I recently ran across an article published by well-knowned security researcher Joanna Rutkowska. She prepared a very detailed article on a new attacked she calls the "Evil Maid Attack" - named after a possible "vector of attack." An attack can be launched by an infected USB thumbdrive (full .img image available on the site), which is inserted into a powered-down laptop. The laptop is booted to the USB drive, and after 1-2 minutes, the hard drive is infected with the "Evil Maid Attack." The next time the owner boots his laptop and enters his encryption password, it is captured for retrieval. The attacker simply boots the laptop a second time, again with the infected USB thumbdrive, and the password is displayed.
A full explanation for how this attack works is on her website. (hint...first 63sectors of Physical drive, locates TrueCrypt loader, launches attack to hook the TrueCrypt function that asks for the password.....)
When the image is run against anti-malware programs, the following results were obtained:
VirusTotal 1/41 (Sophos)
Jotti's 1/21 (Sophos)
Like I said.....you have to think outside of the "logical box".
No comments:
Post a Comment