Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday August 11 2018, @10:03PM   Printer-friendly
from the who-watches-your-laptop-when-you-are-in-the-shower? dept.

Submitted via IRC for SoyCow1984

Hacker lore is littered with tales of mysterious attackers breaking into hotels—perhaps at a conference—to get their hands on someone’s laptop with the goal of installing malware on it by physically connecting to the machine. That’s why the more careful hackers never leave their laptops unattended at events, or bring disposable computers with little to nothing valuable on them.

These types of attacks are called evil maid attacks in the infosec world, because the imaginary attacker is someone who has access to your room and malicious intentions. Pwning a laptop via physical access is a true and tested method to hack someone. But there’s no better way to be reminded of how effective and sometimes effortless these attacks can be than an actual demo.

In early July, security firm Eclypsium posted a video showing how Mickey Shkatov, one of its researchers, hacks into a laptop by opening it up, connecting a device directly to the chip that contains the BIOS, and installing malicious firmware on it—all in just over four minutes. That easy. (In some cases hackers don’t even need to open up the laptop).

“Physical attacks are hard to defend against and most people aren’t doing anything to defend against them,” John Loucaides, Eclypsium’s vice president of engineering, told me. “It’s not that hard of a attack to pull of as most people think. It takes less time and less effort than most people realize.”

[...] The good news is that while it’s relatively easy to hack a laptop once you get your hands on it, it’s all the work that is required to get there (monitoring a target to see where they live or are sleeping, breaking into their room, etc) makes these attacks likely rare.

Source: https://motherboard.vice.com/en_us/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday August 12 2018, @03:10AM

    by Anonymous Coward on Sunday August 12 2018, @03:10AM (#720442)

    This is not a bad idea, even though it's just security by obscurity. A determined and competent attacker (threat model: state-level actor or major league corporate espionage) will put you under intense surveillance prior to making a move on your gear, you'll need to make sure you can never be observed manipulating said switch.

    There are other unsolved problems with your solution:

    Once an attacker targeting you specifically has pwned your decoy, they will expect to exfiltrate some useful information. You will not only need to carefully craft believable chaff data already on the machine, you also need a way to simulate real time user interaction in case their trojan includes realtime desktop shadowing. If you consider that an attacker who breaks into your quarters might also leave hidden cameras, you need to boot and shutdown the decoy at the same time the real machine is booted, make sure to fake the boot screens expected from your decoy hardware, and then play back interaction patterns believably matching your interaction with the real machine.

    Another problem is that this concept could mitigate information exfiltration from your machine, but not infiltration. If the goal is to slip some kiddie porn on your harddrive and then call the cops on you, you'd still be fucked.

    I have another idea though: booby trap your case with a "case open" switch rigged to some means of immediately alerting you, like a small SoC with GSM modem set up to text you.