F-Secure has issued a guide regarding the so-called „evil maid attacks“, where devices can be compromised due to physical access, stating that these should not be discounted as a significant threat to the security.
A twelve-page guide explains the „evil maid attack“, which represents „any form of physical tampering, regardless of the opportunity and location of the attack, aimed at obtaining either persistence on the victim equipment for future remote access, or immediate extraction of the desired data, such as the hard disk contents.”
The “evil maid attack” was originally introduced by Joanna Rutkowska in 2009, describing the class of attacks that can be mounted locally, with physical access, on unattended equipment.
The guide also provides some tips that can be used to protect devices against tampering as well as provides details on impacts of such security issue.
Some of the well-known vulnerabilities that can be exploited in such attacks is the one seen with Intel’s Active Management Technology, discovered by F-Secure’s senior security consultant, Harry Sintonen, where it is possible to completely bypass login credential in most laptops in mere 30 seconds.
The guide also mentions several other ways that can be used to compromise a device in “evil maid attacks”, including cold boot attacks, loading malware or inserting compromised hardware.
Some of the ways to mitigate such attacks include never giving an opportunity for such attack by leaving your devices unattended, including peripherals like USB drives, avoid using unknown peripherals, ensuring latest BIOS and firmware updates are installed, use full disk encryption, use secure boot protection and shutdown unattended devices.
F-Secure claims that “evil maid attacks” are quite a serious security issue with attackers usually targeting high-level executives and officials.
You can check out the full guide over at F-Secure’s website.