Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Of Encrypted Hard Drives and "Evil Maids"

kdawson posted more than 4 years ago | from the take-the-second-factor-with-you dept.

Encryption 376

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

cancel ×

376 comments

surprise (5, Informative)

jacquesm (154384) | more than 4 years ago | (#29845303)

physical access > digital security

Re:surprise (3, Insightful)

EvanED (569694) | more than 4 years ago | (#29845503)

Actually one of the points of full disk encryption is that it gives you a measure of protection even when physical security is compromised.

Why on earth would do you do it otherwise?

Re:surprise (1)

Yvan256 (722131) | more than 4 years ago | (#29845853)

For the thrill of possibly losing all your data if you ever forget your password?

Bitlocker? (3, Informative)

Philip K Dickhead (906971) | more than 4 years ago | (#29845911)

Bullshit.

The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.

So... Start your engines.

Re:surprise (1)

ByOhTek (1181381) | more than 4 years ago | (#29845629)

Expanding on the other reply - physical access with (sorry for the car analogy) the key in the ignition > all.

Basically, they need physical access with the machine ON (and a way to bypass any locking mechanism that is in place)

Re:surprise (3, Insightful)

aetherworld (970863) | more than 4 years ago | (#29845697)

Slow news day?

That article is actually like saying that there is no point to install a very expensive and secure door lock on your front door because it doesn't help you when you go get groceries and leave your door open. Duh. I'm sure most people realize that the point of disc encryption is not to protect your data while it's unencrypted in memory.

Re:surprise (1)

Sancho (17056) | more than 4 years ago | (#29845767)

If they can compromise the bootloader or BIOS, then they can do it with the machine off. But I believe that Rutkowska realized the implications after moving from Windows to OS X. OS X does not offer full disk encryption--rather, it encrypts your home directory. Thus it's likely still possible to compromise in this manner.

And of course, she focuses on Truecrypt, which also doesn't do whole disk encryption. However it's a popular geek tool for encryption, and as such it's pretty relevant.

Re:surprise (0, Offtopic)

Crudely_Indecent (739699) | more than 4 years ago | (#29845835)

So, if I'm paranoid enough to use whole disk encryption, why am I not paranoid enough to log out of my session when I'm away or have a screen saver password?

Re:surprise (1)

prgammans (134908) | more than 4 years ago | (#29845807)

Is that like a tech version of Rock-paper-scissors

physical access > digital security
digital security > Cowboy Neil
Cowboy Neil > physical access

Bucket List (1, Informative)

allknowingfrog (1661721) | more than 4 years ago | (#29845307)

Someday I want to invent an attack, but only because I want the privilege of naming it.

Re:Bucket List (4, Funny)

mccalli (323026) | more than 4 years ago | (#29845625)

Someday I want to invent an attack, but only because I want the privilege of naming it.

And some day I'd like to be hit by the attack you invent, because saying that I've been hit by an "all-knowing frog" attack would simply be cool.

Cheers,
Ian

Re:Bucket List (5, Funny)

Gulthek (12570) | more than 4 years ago | (#29845857)

The hypnotoad security tool protects against the all-knowing frog attack, but comes with its own drawbac--ALL GLORY TO THE HYPNOTOOL.

At the next defcon... (5, Funny)

purpledinoz (573045) | more than 4 years ago | (#29845309)

I'm imagining a bunch of geeks dressed up in maid outfits.

Re:At the next defcon... (1)

MickyTheIdiot (1032226) | more than 4 years ago | (#29845363)

I've met several female geeks I wouldn't mind seeing in a certain type of maid outfit.

Re:At the next defcon... (2, Funny)

Anonymous Coward | more than 4 years ago | (#29845371)

Damn you... I have an over active imagination, that made me throw up in my mouth. Just for that look at this horrifying thing. [entertainmentearth.com]

Re:At the next defcon... (2, Informative)

MyLongNickName (822545) | more than 4 years ago | (#29845617)

Worse than that. It says the outfit is sold out. I am NOT going outside or answering the door this Halloween.

Re:At the next defcon... (5, Funny)

Anonymous Coward | more than 4 years ago | (#29845693)

Holy crap slashdot, you scare me! That was not sold out when I posted it.

