Anything done to a machine while it is turned off via physical access, even if it is encrypted, is called a “evil maid” assault. An evil maid assault is defined by the attacker’s ability to physically access the target multiple times without the owner’s awareness.
The attack of the ‘evil maid’ is a fairly particular threat with limited opportunities for exploitation. Evil Maid is malware at its core. Neither exploit exposes vulnerabilities in any other full disc encryption product’s underlying cryptographic security.
F-Secure, a security firm, has issued a new alert regarding probable evil maid attacks using Intel’s Active Management Technology and other approaches. F-Secure senior security consultant Harry Sintonen detected a new wave of evil maid attacks in the wild.
Who is the target of Evil Mad Attacks?
The most likely evil maid assault on an encrypted device is a keylogger, either physical or software. Physical loggers are nearly impossible to detect in software, but they can be discovered by physical inspection.
The term “evil maid” has gained popularity among security experts, and it is now used to characterise situations in which the attacker does not merely steal the device or gain access to it once to clone the hard drive, but instead returns several times to cause havoc.
An evil maid attack is more likely to target company executives, government officials, and journalists. Whether the goal of the evil maid assault is to edit, steal, or sell data, it’s likely that the attacker will also make software changes to the device that will allow remote access later.
How to protect against evil maid attack?
If the underlying machine has been compromised by malware with root-level administrative privileges, no security product on the market today will protect you.
Following steps should be taken to prevent this Attack:
- To protect yourself from an evil maid assault, use a strong password and change it frequently. Most users are aware that entering their password into a computer provided by an unknown individual is risky. After an attacker instals a new operating system on your computer, it may appear to be yours, but it is no longer yours. It has now been sent to the attacker’s machine. If you type your password into the attacker’s computer, it will quickly become theirs.
- Never leave unattended computing equipment or small peripherals like USB drives.
- Any unknown peripheral should be avoided.
- Ensure that BIOS and firmware updates are done as soon as possible.
- Activate the features of the input–output memory management unit (IOMMU).
- Secure boot protection should be enabled, and full disc encryption keys should be changed on a regular basis.
- Set a password on the bios to prevent it from being changed.
- Only use the hard disc to start the computer.
- Set up alerts for any hardware changes.