Word of the Day: evil maid attack

Word of the Day Daily updates on the latest technology terms |April 30, 2018

evil maid attack An evil maid attack is a security exploit that physically targets an unattended computing device. An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's knowledge. Besides giving this type of attack a very catchy name, Polish security researcher Joanna Rutkowska successfully demonstrated in 2009 that even full disk encryption (FDE) cannot be counted on to protect a laptop when an attacker has physical access to the device.   Such an attack might unfold like this:   Scene I: A Chief Financial Officer (CFO) at a conference leaves her laptop in her hotel room during dinner, confident that any corporate data on the laptop is safe because the hard drive is encrypted.   Scene II: An evil maid (who is actually a corporate spy involved in industrial espionage) spots the CFO leaving her room.   Scene III: The evil maid sneaks into the CFO's room and boots up her laptop from a compromised bootloader on a USB stick. The evil maid then installs a keylogger to capture the CFO's encryption key and shuts the laptop back down.   Scene IV: The CFO returns from dinner and boots up her computer. Suspecting nothing, she enters her encryption key and unlocks the laptop's disk drive.   Scene V: The following morning, while the CFO is downstairs at breakfast, the evil maid comes back and retrieves the keylogger which now knows the CFO's encryption key. The name "evil maid" has caught on with security professionals and the label has been used in a general fashion to describe scenarios in which the attacker doesn't simply steal the device -- or access it once to clone the hard drive -- but instead, returns multiple times to wreak havoc.  Company executives, government officials and journalists are the most likely targets of evil maid attacks. Whether the purpose of the attack is to change, steal or sell information, chances are high that the attacker will also make changes to the device's software that will permit remote entry later on.   Experts recommend the following steps should be taken to lessen the chance of this type of physical attack: Never leave computing devices or small peripherals, such as USB drives, unattended. Avoid using any unknown peripheral. Ensure BIOS and firmware updates are always applied without delay. Enable input-output memory management unit (IOMMU) features. Enforce secure boot protection and change full disk encryption keys on a regular basis. Quote of the Day "There are some things you could do to protect against evil maid attacks: use a strong password, set a password on the bios to prevent changes to the bios, only boot the system off of the hard drive and have some sort of tamper-evident alert if someone changes the hardware." - Nick Lewis   Trending Terms industrial espionage keylogger full-disk encryption physical security insider threat   Learning Center Keycard vulnerability threatens millions of hotel rooms A keycard vulnerability enabled researchers to create a master key to access every room in a targeted hotel, potentially putting millions of rooms at risk of a break-in. Why security incident management is paramount for enterprises The final component of achieving cybersecurity readiness is building a proper security incident management plan. Here's how to do it. Evil maid attacks: How can they be stopped? An evil maid attack can bypass full disk encryption and expose sensitive corporate data. Here's how to protect systems and data from evil maids. How IoT security is different from physical and conventional IT security There are a number of systematic differences that should make us view IoT security differently than physical security and even conventional IT security. Data center physical security gets a tougher look Data center physical security is increasingly a topic that is getting a closer look, with tough questions, from organizations seeking colocation space. Writing for Business An enterprise needs to have an overall plan to protect PII and secure _________ sensitive data. A. their B. its Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.