Re:At the next defcon... (1)

mewsenews (251487) | more than 4 years ago | (#29845375)

I'm imagining the tips being much worse than usual

Re:At the next defcon... (1)

Icegryphon (715550) | more than 4 years ago | (#29845481)

That is like a Japanese Fetish.
Otaku even have Maid cafés [wikipedia.org]
I am sure they wouldn't mind a few a feminine male geeks too.
Gotta watch out for those Traps (NSFW prolly) [encycloped...matica.com]

Re:At the next defcon... (1)

b4dc0d3r (1268512) | more than 4 years ago | (#29845759)

You left out tentacles. Got to have tentacles. A maid working for an octopus is what I would have expected.

Re:At the next defcon... (1, Insightful)

FlyingGuy (989135) | more than 4 years ago | (#29845737)

Joanna Rutkowska in a very tiny French Maid outfit? Ohhh yes.

Re:At the next defcon... (0)

Anonymous Coward | more than 4 years ago | (#29845817)

http://www.rutkowska.yoyo.pl/

Re:At the next defcon... (1)

Gnaget (1043408) | more than 4 years ago | (#29845805)

God, I hope rule 34 can be broken

Fine line between security and paranoia (5, Interesting)

elrous0 (869638) | more than 4 years ago | (#29845311)

Seriously, if you're worried about some hacker assassin breaking into your house or office and installing a bootloader, you're either doing something REALLY secretive (in which case the computer probably shouldn't even be on a network to upload any data back in the first place) or you're the kind of person who thinks Obama has your name on an "important persons" list and is coming for your guns. If someone has physical access to your machine and has the skills to install a bootloader, you're pretty much boned anyway, encryption or not (encryption isn't going to stop a simple keylogger). That's nothing new. Fortunately, for the vast vast majority of us, there are very few hacker black operatives who are running around breaking into hotel rooms just so they can get a single Visa number from Bob the dipshit middle manager. Newsflash Bob, YOU'RE NOT THAT IMPORTANT!

Oh, and I love how the article calls the prospect of a ninja hacker hotel maid sneaking a bootloader onto your laptop and then sneaking back into your room later to retrieve the data a "likely scenario." What hotels is this guy staying at anyway?

Re:Fine line between security and paranoia (5, Insightful)

Umuri (897961) | more than 4 years ago | (#29845345)

Offhand, i'd say any prominent high-class hotel that might be used by foreign businessmen on a trip.

I mean, you do have a point, bob the middle manager isn't that important. However there are quite a few business people who this really would be that important to. Corporate espionage is high, and you know china has been doing focused attacks over the network.

Sneakernet is always faster, so if they can train up a few pretty women, pay them a decent programmers wage to have them steal stuff that is the work of 10 engineers or even hundreds, that's a pretty sound economic payoff don't you think?

I think stuff like this has it's purpose, and those who really are at risk need to be educated about it. For the other 95% of us, i think it's useful info to be aware about, just like don't leave your purse out visible in your car. Sure it probably won't happen, but there are always people who would.

Re:Fine line between security and paranoia (5, Insightful)

oldspewey (1303305) | more than 4 years ago | (#29845457)

Bob the middle manager isn't that important, but Bob routinely sends email to Dave the director and Charles the CxO. By trojaning Bob's computer you can start to build a pretty decent profile of the corporate activities going on within, and above, Bob's department ... including travel schedules of some other bigger fish in the corporate pond.

Do this to 3 or 4 Bobs, and pretty soon you'll have an understanding of the corporate org chart, upcoming projects, and most importantly you'll be able to target your future EvilMaid attacks with pinpoint accuracy.

Re:Fine line between security and paranoia (1)

Follier (901079) | more than 4 years ago | (#29845733)

Sneakernet is always faster, so if they can train up a few pretty women, pay them a decent programmers wage to have them steal stuff that is the work of 10 engineers or even hundreds, that's a pretty sound economic payoff don't you think?

No, no no... that whole thing is a total myth.

Maids are not pretty.

Re:Fine line between security and paranoia (1)

oldspewey (1303305) | more than 4 years ago | (#29845783)

Maids are not pretty.

I have definitely seen evidence to refute that assertion.

Re:Fine line between security and paranoia (0, Troll)

swb (14022) | more than 4 years ago | (#29845771)

You know they've run extortion against business guys, politicians and bureaucrats for years using all manner of hired female talent.

The gimmick is Bob the Middle Manager & Happily Married Guy on video cornholing some girl, or even better, a boy. This is used as leverage to control Bob so he can be a mole, giving you valuable info, inside access, etc.

This beats trojaning his computer as you now have a live operator inside the organization who will do anything to keep his wife/boss/kids from finding out his a cheat or a homo.

