints about blackberries is that they take a very long time to turn on after a power cycle. Five minutes or longer to boot isn't uncommon. Compared to most cellphones which boot in a few seconds, this is very irritating.

    The reason is that the blackberry is verifying the boot ROM, boot loader, OS, and firmware for signs of tampering.

  9. Re:Bootloader? BitLocker? by mlts · · Score: 2, Informative

    Windows 7 is different from Vista in the way businesses and enterprises use it. Vista had two editions that were activated via an internal KMS system (very important when you have thousands of PCs and do not want them touching the Internet for activation). Windows 7 has only one edition that has this functionality, the Enterprise edition. This is available via volume license key agreements. Other than the MAK/KMS model of activation, this edition is the exact same as Ultimate which has BitLocker, BranchCache, and the other items.

    So, if a company is using a volume license of Windows 7, they will have access to BitLocker functionality. Server-wise, Windows Server 2008 and Windows Server 2008 R2 both have BitLocker functionality built in.

    This way, if a corporation that is running Windows 7 orders a bunch of laptops, they would be fools not to order ones with TPM chips because their OS will easily support this functionality. If they have an Active Directory infrastructure and no existing encryption product (PGP, PointSec), getting BitLocker deployed enterprise wide wouldn't be too difficult with AD holding recovery keys to machines.

    I'm glad Microsoft did this. No worry if a company has Business or Enterprise editions for features (like the issues with Vista). Now, if a company has a VLK and uses a key management server for internal activations [1], they have BitLocker available with W7.

    [1]: I'm not a fan of activation at all. Personally, my wish is they would have gone back to how XP VLK editions handled this. Businesses are not going to be pirating Windows because the BSA will come for a visit. Pirates will crack any activation. So, there is no real antipiracy benefit to Microsoft in forcing businesses to have an activation infrastructure.

  10. Re:Missing the point by HikingStick · · Score: 2, Informative

    I worked for a quasi-governmental agency for a number of years. Although we adopted disk encryption, our primary defense was the one you describe: you don't go anywhere without your laptop. That's right--not left in the conference room over lunch, or even unattended in the airport bathrooms. I still can't believe how many brain donors set their laptop bags down near the entrance or the sink and then go do their business. It's either in the stall, over your shoulder, or on the floor against your legs. They were even told not to leave them in their cars if they stopped at the grocery store on the way home (we had one stolen that way during a "3 minute" stop). We even had some good training videos that showed how quickly someone could swap laptop bags (for so long, most of them looked alike), or pop open the bag and replace the laptop with a phone book in under 30 seconds while a speaker was busy talking to guests after a presentation.

    In addition, there were reports that had to be filled out to inform management if a laptop was lost or stolen. There were disclosures to the entities that were supervised. The consequences of losing a laptop were so painful that no one wanted to lose one.

    --
    I use irony whenever I can, but my shirts are still wrinkled...
  11. 3 Words... by hofmny · · Score: 2, Informative

    BIOS BOOT PASSWORD