Evil Maid versus the TPM

Posted by Ken Y-N on October 16th, 2009 at 03:44pm

No, it’s not the latest Halloween movie, but instead one part of a very interesting post on the Invisible Things Labs blog by Joanna Rutkowska on Evil Maid goes after TrueCrypt!

The Evil Maid scenario is a laptop computer with disk encryption left in a hotel room. The first day, the Evil Maid boots off a USB stick that adds a fake password prompt, then saves the password away until the next day, when she returns with another USB stick to retrieve the password. Many corporate PCs will have USB booting disabled, but the Evil Maid has already got that covered:

Q: I’ve disabled boot from USB in BIOS and my BIOS is password protected, am I protected against EM?
No. Taking out your HDD, hooking it up to a USB enclosure case and later installing it back to your laptop increases the attack time by some 5-15 minutes at most. A maid has to carry her own laptop to do this though.

This method can get passwords from just about all software full disk encryption, and also probably from BitLocker using the TPM, although steps could be taken to make it easier for the user to spot the hack. There’s a lot of comment on the post, but I cannot see a definitive answer on how well or otherwise the TCG Storage Workgroup’s Opal specification would handle this.

Tags: ,

Under TPM Tags: ,

Leave a Comment for Evil Maid versus the TPM

Required

Required, hidden

RSS Comments Feed RSS Comments Feed  |  Trackback this post

Recent Articles
Adverts

Tags
Blogroll
Categories