Re:Fine line between security and paranoia (1, Funny)

Anonymous Coward | more than 4 years ago | (#29845837)

High class hotel in Paris perhaps. There have been numerous occasions when Americans bidding on multi-million dollar/euro contracts in France have been underbid by pocket change. The French secret service is notorious about helping French companies compete!

Re:Fine line between security and paranoia (4, Insightful)

stoolpigeon (454276) | more than 4 years ago | (#29845383)

You vastly underestimate the number of people traveling internationally and engaged in activities that the host governments find to be of interest.

Re:Fine line between security and paranoia (1)

jellomizer (103300) | more than 4 years ago | (#29845515)

That and if your data is that important then you have your screensaver to be password protected. OS X does it, Windows Does it, Linux Does it, Unix does it....

I don't know about you but if I leave my laptop in my hotel room. I tend to lock it up in the safe. (normally I power it off, etc...) It seems to me this will only work for a very ideal set of conditions. And just posted to make people not secure their laptop.

Re:Fine line between security and paranoia (1)

Antique Geekmeister (740220) | more than 4 years ago | (#29845685)

Very few of those do so _automatically_. For almost all such systems, you have to manually select password protected screen locking. Also "screen locking" for X servers does not prevent console access on the other virtual terminals, if you've left an active login on them, or simply killing the X session and grabbing the login shell of the user created their shell session manually.

Even more fun is available when careless laptop users run VPN sessions with such clients left unlocked, so anyone visiting their home or stealing their laptop can access the core of a poorly secured internal network where "we trust the people we work with" and they've refused to engage in effective internal security. The combination of NFS access and Subversion storing unencrypted passwords is a particularly egregious problem, as is the use of the 'keychain' SSH tool and its storgage of information about good targets to grab unlocked key access from in the settings recorded in $HOME/.keychain/.

Traveling data security, coupled with remote network access, is a very real problem only aggravated by people ignoring the risks.

Re:Fine line between security and paranoia (1)

oldspewey (1303305) | more than 4 years ago | (#29845859)

For almost all such systems, you have to manually select password protected screen locking ... Even more fun is available when careless laptop users run VPN sessions with such clients left unlocked

Our corporate laptop Windows images have timed pw-protected screen locking enabled by default, and it can't be disabled (well, with sufficient determination I suppose it could). Furthermore, the VPN tunnel is automatically disconnected when the screensaver kicks in.

It's actually a bit of a pain in the ass, but I can understand why it's configured this way.

Re:Fine line between security and paranoia (1)

mea37 (1201159) | more than 4 years ago | (#29845847)

Those defenses sound good, until you think about them in a world where this attack might be in play. GP's assertion notwithstanding, there are people who really should be this paranoid in their understanding of the limits of security; to those people, what good is the hotel room safe? You're in a position where you have to worry about an evil maid, but you assume the hotel has really provided you with a box that only you will be able to open? Come on.

As for screensaver locks... at best that's going to force the attacker to start by rebooting your system - which is the first step in this attack anyway. So maybe you'll know your machine has been tampered with... unless, being unaware of evil maid attacks, you just assume Windows threw a fit and rebooted itself.

Re:Fine line between security and paranoia (-1, Flamebait)

will_die (586523) | more than 4 years ago | (#29845527)

It is more likly to be an Enemy List [yahoo.com]

Re:Fine line between security and paranoia (-1, Flamebait)

ryanov (193048) | more than 4 years ago | (#29845751)

Well, at least now I'm reminded why I labeled you an idiot.

Incidentally, bipartisan cooperation? When has any Democratic administration managed that even when they were being nice to the Republicans? We had 39 Republicans vote against a ban on gang rape, essentially, the other day.

Re:Fine line between security and paranoia (1)

Rob the Bold (788862) | more than 4 years ago | (#29845687)

Oh, and I love how the article calls the prospect of a ninja hacker hotel maid sneaking a bootloader onto your laptop and then sneaking back into your room later to retrieve the data a "likely scenario." What hotels is this guy staying at anyway?

French hotels. Never seen "Nikita", have you?

Re:Fine line between security and paranoia (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29845777)

That's true, but what if it's Jimmy the WhiteHat attending DefCon with a very nice implementation of a much better hack? A vulnerability in a Blackberry device, for instance, which forwards email silently to another address? A list of hacks for Macbooks to win the cash prizes?

$10k to another blackhat in prize money is one thing, $Xm from the card details gathered using a zero-day exploit is probably big enough motivation to get a sister or cousing a job in a Vegas hotel for a month prior...

