Slashdot Mirror

← Back to Stories (view on slashdot.org)

Of Encrypted Hard Drives and "Evil Maids"

Posted by kdawson on from the take-the-second-factor-with-you dept.

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

3 of 376 comments (clear)

  1. surprise by jacquesm · · Score: 5, Informative

    physical access > digital security

    --
    MP3 Search Engine
    1. Re:surprise by malakai · · Score: 5, Informative

      My god the mod's today suck. All of these "Then don't leave yourself logged in" responses are getting +mod.

      This attack has NOTHING to do with you leaving your session authenticated and open. It's about a boot-loader level phish scheme.

      Basically, you come back to your laptop which you left off, you boot it up not noticing anything out of place, and you log in an unlock your drives. Meanwhile, little did you know that the intruder put a very small OS on to your laptop which runs your primary OS as a virtual OS. It's got low level hooks to all the basic INT's and can read any memory without chance of any program within your primary OS (now virtualized) detecting it.

      Then you log off and go out to dinner. The maid comes in, boots up, hits a key-sequence, and dumps a log to a USB drive. In that log somewhere is your password to your encrypted drives. Game over dude... game fucking over.

      --
      -Malakai
      A Dragon Lives in my Garage
  2. Bitlocker? by Philip+K+Dickhead · · Score: 3, Informative

    Bullshit.

    The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.

    So... Start your engines.

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell