{"id":76929,"date":"2020-09-28T09:40:00","date_gmt":"2020-09-28T06:40:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/"},"modified":"2020-09-28T09:40:00","modified_gmt":"2020-09-28T06:40:00","slug":"what-is-an-evil-maid-attack-and-what-does-it-teach-us","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/","title":{"rendered":"#What Is an \u201cEvil Maid\u201d Attack, and What Does It Teach Us?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3cc59c88533\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3cc59c88533\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#Whats_an_%E2%80%9CEvil_Maid%E2%80%9D_Attack\" >What\u2019s an \u201cEvil Maid\u201d Attack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#Its_Not_Just_%E2%80%9CEvil_Maids%E2%80%9D\" >It\u2019s Not Just \u201cEvil Maids\u201d<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#Who_Really_Needs_to_Worry\" >Who Really Needs to Worry?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#How_Does_an_Evil_Maid_Attack_Work\" >How Does an Evil Maid Attack Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#What_It_Teaches_Us_About_Computer_Security\" >What It Teaches Us About Computer Security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-an-evil-maid-attack-and-what-does-it-teach-us\/#How_Can_You_Protect_Against_Evil_Maid_Attacks\" >How Can You Protect Against Evil Maid Attacks?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What Is an \u201cEvil Maid\u201d Attack, and What Does It Teach Us?&#8221;<\/strong><\/p>\n<div>\n<figure id=\"attachment_689623\" style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-689623 size-full\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/09\/xmaid-cleaning-hotel-room.jpg.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.93mO_Ic1vv.jpg\" alt=\"A maid tidying up a bed in a hotel room.\" width=\"650\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/asian-maid-tidying-bed-cleaning-luxury-93542680\" data-credittext=\"Diego Cervo\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/asian-maid-tidying-bed-cleaning-luxury-93542680\">Diego Cervo\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>You\u2019ve secured your computer with strong disk encryption and security software. It\u2019s safe\u2014as long as you keep it within eyesight. But, once an attacker has physical access to your computer, all bets are off. Meet the \u201cevil maid\u201d attack.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Whats_an_%E2%80%9CEvil_Maid%E2%80%9D_Attack\"><\/span>What\u2019s an \u201cEvil Maid\u201d Attack?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It\u2019s often repeated in cybersecurity: Once an attacker has physical access to your computing device, all bets are off. The \u201cevil maid\u201d attack is an example\u2014and not just a theoretical one\u2014of how an attacker could access and compromise an unattended device. Think of the \u201cevil maid\u201d as a spy.<\/p>\n<p>When people <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">travel<\/a> for business or pleasure, they often leave their laptops in hotel rooms. Now, what if there was an \u201cevil maid\u201d working in the hotel\u2014a cleaning person (or someone disguised as a cleaning person) who, in the course of their normal cleaning of the hotel room, used their physical access to the device to modify it and compromise it?<\/p>\n<p>Now, this likely isn\u2019t something the average person needs to worry about. But it is a concern for high-value targets like government employees travelling internationally or executives concerned about industrial espionage.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Its_Not_Just_%E2%80%9CEvil_Maids%E2%80%9D\"><\/span>It\u2019s Not Just \u201cEvil Maids\u201d<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_689624\" style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-689624 size-full\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/09\/xlaptop-in-conference-room.jpg.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.vS1SLKAWP8.jpg\" alt=\"A laptop sitting on a conference room table.\" width=\"650\" height=\"434\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/conference-hall-interior-table-raw-chairs-82643695\" data-credittext=\"Rihardzz\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/conference-hall-interior-table-raw-chairs-82643695\">Rihardzz\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>The term \u201cevil maid\u201d attack was first coined by computer security researcher\u00a0Joanna Rutkowska in 2009. The concept of an \u201cevil\u201d maid with access to a hotel room is designed to illustrate the problem. But an \u201cevil maid\u201d attack can refer to any situation where your device leaves your eyesight and an attacker has physical access to it. For example:<\/p>\n<ul>\n<li>You order a device online. During the shipping process, someone with access to the package opens the box and compromises the device.