Re:Fine line between security and paranoia (0)

Anonymous Coward | more than 4 years ago | (#29845913)

You have to remember corporations have no souls. They don't act like you and I. If installing bootloaders and keyloggers is worth doing, it's worth doing regardless of whether it is seen as bizarre or paranoia. It is simply corporate feudalism in action. Realise those empires that fell were talked into failure by far more cutthroat and evil scammers. We live now in the midst of an insane feudalistic war of corporate opression whose ideal is to enslave all of humanity for their own good.

The children of Earth deserve better. It is up to us, the thinkers and those still left with imaginations and fantasies to bring all of humanity forward to a better understanding and ultimate love.

Also... (0)

Anonymous Coward | more than 4 years ago | (#29845315)

Joanna Rutkowska [zdnet.com] is hot!

News at eleven (1)

sopssa (1498795) | more than 4 years ago | (#29845319)

Leave your computer unprotected somewhere where you cant see it and someone can use it.

Encryption doesn't really have anything to with that and anyone not stupid should understand that.

Just another good reason... (2, Informative)

detachment2702 (813035) | more than 4 years ago | (#29845327)

Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.

Trojans still work (1)

tokul (682258) | more than 4 years ago | (#29845343)

Trojans still work and can be used against security software. News at 11.

Re:Trojans still work (0, Offtopic)

JustOK (667959) | more than 4 years ago | (#29845551)

am or pm? Plus, that sounds like you still use TV for news. How...quaint. We heard that people used to do that. And, I'm not on your lawn.

bootloader checksum (4, Insightful)

arabagast (462679) | more than 4 years ago | (#29845347)

If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).

Re:bootloader checksum (1)

EsbenMoseHansen (731150) | more than 4 years ago | (#29845631)

If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).

Wouldn't it be a lot easier simply to use a boot loader from said USB stick?

Re:bootloader checksum (0)

Anonymous Coward | more than 4 years ago | (#29845727)

Yes it is easy; at least using Fedora's option to install via whole disk encryption. I haven't have any issues with this except for one client I worked for that had a no thumb drives allowed policy; I had to boot in the parking lot and leave my boot loader unattended in the car.

Re:bootloader checksum (2, Insightful)

oldspewey (1303305) | more than 4 years ago | (#29845925)

one client I worked for that had a no thumb drives allowed policy

I've dealt with clients like this too - no thumb drives, no phones with cameras - and in most cases these clients left gigantic vulnerabilities in other areas that made the threat of a few crappy cellphone pictures laughable.

And that's the lesser evil (5, Funny)

Thanshin (1188877) | more than 4 years ago | (#29845357)

You could have found the evil bartender.

You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".

The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".

Re:And that's the lesser evil (4, Funny)

JustOK (667959) | more than 4 years ago | (#29845571)

"Has anyone seen my kidney?"

Re:And that's the lesser evil (1)

rcamans (252182) | more than 4 years ago | (#29845775)

Wait a minute. I like the sound of this. Where can I get me a whole bunch of evil bartenders? Please?

My bootloader is on USB (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29845359)

Sorry, but my bootloader, GRUB, kernel and boot partition are on USB. The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.

The evil maid will thus have to work harder: devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.

With TrueCrypt, which doesn't put any identifiable information in partition headers, the job might be harder still.

Re:My bootloader is on USB (2, Funny)

Viol8 (599362) | more than 4 years ago | (#29845487)

Its funny the levels kiddy porn file sharers have to go to these days to stay 1 step ahead of the police.

Re:My bootloader is on USB (0)

Anonymous Coward | more than 4 years ago | (#29845721)

Bigger worry than the evil maid is the rubber hose method of decryption--beating a suspect until he reveals the key. Or, the US version of this, hold a suspect in contempt until he reveals the key. Suspects can be held indefinitely until they reveal the key. Supposedly there is a 5th amendment argument against the forced divulging of encryption keys, but in a somewhat ambiguous case this argument was rejected, and the suspect just in the past few months pled guilty.

But what if there is no password, or that the password is stored on a system that is itself encrypted? Take two systems, the key file for system A is on the encrypted drive of B, and vice versa. Either system can be rebooted individually. But if they are ever turned off at the same time, all the data becomes unrecoverable. Would this be considered destruction of evidence? Regardless, you could not be held in contempt, and jailed indefinitely.

