Of Encrypted Hard Drives and "Evil Maids"

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

Re:Fine line between security and paranoia

[Umuri]

Offhand, i'd say any prominent high-class hotel that might be used by foreign businessmen on a trip.

I mean, you do have a point, bob the middle manager isn't that important. However there are quite a few business people who this really would be that important to. Corporate espionage is high, and you know china has been doing focused attacks over the network.

Sneakernet is always faster, so if they can train up a few pretty women, pay them a decent programmers wage to have them steal stuff that is the work of 10 engineers or even hundreds, that's a pretty sound economic payoff don't you think?

I think stuff like this has it's purpose, and those who really are at risk need to be educated about it. For the other 95% of us, i think it's useful info to be aware about, just like don't leave your purse out visible in your car. Sure it probably won't happen, but there are always people who would.

Re:Fine line between security and paranoia

[oldspewey]

Bob the middle manager isn't that important, but Bob routinely sends email to Dave the director and Charles the CxO. By trojaning Bob's computer you can start to build a pretty decent profile of the corporate activities going on within, and above, Bob's department ... including travel schedules of some other bigger fish in the corporate pond.

Do this to 3 or 4 Bobs, and pretty soon you'll have an understanding of the corporate org chart, upcoming projects, and most importantly you'll be able to target your future EvilMaid attacks with pinpoint accuracy.