SoylentNews is people
SoylentNews
We all know that when somebody gets unauthorised access to your computer hardware that security is out of the window! But what if you have to leave your hardware unattended but ostensibly in a 'secure' location - your hotel room or somebody else's home? fab23 has submitted this article on what you can do if that is the case:
The SANS Internet Storm Center published the guest diary Evil Maid Attacks - Remediation for the Cheap:
The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way, e.g.:
There are several ways to minimize the risk of an unnoticed, successful evil maid attack. Which road you go depends on your personal threat model (and your budget, of course).
[...] If you want to have a cheap solution to be reasonably sure nobody messes unnoticed with your device when you have to leave it alone, you may carry out some countermeasures, e.g.:
Seal all screws with nail polish or glue with glitter pieces in it, and take pictures that are stored offline so that you will be able to spot manipulations
Seal not needed peripheral interfaces (e.g. USB ports)
Lock needed peripheral ports with tamper-proof solutions (e.g. one-time locks which have to be destroyed to access the port)
Leave the device in the bootup password prompt of the FDE (Full Disk Encryption) password:
Reboot your device to the FDE password prompt
and enter the first few chars of the correct password (important!)
make sure the device stays in this mode till you return (e.g. has enough power or the power supply is plugged in, disable energy saving settings, ...)
When you're back, enter the rest of the FDE password, and if the device boots, then you could be reasonably sure it hasn't been tampered with. Of course, you have to examine the device physically thoroughly, e.g., the screws, peripheral ports, seals, etc. One important precondition for this to work is that the FDE boot code allows the password prompt to stay as it is after entering some chars. Fedora 7 and Ubuntu 20.04 seem to work, but Bitlocker (Windows) does not. Is this bulletproof? No. Will this be reasonably secure? Depends on your threat model. But it's definitely better than doing nothing, having the OS left up and running, or having the device powered off completely. Stay safe and secure!
So, if you absolutely have no other option, what do you do to ensure that your data remains as secure as possible?
(Score: 5, Insightful) by Immerman on Sunday November 20 2022, @12:57AM (2 children)
>what could an evil maid do apart from stealing it?
Clone the hard drive and install hardware keyloggers? That lets them access everything as soon as you log in, and the logger calls home (or the maid extracts it the next time you're away)
Install a low-profile "evil usb drive" that can issue commands (as a keyboard/mouse) to do... basically anything.
Even if you're really good about never dealing with sensitive information on your laptop, it can still offer an intrusion vector into more secure networks
>If you are worried of someone inserting a hardware keylogger inside your laptop, you have bigger problems in life than computer security!
I wasn't aware that having a sensitive job was inherently a problem? *Anyone* working with sufficiently sensitive information has a huge target painted on their back. Acquiring military, political, and corporate secrets are all big business - when billions are on the line, unethical players can be willing to pay enormous amounts for a decisive edge. And ethical people rarely get the chance to play the game at that level in the first place.
(Score: 1) by shrewdsheep on Sunday November 20 2022, @01:22PM (1 child)
I would be curious to know whether there are reported instances of the attach you outline. This would seem to be an operation at the nation state level (like stucnet). On another note, are there any known hardware-keyloggers that can bypass the OS to get information out?
(Score: 4, Interesting) by Immerman on Sunday November 20 2022, @05:02PM
Yeah, that's about the level I suspect it becomes commonplace. Consider though that many modern corporations have larger budgets than most nation-states, and industrial espionage has a -long- history.
As for reported instances? Of drive cloning? I doubt they'd ever know. I know I've heard of "evil drives" in the media.
As for keyloggers calling home - it seems like it should be easy enough to do, so I assume they're out in the wild. One thought that occurred to me shortly after posting was that you wouldn't need to physically retrieve the logger - just be able to make it transmit its recordings so it could be later read from a distance. And there's no need to even go all cloak-and-dagger about it - the easiest way to bypass the OS is to entirely bypass the computer. The keylogger could easily have its own wifi antenna to quietly watch for open networks and send data home from anywhere. Or it could connect to the cellular phone network. The hardware has gotten tiny, and the laptop provides ample power.