Of course the data could be recovered through various means if the authorities messed with the computers while they were still running. But I doubt they would expect such a scenario, and even if they did, messing with running computers is dangerous from a data integrity standpoint. It allows the suspect to install various booby traps that erase data.

Re:My bootloader is on USB (3, Funny)

MyLongNickName (822545) | more than 4 years ago | (#29845705)

If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.

1) Step one: apply pliers to target's scrotum.
2) Ask them once to access the laptop.
3) If any resistance is given, squeeze the pliers just a tad.

Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.

Re:My bootloader is on USB (0)

Anonymous Coward | more than 4 years ago | (#29845743)

No, what you have on USB is just one bootloader. There's another one in the BIOS which runs first. How do you know the evil maid didn't compromise that, too? Maybe she included an invisible virtual machine monitor that appears to boot your machine normally while logging keystrokes.

They might already be watching you! Just waiting until they've captured enough information about your contacts, waiting to capture enough evidence against you to be sure of a conviction.

hotel room? (0)

Anonymous Coward | more than 4 years ago | (#29845361)

1. who leaves their computer in the room when going "out" (isnt that why we all bought netbooks to take with us in our pocket/bag?
2. who does not put the "do not disturb" when going to a hotel room (yea, yea, not secure...)
3. cant do this to a linux livecd (unless they replace your cdr)

BIOS password (1)

Fackamato (913248) | more than 4 years ago | (#29845397)

If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?

You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.

Really, if you have physical access to the machine, it's got no chance.

Re:BIOS password (1)

Xoron101 (860506) | more than 4 years ago | (#29845573)

Or remove the drive, put it in another computer, install the boot loader and off you go.

Without physical security, you may as well have no security.

Re:BIOS password (1)

Thoguth (203384) | more than 4 years ago | (#29845601)

If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?

You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.

Really, if you have physical access to the machine, it's got no chance.

The difference is, if someone took it apart and reset the BIOS password, it would take a lot more time than just the 1-minute boot from USB stick, and more importantly, the next time you boot the machine, you'd see the password was reset, know it had been tampered, and not enter your decryption key. Unless there's a more sophisticated BIOS password attack that I'm unaware of, this would keep your data private.

A bigger issue, though, is if you have information sensitive enough to require a BIOS password and full disk encryption, it's probably also sensitive enough to physically secure the machine and/or keep it on your person at all time.

Re:BIOS password (1)

EsbenMoseHansen (731150) | more than 4 years ago | (#29845659)

If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?

You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.

Really, if you have physical access to the machine, it's got no chance.

BIOS passwords are easy.. simply remove the harddrive and install in another laptop.

Re:BIOS password (1)

BranMan (29917) | more than 4 years ago | (#29845861)

Hopefully you have intrusion detection too - then you'd see that the case had been opened when booting it up later, and again, not input your decryption password.

Re:BIOS password (1)

jandrese (485) | more than 4 years ago | (#29845719)

The point is that the encryption software itself is not encrypted (or is self-encrypted with it's own key, which is pointless), and you can replace it with a trojaned version, presumably by booting off of USB stick or CD or something and installing your hacked version. That said, the BIOS password would actually be a pretty strong deterrent here, since even if they do reset it, you're going to notice when you come back and your BIOS password is not set. This attack pretty much relies on you not noticing the compromise and start using your machine normally (entering passwords, etc...)

Note that this attack doesn't work against the most common case: someone stealing your laptop, since it requires you to operate the machine thinking it is uncompromised. This is for the super-paranoid who think (or maybe HAVE) a government out to get them.

Of course, as other people have pointed out, if someone has extended physical access to your machine, all bets are off. You could have a dozen different hardware keyloggers, a trojaned HDD, automatic hardware screen capture, hidden webcam, anything really up to your level of paranoia.

Re:BIOS password (1)

Otter Popinski (1166533) | more than 4 years ago | (#29845755)

I think you've misunderstood. If the computer is shut down, the full-disk encryption will do its job as intended, even if -- as some other replies have suggested -- the HDD is removed and put into another computer. The attack discussed in the article assumes that you've left your computer on (so the HDD is "unlocked") and the attacker has physical access to it. At that point, they can install the hacked bootloader and *then* steal your computer or hard drive. At least I'm assuming they'd steal something at that point, because if they just wanted your data, well... the computer was already on and they already had access to it.

Bootloader? BitLocker? (4, Insightful)

sam0737 (648914) | more than 4 years ago | (#29845423)

I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?

Re:Bootloader? BitLocker? (2, Informative)

Anonymous Coward | more than 4 years ago | (#29845485)

I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?