<\/li>\n<li>Border agents at an international border take your laptop, smartphone, or tablet into another room and return it a bit later.<\/li>\n<li>Law enforcement agents take your device into another room and return it later.<\/li>\n<li>You\u2019re a high-level executive and you leave your laptop or other device in an office that other people might have access to.<\/li>\n<li>At a computer security conference, you leave your laptop unattended in a hotel room.<\/li>\n<\/ul>\n<p>There are countless examples, but the key combination is always that you\u2019ve left your device unattended\u2014out of your eyesight\u2014where someone else has access to it.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Who_Really_Needs_to_Worry\"><\/span>Who Really Needs to Worry?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let\u2019s be realistic here: Evil maid attacks aren\u2019t like many computer security problems. They aren\u2019t a concern for the average person.<\/p>\n<p>Ransomware and other malware spreads like wildfire from device to device over the network. In contrast, an evil maid attack requires an actual person to go out of their way to compromise your device specifically\u2014in person. This is spycraft.<\/p>\n<p>From a practical perspective, evil maid attacks are a concern for politicians travelling internationally, high-level executives, billionaires, journalists, and other valuable targets.<\/p>\n<p>For example, in 2008, Chinese officials may have <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"http:\/\/www.nbcnews.com\/id\/24880526\/ns\/us_news-security\/t\/did-chinese-hack-cabinet-secretarys-laptop\/\">secretly accessed the contents of a US official\u2019s laptop<\/a> during trade talks in Beijing. The official left his laptop unattended. As the Associated Press story from 2008 puts it, \u201cSome former Commerce officials told the AP they were careful to keep electronic devices with them at all times during trips to China.\u201d<\/p>\n<p>From a theoretical perspective, evil maid attacks are a helpful way to think of and summarize a whole new class of attack for security professionals to defend against.<\/p>\n<p>in other words: You probably don\u2019t need to worry that someone will compromise your computing devices in a targeted attack when you let them out of your eyesight. However, someone like Jeff Bezos definitely does need to worry about this.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_Does_an_Evil_Maid_Attack_Work\"><\/span>How Does an Evil Maid Attack Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_689625\" style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-689625 size-full\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/09\/xlaptop-in-hotel-room.jpg.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.o8UW_FCFaq.jpg\" alt=\"A laptop sitting on a desk in a hotel room.\" width=\"650\" height=\"434\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/laptop-541683223\" data-credittext=\"polkadot_photo\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/laptop-541683223\">polkadot_photo\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>An evil maid attack relies on modifying a device in an undetectable way. In coining the term, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"http:\/\/theinvisiblethings.blogspot.com\/2009\/10\/evil-maid-goes-after-truecrypt.html\">Rutkowska demonstrated an attack<\/a> compromising TrueCrypt system disk encryption.<\/p>\n<p>She created software that could be placed on a bootable USB drive. All an attacker would have to do is insert the USB drive into a powered off computer, turn it on, boot from the USB drive, and wait about one minute. The software would boot and modify the TrueCrypt software to record the password to disk.<\/p>\n<p>The target would then return to their hotel room, power on the laptop, and enter their password. Now, the evil maid could return and steal the laptop\u2014the compromised software would have saved the decryption password to disk, and the evil maid could access the contents of the laptop.<\/p>\n<p>This example, demonstrating modifying a device\u2019s software, is just one <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach. An evil maid attack could also involve physically opening a laptop, desktop, or smartphone, modifying its internal hardware, and then closing it back up.<\/p>\n<p>Evil maid attacks don\u2019t even have to be that complicated. For example, let\u2019s say a cleaning person (or someone posing as a cleaning person) has access to the office of a CEO at a Fortune 500 company. Assuming that CEO uses a desktop computer, the \u201cevil\u201d cleaning person could install a hardware key logger between the keyboard and the computer. They could then return a few days later, grab the hardware key logger, and see everything the CEO typed while the key logger was installed and recording keystrokes.