F-Secure’s Guide to Evil Maid Attacks

Evil maid attacks involve an adversary compromising devices by gaining physical access to them. They can devastate unprepared organizations, so F-Secure put together a quick guide to let companies know how to protect themselves against these attacks.

Author: Adam
Date: 15.02.2018
Read Time: 2 Minutes

Last year, F-Secure Senior Security Consultant Harry Sintonen discovered an issue with Intel’s Active Management Technology (AMT) that an attacker can use to compromise a laptop in less than a minute. The attack lends itself well to the notorious “evil maid” scenario – a class of attack that involves an individual (such as a maid) compromising hardware (such as a laptop) while it’s left unattended (such as in a hotel room).

While many might think they never leave their devices unattended, it’s very difficult to do this in practice. In fact, Harry points out that the AMT issue he discovered can be taken advantage of so quickly, that all it takes is for someone to distract the “mark” while a partner performs the exploit.

“Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete,” Sintonen says.

Attackers with physical access to a device don’t have to rely only on the Intel AMT issue. There are numerous ways they can compromise a device, such as cold boot attacks, replacing components with hacked ones, loading malicious software from a USB key or other peripheral, and more.

Given that these attacks can have a severe impact on organizations, it’s worth taking a few basic measures to protect devices (especially for employees that often find themselves working while away from the office).

That’s why F-Secure created a guide to evil maid attacks. The guide provides a comprehensive resource on how to harden devices against attackers that have physical access to devices.

The advice detailed in the guide ranges from simple things, such as fully shutting down your device instead of leaving it in standby mode, to more advanced protection methods, such as enforcing a secure boot process.

And while the guide notes that there’s no 100% protection against an evil maid attack, implementing the recommendations can make the attack so difficult that only the most skilled, determined adversaries will find it practical to use in a real scenario.

 

Download Guide


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s