It does, and thus the attack doesn't work here:
"The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified."
Now we'd just need someone to reverse the decision that TPMs are all evil and should not be used.

Re:Bootloader? BitLocker? (1)

Eponymous Coward (6097) | more than 4 years ago | (#29845609)

Now we'd just need someone to reverse the decision that TPMs are all evil and should not be used.

What do you mean? Assuming you aren't using a company computer, you're allowed to make that decision all by yourself. There are quite a few machines out there with TPM on board.

-ec

Re:Bootloader? BitLocker? (2, Insightful)

Cyberax (705495) | more than 4 years ago | (#29845797)

Yes. You can have almost perfect _physical_ security with TPM.

Alas, most of developers are allergic to it, even if it has good uses.

Re:Bootloader? BitLocker? (3, Interesting)

rcamans (252182) | more than 4 years ago | (#29845811)

A lot of designs do not have the tpm chip implemented. I know, because I am a designer, and most of the design requirements I fill do not include or want a tpm chp. This will only be in all systems when Intel makes it a part of their system chips (what used to be the north bridge / south bridge combination, and is now the PCH or silverthorne).

Re:Bootloader? BitLocker? (1)

zippthorne (748122) | more than 4 years ago | (#29845841)

The problem with bitlocker is that it's only part of the ultimatextremeultra most expensive version of Windows. Most people would be too cheap to get that version, even if they knew what the benefit was. So your home computer probably doesn't have it. Your company provided laptop probably also doesn't have it, unless you're fairly high up in importance.

Nope, won't work with Bitlocker (1)

afidel (530433) | more than 4 years ago | (#29845443)

At least not with TPM hardware store, that's kind of the whole point. I'm surprised Bruce isn't aware of this combination.

Just use a CD (2, Informative)

AmiMoJo (196126) | more than 4 years ago | (#29845475)

When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.

Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.

BIOS passwd might help (1)

redelm (54142) | more than 4 years ago | (#29845477)

It is very hard to prevent compromises when the attacker has physical access to the machine.

One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd. This denies the maid a boot or any disk access (respectively). Of course, she could always pop the disk out and write it on her own machine. Unless key [boot] parts were BIOS encrypted.

As usual, security always has some cost for the user and has to be balanced against benefits [reduced risk of loss].

Re:BIOS passwd might help (1)

Eponymous Coward (6097) | more than 4 years ago | (#29845627)

Good idea. If you've set the password on the hard drive, moving it to a different machine won't help.

I am thinking there is a different way. (1)

JDeane (1402533) | more than 4 years ago | (#29845493)

Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand. This is why the best security is physical security and limiting access to you hardware.

Re:I am thinking there is a different way. (1)

Yvan256 (722131) | more than 4 years ago | (#29845895)

My Mac doesn't have a PS/2 port, so it's 50% more secure than a non-Mac PC!

Paranoia (1)

Gudeldar (705128) | more than 4 years ago | (#29845499)

If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive.

Use a bootdisk (1)

mysidia (191772) | more than 4 years ago | (#29845507)

Boot from read-only removable media. Have a 'verification program' in the boot loader that verifies a signature on the OS bootstrap

Digitally sign everything that isn't encrypted, and contain the proper signatures/keys on the removable media that you always carry with you

Best solution - take the darn laptop with you (1)

Viol8 (599362) | more than 4 years ago | (#29845517)

What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway, encrypted disk or not?

This is a non story - as everyone has known for decades , someone with access to the machine can do what they like. And they probably will.

Easily foiled (4, Insightful)

Hogwash McFly (678207) | more than 4 years ago | (#29845521)

Evil maids are easy to spot because of their goatees.

Who cares? (1)

Mr_Plattz (1589701) | more than 4 years ago | (#29845525)

Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked? Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about? If you're answer this you may as well also include Windows, can you gain access to Windows after it's been locked? What are they going to do? The second they bounce it the data is useless.

Re:Who cares? (0)

Anonymous Coward | more than 4 years ago | (#29845651)

I think the point here is that your 'The second they bounce it the data is useless' point is flawed. They are saying that, yes, if someone steals the device once the data is unavailable to them. However, if they acquire secretly, and compromise the system and return it without your knowledge, with a keylogger in the bootloader, they could log your disk's password and the next time they steal the device they have full access.

Re:Who cares? (0)

Anonymous Coward | more than 4 years ago | (#29845781)

Um.. because the evil maid can just boot from external media with all the privileges she needs.

