deepagopi2011 - Fotolia
Evil maid attacks, in which an attacker (such as a hotel maid) compromises devices by gaining physical access to them, should not be discounted as a significant threat to security, according to security firm F-Secure.
“While the ‘evil maid’ attack represents a very specific threat with limited opportunity for exploitation, its impact can be profound,” warns the security firm’s newly-published guide on defending against such attacks.
It is essential to understand what portable computing device users can do to protect against this threat, the guide said, especially in view of the fact that most devices are not designed with physical security in mind.
This is underlined by attacks such as the one exploiting Intel’s Active Management Technology that was discovered by F-Secure senior security consultant Harry Sintonen.
Investigations showed that insecure defaults in Intel’s AMT allow an intruder to completely bypass login credentials in most corporate laptops in 30 seconds, which lends itself to the “evil maid” scenario.
When going public with his findings in January 2018, Sintonen said that even a minute of distracting a target from their laptop is enough to enable an attacker to gain access to the target machine.
As well as the AMT vulnerability, F-Secure said there are numerous ways that attackers can compromise a device, including cold boot attacks, inserting compromised hardware, and loading malware.
Although an “evil maid” with unlimited access will always be successful, according to the guide, there are several measures that can be taken to ensure that a physical attack becomes an unrealistic proposition.
The guide advises portable devices users to:
- Never leave devices unattended.
- Always carry with you all small peripherals, such as USB drives.
- Avoid using any unknown peripheral.
- Ensure BIOS and firmware update are applied without delay.
- Enable input–output memory management unit (IOMMU) features.
- Adopt full disk encryption.
- Enforce secure boot protection.
- Shut down devices when unattended.
Some attackers are so skilled that they can replace a device with an identical one without the victim knowing it, the guide warns.
The most likely targets of top-of-the-line “evil maid” attacks are company executives, officials and journalists, but the same techniques can be used to guard against intrusions by less sophisticated, but still highly motivated attackers, such as colleagues, room mates or spouses, according to an F-Secure blog post.