Evil maid attack

Origin In a 2009 blog post, security analyst Joanna Rutkowska coined the term "Evil Maid Attack" due to hotel rooms being a common place where devices are left unattended. The post detailed a method for compromising the firmware on an unattended computer via an external USB flash drive – and therefore bypassing TrueCrypt disk encryption. He left his computer unattended during a trade talk in Beijing, and he suspected that his device had been compromised. He was instructed to buy new ones before leaving and dispose of them when he returned so that any physical attempts to retrieve data would be ineffective. == Methods of attack ==

Classic evil maid The attack begins when the victim leaves their device unattended. The attacker can then proceed to tamper with the system. If the victim's device does not have password protection or authentication, an intruder can turn on the computer and immediately access the victim's information. However, if the device is password protected, as with full disk encryption, the firmware of the device needs to be compromised, usually done with an external drive. Another method of attack is through a DMA attack in which an attacker accesses the victim's information through hardware devices that connect directly to the physical address space. The attacker simply needs to connect to the hardware device in order to access the information. Network evil maid An evil maid attack can also be done by replacing the victim's device with an identical device. If the original device has a bootloader password, then the attacker only needs to acquire a device with an identical bootloader password input screen. If the device has a lock screen, however, the process becomes more difficult as the attacker must acquire the background picture to put on the lock screen of the mimicking device. In either case, when the victim inputs their password on the false device, the device sends the password to the attacker, who is in possession of the original device. The attacker can then access the victim's data. == Vulnerable interfaces ==

Legacy BIOS Legacy BIOS is considered insecure against evil maid attacks. Its architecture is old, updates and Option ROMs are unsigned, and configuration is unprotected. An attacker can still modify disk contents despite the device being powered off and encrypted. On a macOS system, this attack has additional implications due to "password forwarding" technology, in which a user's account password also serves as the FileVault password, enabling an additional attack surface through privilege escalation. Thunderbolt In 2019 a vulnerability named "Thunderclap" in Intel Thunderbolt ports found on many PCs was announced which could allow a rogue actor to gain access to the system via direct memory access (DMA). This is possible despite use of an input/output memory management unit (IOMMU). This vulnerability was largely patched by vendors. This was followed in 2020 by "Thunderspy" which is believed to be unpatchable and allows similar exploitation of DMA to gain total access to the system bypassing all security features. Any unattended device Any unattended device can be vulnerable to a network evil maid attack. If the attacker knows the victim's device well enough, they can replace the victim's device with an identical model with a password-stealing mechanism. Thus, when the victim inputs their password, the attacker will instantly be notified of it and be able to access the stolen device's information. == Mitigation ==

Detection One approach is to detect that someone is close to, or handling the unattended device. Vacuum packing, proximity alarms, motion detector alarms, and wireless cameras, can be used to alert the victim when an attacker is nearby their device, thereby nullifying the surprise factor of an evil maid attack. The Haven Android app was created in 2017 by Edward Snowden to do such monitoring, and transmit the results to the user's smartphone. In the absence of the above, tamper-evident technology of various kinds can be used to detect whether the device has been taken apart – including the low-cost solution of putting glitter nail polish over the screw holes. After an attack has been suspected, the victim can have their device checked to see if any malware was installed, but this is challenging. Suggested approaches are checking the hashes of selected disk sectors and partitions. TPM-based secure boot has been shown to mitigate (not prevent) a class of evil maid attacks by authenticating the device to the user. It does this by unlocking itself only if the correct password is given by the user and if it measures that no unauthorized code has been executed on the device. These measurements are done by root of trust systems, such as Microsoft's BitLocker and Intel's TXT technology. The Anti Evil Maid program builds upon TPM-based secure boot and further attempts to authenticate the device to the user. ==See also==