Re:Who cares? (1)

elsJake (1129889) | more than 4 years ago | (#29845921)

Yes , one can abuse the DMA subsystem though firewire/usb and read/write to system memory. That way you can recover encryption keys and/or unlock the "locked" system. If you leave your laptop with the screen locked but on in your hotel room you have the cold boot attack for your encryption keys.

Here we go again.... (0)

Anonymous Coward | more than 4 years ago | (#29845529)

Yet another "if someone has complete unrestricted access to your computer they can own it" attacks. If someone has the kind of access that they suggest in the article then they could hook in a keylogger between your keyboard and USB port, wait a week, pickup their keylogger and get all of your passwords and private information anyway.

Encryption is there to protected the *data* it is not there to protect your *computer.*

Frankly whole drive encryption is a bad idea.
  - It slows stuff down.
  - Makes your computer more likely to malfunction (and to be more serious when it does).
  - But worst of all it makes it much easier to break into your encrypted data.

The more unencrypted data the attacker has, the easier it is to break the encryption. If you encrypt for example your Windows folder then you have just given the attacker a TON of information and while modern encryption cannot often be broken on PCs, the security services might be able to have a good shot at it.

Re:Here we go again.... (1)

ledow (319597) | more than 4 years ago | (#29845607)

You second point against is the reason I steer clear on permanent whole-disk encryption on working machines.

Even with expensive servers, perfect RAID cards, BBU's and every other possible protection - sometimes the OS will just flip out and either crash or write crap to your filesystem. If not the OS, then the drive itself will do it. And then you have to do a chkdsk/fsck and with any form of encryption the chances are that you just trashed a whole lot more than a recent file entry and whatever open temporary files you have. Encryption ruining the basic readability of the filesystem and its underlying structure is the main reason I hate encryption products that operate whole-disk (which is the only perfect way to stop things being complete secure against permanent physical theft, I have to admit).

I can see using encryption for backups, I can see using it for any data that leaves the computer (network, tapes, etc.) but on the actual machine itself? I can see working on encrypted containers (with the knowledge that the data never gets written anywhere else in the meantime). But it's always seemed too risky to blanket-apply it to the whole storage device unless you're *really* certain about your backups being perfect and up-to-date all the time.

It's one of those "yeah, should never happen - but if it does, you're screwed" things.

Why are we talking about this? (4, Insightful)

dachshund (300733) | more than 4 years ago | (#29845647)

You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.

Maybe if she's an idiot. Once you've installed your own bootloader, it can neatly remove itself. (After installing malware, or transferring the encryption keys and data it needs over the network.) Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?

But more to the point, it must be a slow week. Why are "serious" security researchers even wasting time on something this obvious? Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader. Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky. After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded). A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.

Even trusted boot will only get you so far against a motivated adversary with this much sophistication. Don't leave your vital computing equipment behind in your hotel room.

Re:Why are we talking about this? (0)

Anonymous Coward | more than 4 years ago | (#29845897)

I read a lot of comments to the effect of "why don't you take your laptop with you".. that has a number of practical problems.

1) Going to a fancy dress banquet? Yep, that laptop case over your shoulder looks real fine, and I'm sure the customer will be impressed.

2) Heading out for a night with the colleagues and customers? Seems that shlepping the laptop around to the bars,pubs, discos, etc. makes it a target for a plain old grab attack? You've protected against the targeted evil maid at the expense of losing the laptop in run of the mill street crime. Yes, your encryption will keep your data safe, but how many people carry a full backup and reserve computer on travel?

3) Sooner or later you'll wind up needing to go to the bathroom. Carrying your laptop with you is probably impractical. Do you trust the folks you're meeting with to leave your laptop on the desk (after all they could be the ultimate employer of the evil maid)?

There needs to be some generic solution that lets you not worry about the "stick in the USB boot device and press reset" sort of attack. Once you've got that, then all you worry about is it not being physically stolen.. and the hotel safe takes care of that for you. A laptop with NO writable media would do; that is, it uses only external storage. (sure, one could open the laptop and install some sort of keylogger, but that is trivially solvable with the usual tamperproof seals or, if you're really serious, self destruct) You'd carry the entire disk with you in an encrypted USB dongle.

This is why (1)

cmdr_tofu (826352) | more than 4 years ago | (#29845667)

I do an md5checksum of grub and /boot from a USB key which on me at all times every time I boot my computer. Seriously, I don't know of any other foolproof way to defend against this. I do know where my encrypted laptop hard drive is most of the time.

