Site icon Technews

What is evil maid attack and How to Prevent It?


Anything done to a machine while it is turned off via physical access, even if it is encrypted, is called a “evil maid” assault. An evil maid assault is defined by the attacker’s ability to physically access the target multiple times without the owner’s awareness.

The attack of the ‘evil maid’ is a fairly particular threat with limited opportunities for exploitation. Evil Maid is malware at its core. Neither exploit exposes vulnerabilities in any other full disc encryption product’s underlying cryptographic security.

F-Secure, a security firm, has issued a new alert regarding probable evil maid attacks using Intel’s Active Management Technology and other approaches. F-Secure senior security consultant Harry Sintonen detected a new wave of evil maid attacks in the wild.

Who is the target of Evil Mad Attacks?

The most likely evil maid assault on an encrypted device is a keylogger, either physical or software. Physical loggers are nearly impossible to detect in software, but they can be discovered by physical inspection.

The term “evil maid” has gained popularity among security experts, and it is now used to characterise situations in which the attacker does not merely steal the device or gain access to it once to clone the hard drive, but instead returns several times to cause havoc.

An evil maid attack is more likely to target company executives, government officials, and journalists. Whether the goal of the evil maid assault is to edit, steal, or sell data, it’s likely that the attacker will also make software changes to the device that will allow remote access later.

How to protect against evil maid attack?

If the underlying machine has been compromised by malware with root-level administrative privileges, no security product on the market today will protect you.

Following steps should be taken to prevent this Attack:

Exit mobile version