Many universities have implemented whole disk encryption on university-owned laptops in order to provide protection against data loss if the laptop is lost or stolen. Truecrypt and PGP Whole Disk Encryption are two common software solutions used. However, recent research from Invisible Things Lab has come up with a proof of concept (dubbed Evil Maid Attack) that would allow them to hook into the encryption software and sniff the password.
Attack happens like this:
Attacker has access to your laptop for 1 to 2 minutes (like a maid at a hotel)
Attacker boots laptop from a USB stick and infects the system with the Evil Maid Sniffer
Victim returns to the hotel room, boots laptop, enters in disk encryption password (that is now sniffed by Evil Maid)
Victim leaves laptop in hotel room again
Attacker can now boot laptop again off the USB stick and acquire the sniffed passphrase.
At this point the attacker can either steal the laptop altogether, or boot it up and steal specific information.
So, what can you, as an end user, do to alleviate this attack? Short of never leaving the laptop physically unprotected (i.e. place it in a safe when you leave the room), not much. I know that sounds pessimistic, but the harsh reality is that whenever a device leaves your hands, it has become insecure. Assume, that even with encryption, you are still at risk.
(via Invisible Things)
Leave a comment
Note: Comments are moderated. If published, comments may be edited for length, style and clarity.