TPM (0)

Anonymous Coward | more than 4 years ago | (#29845669)

Best security (0, Troll)

Luxifer (725957) | more than 4 years ago | (#29845675)

The best security is to pick an obscure poison. Take it in small doses until you're immune. Coat the keyboard with it. Better yet, get a keyboard that automatically dispenses the poison.
Evil maid now equals dead maid.

My only problem is, now that the maid is dead, who's gonna hide the body?

Put the boot loader on a stick! (1)

Seth Kriticos (1227934) | more than 4 years ago | (#29845689)

If you are really a paranoid traveler, then you should put the bootloader on a stick (and possibly one half of the key too, the other in your head).

I read a description somewhere how to make it work best. Install a bare bone windows OS on one partition, put on some icons for crap so it does not look too shrink wrapped. Put your real OS (preferably not a Windows one, as this would make security mostly futile anyway) on a second partition.

Then make your stick the primary boot medium, hdd the second one. Maid comes in and finds just a diversion OS with no data to compromise (as this boots when the stick is not inserted). Even if the bootloader is played with, once you put in your stick and boot up, your real and encrypted OS will be booted from stick, which had no manipulation what so ever.

Add some individual touch to make it harder to compromise.

You also evade stupid border guards stupid questions this way, as your real OS stays kind of camouflaged (well, not really, but more than enough for people with no clue).

And be careful of those flashable BIOS'es.

Look at the big picture (1)

mathimus1863 (1120437) | more than 4 years ago | (#29845709)

To say that this is pointless because "no one" would ever be the target of such an attack, is just silly.

99.99999% of people would never be targeted by this kind of attack. But the 0.00001% for whom it matters (CIA operatives, for instance), it's in everyone's best interest that such attacks are known about and avoided (or at least for the government who is sponsoring the operative). A million unimportant, paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field, and dissolving a political landscape, or a source of critical intelligence that keeps us safe.

Luckily, we have millions of paranoid nerds to find these flaws so that the people who really do need it are better prepared.

TrueCrypt can fingerprint encrypted volume (1)

TechForensics (944258) | more than 4 years ago | (#29845791)

This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed. It should notice if the bootloader no longer checksums the same (so far as I understand).

Re:TrueCrypt can fingerprint encrypted volume (1)

JSBiff (87824) | more than 4 years ago | (#29845865)

"This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed."

Unless the hacked bootloader deletes or disables the fingerprint checker? Seriously, I can't see how verifying the bootloader *AFTER* you've already provided the password/key to decrypt the volume, offers you *any* protection? At that point, it's pretty much game over, no?

MITM? (1)

sootman (158191) | more than 4 years ago | (#29845803)

So this could be considered a type of maid-in-the-middle attack?

And how exactly... (1)

Hurricane78 (562437) | more than 4 years ago | (#29845819)

...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control? (Something possible with the Lenovo ThinkPads for example. In which case it is a good concept, as opposed to what the media companies planned to do with it.)

Hardware security against hardware meddling. Simple as that.

Now the next level would be physically modifying the motherboard. But even against that you can protect yourself. By using the TPM to check the trustworthiness of the components, encrypting bus communication, etc. (Which the TPM platform, if I'm correct, is doing already) and using a hardware dongle key, that is itself encrypted. That you both take with you. Perhaps only working with a class 3 USB dongle (included key reader, keypad and display).

I want to see you crack that system then. ^^

Of course, in reality, they will simply give you a good old-fashioned beating (or modern waterboarding), until you tell them the password and give them the key and class 3 device.
Which will only help them, if you did not destroy the key dongle beforehand. (Or had it split, and one of the parts is out of reach.) But the beating will always be yours to take. ^^

Re:And how exactly... (1)

drinkypoo (153816) | more than 4 years ago | (#29845891)

Could you please point me to a subnotebook with TPM and which is compatible with coreboot? As in, I can already use grub as a coreboot payload by doing nothing but compiling.

this is old news (0)

Anonymous Coward | more than 4 years ago | (#29845881)

This is really old news and too many windows 7 fanboys are turning a blind eye to it as well..

I'll be yelling at the walls for a long time to come just so self absorbed supposed
'superior tech' morons can catch up to the obvious..
Paranoid security people like myself will always be
of value, but when you asshats don't listen to us, the joke is on YOU!!

The rest of the lamers
can fade away in the background for all I care, fruity asshat fanboys
and pretend security 'know it all's' suck!! as usual..

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...