Physical security is important. The "Evil
Maid" attack serves as a reminder that briefly allowing a laptop out of
your control, even with an
encrypted hard disk, means that all security bets are off—the machine
should be considered potentially compromised. Obviously different users
have different levels of paranoia about their data security, but the Evil
Maid attack shows just how simple it can be for others to access your data.
There is nothing particularly new in the proof-of-concept (PoC) attack against
TrueCrypt disk encryption software,
but the simplicity of the approach should give one pause. Joanna Rutkowska
the attack back in January, but the need for physical computer security goes
back much further than that. But, folks are less wary of physical attacks
against laptops today because of whole-disk encryption. Rutkowska's
PoC, along with last year's report on "cold boot" attacks, should
make it clear that encryption—at least without some kind of Trusted
Platform Module (TPM) support—is not a complete solution
The basic idea behind Evil Maid is that someone gets access to a laptop for
a fairly short period of time (a few minutes), and, in that time, boots it
from a USB key. One obvious vector is a hotel maid (or someone acting as
one), who enters someone's room while they are out to dinner, which is what
gives the attack its name. The USB key contains a payload that hooks the
TrueCrypt password prompting code and stores the last password entered.
The payload gets added to the Master Boot Record (MBR) of the laptop so
that it becomes active on the next boot.
While it has not been implemented in the PoC, there is no reason that the
malware couldn't send the password off via the network; currently it just
reports it back the next time the Evil Maid USB key is booted. That would
require the attacker to access the laptop twice—with its user typing in
the encryption key in between—but a multi-day hotel stay would give
ample opportunity for that to occur.
As Bruce Schneier points
out, this attack is in no way limited to TrueCrypt, as other solutions
suffer from the same vulnerabilities. Both Schneier and Rutkowska look at
some potential workarounds, but, in the final analysis, physical access
allows an attacker too many ways around these security measures. Even
Trusted Computing, with appropriate TPM hardware, can succumb to certain
kinds of attacks.
Microsoft's BitLocker drive encryption uses the TPM, which provides
reasonable assurance that the right code is being booted, but even that can
fall prey to Evil Maid-style attacks, as Rutkowska describes:
Namely the Evil Maid for Bitlocker would have to display a fake Bitlocker
prompt (that could be identical to the real Bitlocker prompt), but after
obtaining a correct password from the user Evil Maid would not be able to
pass the execution to the real Bitlocker code, as the SRTM [Static Root of
Trust Measurement] chain will be
broken. Instead, Evil Maid would have to pretend that the password was
wrong, uninstall itself, and then reboot the platform. Thus, a Bitlocker
user that is confident that he or she entered the correct password, but the
OS didn't boot correctly, should destroy the laptop.
Rutkowska also describes a "Poor Man's Solution" which calculates hashes of
various unencrypted portions of the disk (especially the MBR). The Disk
Hasher is a bootable Linux-based USB key that calculates and stores the
hashes on the USB key, as well as verifying the correct hashes prior to
booting. As she points out, it only protects against disk-based
attacks—BIOS reflashing would subvert Disk Hasher.
Requiring a password in the BIOS before booting is another possible
workaround, but one that may not provide as much security as it at first
seems. BIOS reflashing is one possible attack, but an easier—though more
time-consuming than the "standard" Evil Maid attack—method would be
to remove the disk, attach it to another laptop and install the necessary
code. It also adds complexity to the attack, but the 5-15 minutes needed
to swap out
a laptop hard disk is not all that difficult to come by in the hotel scenario.
This PoC, along with other attacks against encrypted disks, is very
useful to remind users that hard disk encryption is no panacea. You still
must consider which kinds of threats you are trying to protect against.
Disk encryption is great for preventing accidental disclosure of private
information when someone steals a laptop, but is much less useful for an
attack that is focused on accessing the data on a particular laptop. Much
like internet security, fairly straightforward protection techniques are
fine to thwart the random attacker but are probably insufficient for one
who is focused on subverting your defenses in particular.
to post comments)