Evil Maid attacks are the one that is caused when a person accesses your computer device physically again and again when it is unattended.
In such attacks, the user does not have any idea about who looked into the computer. These might be pre-planned attacks which are characterized by the security exploit.
One such attack was done with Ex NASA’s hacker. Patrick Wardle who went to Moscow for a security conference and what happens next is discussed below.
Just before an hour or so, Wardle went for a tinder date. He remembered that he left his laptop in the Hotel room
But when his date actually told him that She was working for Russia’s Ministry of Foreign Affairs.
He thought that he is being trapped? So that someone could lay hands on his computer? And if so, would he ever know for sure? Yes, actually. He had heard many cases of Evil maid attack and already knew how hard it is to know if someone was actually exploiting.
Risks of Evil maid attacks
The attacker can easily access the laptop whether or not, the laptop has a password by a bootloader on a USB drive.
The evil maid then installs a keylogger to capture the encryption key of the machine. It’s easy for a person to get access with the help of hotel staff.
In this situation, the person gets physical access to one’s pc again and again.
The person involved in this type of attack has access to everything on the machine. It can be your personal information, saved passwords, important files.
Moreover, if you have saved your card info on the computer, It is an easy task for the Evil maid to get money from your account.
The person might steal all the info, photos, videos and all the document without letting you know.
The solution for Mac Users
Learning from his experience, Patrick Wardle has developed a mac app called Do Not Disturb. This app lets the user to remotely monitor his mac with his phone.
Wardle stated that this app sends a notification to the owner whenever the lid of Mac is opened.
Not only this, but the app also allows the owner to display a message on the screen. The user can also power-off the machine remotely through the app. But for all of that, it requires internet access. The Do Not Disturb iOS App can even snap a picture using the laptop’s webcam to catch the perpetrator in action.
This is the limitation of this app, that it works only on an active internet. Wardle also says that if the evil maid knows there is an app installed, they will think twice. Moreover, the app creates much of problems for the person who wants to access the computer. Eventually, there is no other solution which has high security like on this one.
Some important steps to prevent yourself from this type of attack:
- Always make sure to update firmware and OS on time. Just turn on auto-update if you can’t remember.
- Always use a strong password which should include all type of special as well as numerical letters.
- Set a password to BIOS/firmware so as to prevent changes to it.
- Enable secure boot protection and regularly change the full disk encryption key.
- Do not use unknown external unnecessarily.
- Never leave your peripheral or drives unattended.
- Set alerts whenever the hardware is changed.
- Enable the feature of the input-output memory management unit.
- Don’t let anyone access your room when you check in to hotels.
- Keep your laptop with you as much as possible.