<\/p>\n<p>The device itself doesn\u2019t even have to be compromised: Let\u2019s say that a CEO uses a specific model of laptop and leaves that laptop in a hotel room. An evil maid access the hotel room, replaces the CEO\u2019s laptop with a laptop that looks identical running compromised software, and leaves. When the CEO turns on the laptop and enters their encryption password, the compromised software \u201cphones home\u201d and transmits the encryption password to the evil maid.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_It_Teaches_Us_About_Computer_Security\"><\/span>What It Teaches Us About Computer Security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>An evil maid attack really highlights how dangerous physical access to your devices is. If an attacker has unsupervised physical access to a device you leave unattended, there\u2019s little you can do to protect yourself.<\/p>\n<p>In the case of the initial evil maid attack, Rutkowska demonstrated that even someone who followed the basic rules of enabling disk encryption and powering off their device whenever they left it alone was vulnerable.<\/p>\n<p>In other words, once an attacker has physical access to your device outside of your eyesight, all bets are off.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_Can_You_Protect_Against_Evil_Maid_Attacks\"><\/span>How Can You Protect Against Evil Maid Attacks?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_689626\" style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-689626 size-full\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/09\/hotel-room-safe.jpg.pagespeed.ce.4TFWuySiCb.jpg\" alt=\"A hotel room safe.\" width=\"650\" height=\"468\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/hotel-safe-89891293\" data-credittext=\"B Calkins\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/hotel-safe-89891293\">B Calkins\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>As we\u2019ve pointed out, most people really don\u2019t need to be concerned about this type of attack.<\/p>\n<p>To protect against evil maid attacks, the most effective solution is just to keep a device under surveillance and ensure no one has physical access to it. When the leaders of the world\u2019s most powerful countries travel, you can bet they don\u2019t leave their laptops and smartphones lying around unsupervised in hotel rooms where they could be compromised by another country\u2019s intelligence service.<\/p>\n<p>A device could also be placed in a locked safe or other type of lockbox to ensure an attacker can\u2019t access the device itself\u2014although someone may be able to pick the lock. For example, while many hotel rooms have built-in safes, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.corporatetravelsafety.com\/safety-tips\/how-safe-are-hotel-room-safes\/\">hotel employees generally have master keys<\/a>.<\/p>\n<p>Modern devices are becoming more resistant to some types of evil maid attacks. For example, Secure Boot ensures that devices won\u2019t normally boot untrusted USB drives. However, it\u2019s impossible to protect against every type of evil maid attack.<\/p>\n<p>A determined attacker with physical access will be able to find a way.<\/p>\n<hr\/>\n<p>Whenever we write about computer security, we find it helpful to revisit\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/xkcd.com\/538\/\">a classic xkcd comic about Security<\/a>.<\/p>\n<p>An evil maid attack is a sophisticated type of attack the average person is unlikely to deal with. Unless you\u2019re a high-value target likely to be the target of intelligence agencies or corporate espionage, there are plenty of other digital threats to worry about, including ransomware and other automated attacks.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/689599\/what-is-an-evil-maid-attack-and-what-it-teaches-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What Is an \u201cEvil Maid\u201d Attack, and What Does It Teach Us?&#8221; Diego Cervo\/Shutterstock.com You\u2019ve secured your computer with strong disk encryption and security software. It\u2019s safe\u2014as long as you keep it within eyesight. But, once an attacker has physical access to your computer, all bets are off. Meet the \u201cevil maid\u201d attack. What\u2019s an&#8230;<\/p>\n","protected":false},"author":1,"featured_media":76930,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/thumbcache\/2\/200\/1d2f61347a426b6bbf97e3666caff695\/wp-content\/uploads\/2020\/09\/maid-cleaning-hotel-room.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-76929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=76929"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/76930"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=76929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=76929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=76929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}