Slashdot Mirror
Of Encrypted Hard Drives and "Evil Maids"
Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."
physical access > digital security
MP3 Search Engine
I'm imagining a bunch of geeks dressed up in maid outfits.
Seriously, if you're worried about some hacker assassin breaking into your house or office and installing a bootloader, you're either doing something REALLY secretive (in which case the computer probably shouldn't even be on a network to upload any data back in the first place) or you're the kind of person who thinks Obama has your name on an "important persons" list and is coming for your guns. If someone has physical access to your machine and has the skills to install a bootloader, you're pretty much boned anyway, encryption or not (encryption isn't going to stop a simple keylogger). That's nothing new. Fortunately, for the vast vast majority of us, there are very few hacker black operatives who are running around breaking into hotel rooms just so they can get a single Visa number from Bob the dipshit middle manager. Newsflash Bob, YOU'RE NOT THAT IMPORTANT!
Oh, and I love how the article calls the prospect of a ninja hacker hotel maid sneaking a bootloader onto your laptop and then sneaking back into your room later to retrieve the data a "likely scenario." What hotels is this guy staying at anyway?
SJW: Someone who has run out of real oppression, and has to fake it.
Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.
If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).
Doolittle :
Bomb no.20 : To explode of course.
You could have found the evil bartender.
You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".
The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".
I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?
When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.
Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Its funny the levels kiddy porn file sharers have to go to these days to stay 1 step ahead of the police.
Evil maids are easy to spot because of their goatees.
Mother, do you think they'll like this sig?
Someday I want to invent an attack, but only because I want the privilege of naming it.
And some day I'd like to be hit by the attack you invent, because saying that I've been hit by an "all-knowing frog" attack would simply be cool.
Cheers,
Ian
You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.
Maybe if she's an idiot. Once you've installed your own bootloader, it can neatly remove itself. (After installing malware, or transferring the encryption keys and data it needs over the network.) Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?
But more to the point, it must be a slow week. Why are "serious" security researchers even wasting time on something this obvious? Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader. Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky. After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded). A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.
Even trusted boot will only get you so far against a motivated adversary with this much sophistication. Don't leave your vital computing equipment behind in your hotel room.
If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.
1) Step one: apply pliers to target's scrotum.
2) Ask them once to access the laptop.
3) If any resistance is given, squeeze the pliers just a tad.
Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
The hypnotoad security tool protects against the all-knowing frog attack, but comes with its own drawbac--ALL GLORY TO THE HYPNOTOOL.
Bullshit.
The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.
So... Start your engines.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
saying that I've been hit by an "all-knowing frog" attack would simply be cool.
That's rather a rude way to describe being beaten by the French.
I am officially gone from
Comment removed based on user account deletion
Workaround 1) Make sure only women have the information.
Workaround 2) Preventative castration
Workaround 3) Shoot anyone with pliers who comes within 10 feet
Workaround 4) Duress code which releases false information. (this one's likely practical but only as a delaying tactic; it's going to hurt a lot when the interrogator finds the information doesn't verify)
that I got out of that shithole called 'security world'.
It was really fun and interesting until 2003, but these days it's a joke.
Hey, even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.
And here we are, in year 2009, reading "research" telling us things we all already know.
Sigh...
P.S: maid doesn't need to install any fancy shit, a keylogger will do just fine.
If I own the machine, and I am the user of that machine - I want the master TPM key and the ability to sign stuff for myself.
So the Evil Maid comes into your room and uses a Trojan?
I eat only the real part of complex carbohydrates.
I worked for a quasi-governmental agency for a number of years. Although we adopted disk encryption, our primary defense was the one you describe: you don't go anywhere without your laptop. That's right--not left in the conference room over lunch, or even unattended in the airport bathrooms. I still can't believe how many brain donors set their laptop bags down near the entrance or the sink and then go do their business. It's either in the stall, over your shoulder, or on the floor against your legs. They were even told not to leave them in their cars if they stopped at the grocery store on the way home (we had one stolen that way during a "3 minute" stop). We even had some good training videos that showed how quickly someone could swap laptop bags (for so long, most of them looked alike), or pop open the bag and replace the laptop with a phone book in under 30 seconds while a speaker was busy talking to guests after a presentation.
In addition, there were reports that had to be filled out to inform management if a laptop was lost or stolen. There were disclosures to the entities that were supervised. The consequences of losing a laptop were so painful that no one wanted to lose one.
I use irony whenever I can, but my shirts are still wrinkled...
For that matter, the guys video taping the room to sell you and your wife's activities to that voyeur site aims the camera at your laptop, watches your keystrokes, and boom - he has all you passwords you type in. Banking? PayPal? E-Mail.
You really need to use both a password and a physical device. Such as RSA tokens. My bank offers this for online banking. I have several for different things.
"Citation Needed."
Sorry, but I'll need something more than the word of some random guy on the Internet to believe this for a number of reasons, not the least of which being that such a backdoor would be something security testers would notice.
Well, #1... security measures only serve as deterrents. There will be a way around every security device, the only metric you really need to worry about is whether your:
(cost to circumvent) / (value of assets + cost to secure)
ratio is conveniently higher than your neighbors (ha ha, security people hate any mention of "convenience").
So... #2: by far the best thing you can do is to make sure your assets are relatively worthless compared to what other "target" have. Live a frugal life. Keep offsite backups of your photo albums. Don't keep secrets. And if you do, bury them with enough other crap (maybe using steganography if necessary) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know. Maybe you have lots of invalid bank and credit card information lying around. Or put a whole bunch of passwords in your secret password vault, in case it gets compromised (good sites will eventually lock them out for trying them all, and failed attempts will also tip you off and give you time to respond).
Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes, far above what they'd gain by stealing your assets.
Cheap deterrents first: live up a flight of stairs... thieves are inherently lazy and will go for the "low hanging fruit" instead of you. In the context of this article, put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.
The best society wouldn't need any security at all... if there was enough transparency and free flow of information, all thieves would get caught and reprimanded. So participate in the whole neighborhood watch thing, make sure your perp has to perform his act in very public settings, uniquely tag your stuff, and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.
Finally, we get to the part of the equation where you actually have to actively do something for extra security measures.
First, make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you. Deadbolt is much better than the handle switch, and also helps insure that you remembered your keys. I involuntarily lock my house and car doors now, and always brush my pockets with my hands to check that my keys and wallet are still there. At this point, I usually notice within 5 minutes if something's missing.
Passwords and encryption are just more sophisticated keys and locks. Not uncircumventable, but much better than nothing. But before spending lots of money on more complex 2- & 3-factor keys and locks ... especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures ... alarms and security cameras that would increase the chances of the perp getting caught. I haven't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that, but I figure it would be much more productive to concentrate on these kinds of security measures in the near term.
BIOS BOOT PASSWORD