
Evil Maid goes after TrueCrypt - spahl
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
======
zargon
This is why your decryption boostrap should never be on the hard drive. It
should be on a usb stick along with your encrypted keys. This is elementary
"something you have + something you know" security. The evil maid can't patch
a bootloader that isn't there. And if he installs a keylogger, he's still out
of luck because he only has your passphrase, not your decryption keys. He
would also have to install a device that copies your key file somehow.

Sure, there are plenty of other attack vectors, but this takes the problem out
of the evil maid category.

~~~
decode
If you're assuming the attacker has physical access to your laptop, you can
also assume they have access your USB stick. Even the article admits this is a
problem:

"somebody who can get access to my Disk Hasher USB (e.g. when I’m in a
swimming pool), can infect it"

~~~
zargon
Are we talking about maids or spies? Compared to a laptop, USB sticks are
easier to keep in your wallet, lock in a safe, hide, swallow, etc. So I
disagree with that assumption. A maid would need quite a lot more resources to
track down both the laptop and the usb stick than the laptop alone.

~~~
pyre
I agree. People are still thinking of 'USB Sticks' as the actual pen drives
out there. Think of how small microSD cards are. There are USB microSD readers
that barely the size of the USB connector itself. That's so small it's
scary... and take the actual microSD card out of the reader and it's even
smaller. I could probably hold it in the side of my mouth while swimming in
the pool if I was really paranoid.

------
ax0n
Physical access can almost always be leveraged to full system access.

~~~
idlewords
What is of interest here is the small window of time required. You pretty much
have to be in constant possession of your laptop (or a USB key that you
religiously use to verify your boot record) in order to have any confidence
that it has not been compromised.

~~~
tptacek
The reality is, nobody is going to physically attack your laptop (just don't
bring your work machine to Black Hat). But there is an unacceptably high
probability that your laptop will get stolen; for instance, you will often
leave it in your car, where anyone with a cinderblock can get it in under a
minute.

TrueCrypt is about the guy with the cinderblock, not about stopping Joanna
Rutkowska from installing a keylogger.

~~~
idlewords
Cinderblock is so unwieldy! I'm more of a broken spark plug man:

<http://www.youtube.com/watch?v=wUgsi9gQBeA>

------
callahad
It seems like the easiest poor-man's solution would be to disable booting from
external devices, set a strong BIOS password, and fill the laptop's screw
holes with epoxy.

At that point, you only have to worry about the strength of the BIOS's
password-protection. Any other attempt at circumvention would be self-evident
thanks to the destroyed case or epoxy.

------
timf
Works on all OSs and only takes a few minutes: replace the laptop keyboard
with your own keylogging version. Or insert a device where the serial port
connects inside the laptop. Typical 'stealth' hardware based keylogging.

------
shin_lao
Full drive encryption is meant to protect against theft or loss, not against
trojan horses (be that hardware or software).

To protect against trojan horses you need an external validation mechanism or
a physical protection (be that a safebox or TPM, by the way the Truecrypt team
is wrong about TPM, it's much more difficult to temper than bytes on a hard
disk).

------
noonespecial
Whenever I suspect I might be somewhere where there's a keylogger running
(public terminal etc) and I absolutely _have_ to enter a password anyway, I
just use the mouse to enter it out of order (and click away to throw in some
random junk) while typing it in. Thwarts screen grabbers and keyloggers.

~~~
aniketh
wouldn't that just be defeated if the form post was intercepted?

~~~
noonespecial
Before it hit the local ssl? You'd have more to worry about than a keylogger
then.

------
visitor4rmindia
This is utterly fascinating. I use TrueCrypt and never dreamt that such a
simple attack even existed.

Sigh - privacy in the age of information seems to be an impossible dream.

~~~
mahmud
"There are two types of encryption: one that will prevent your sister from
reading your diary and one that will prevent your government." -- Bruce
Schneier.

Addendum: "Provided it's implemented well".

~~~
visitor4rmindia
Doesn't the OP sort of invalidate this? Any government should find it
reasonably easy to install this kind of a keylogger on your computer. It would
be quite easy to get a few minutes alone with your laptop.

------
ErrantX
I can cut this "insertion" time in half. :) Miniature camera pasted somewhere
discrete on the ceiling.

That even bypasses physical (lockbox) security.

(I liked the article but I think she waffled on a bit long about physical
security, which TC developers made a good point about, and TPM)

~~~
cellis
The problem with this is you're assuming the target will actually access his
encrypted data while in the hotel room.

If you really want to cut it in half, just kidnap him and hit him with this $5
wrench until he tells us the password. We're breaking laws, but hey, whose
counting?

~~~
ErrantX
your right; though your solution is even more shaky ;) I find screwdrivers
100% more effective.

~~~
hmmmm
<http://xkcd.com/538/>

------
dstorrs
There must be laptops out there with the feature that they lock closed and
require some physical opening token (key, combination, etc). Given a
sufficiently strong and tamper-evident locking mechanism, you wouldn't need an
external lockbox and this attack would be difficult or impossible. (Emphasis
on the "sufficiently", of course.)

~~~
by
The 'tamper-evident' aspect can be separate from the 'strong' aspect. You
could for example put the laptop in a tamper-evident bag.

<http://alertsecurityproducts.com/js2/eshop/prod_view?id=780>

------
chanux
Am I the only one who feel that trucrypt dev is just running away from answer
here.

Joanna Rutkowska: If I could arrange for a proper lock or an impenetrable
strongbox, than why in the world should I need encryption?

TrueCrypt Developer: Your question was: "And how can you determine that the
attacker has or has not worked with your hardware?" My answer was a good
safety case or strongbox with a good lock. If you use it, then you will notice
that the attacker has accessed your notebook inside (as the case or strongbox
will be damaged and it cannot be replaced because you had the correct key with
you). If the safety case or strongbox can be opened without getting damaged &
unusable, then it's not a good safety case or strongbox. ;-)

~~~
antirez
I don't think so. If the attacker got physical access to the hardware there is
very little you can do via software, given the architecture of normal
computers. So the only thing that makes sense is to find a way to detect
physical access, and currently the only one is to physically protect the
computer itself.

 _Edit:_ still there are a few tricks that can be done in theory. For instance
to flash a new bios modified in order to write some data in a given sector of
the disk if after the power up you don't press a special sequence of keys.
This makes the owner able to detect if there was access to the PC, and because
it's done in the BIOS even starting a different operating system from the CD
will not avoid the detection.

This is security by obscurity, but can work against Maids.

Another simpler, less effective, but still better than nothing approach is to
set a password in the BIOS. Unfortunately if I remember correctly a lot of
BIOSes used to have backdoors.

~~~
mhansen
I remember coming across machines with BIOS passwords... I'd groan as I
realized I had to open up the computer, and remove the little battery to reset
the password. Took a few minutes.

------
timf
This is like countless other social engineering attacks, getting people to
unwittingly enter their passwords (e.g. phishing) has a high ROI and physical
access just makes this very easy (e.g. ATM skimming).

~~~
idlewords
How is this a social engineering attack in any way? The point of interest here
is how rapidly an encrypted laptop can be compromised by an untrained person,
in a way that evades easy detection.

~~~
blasdel
Because it's 'compromised' by surreptitiously convincing the user to give you
the password.

~~~
pyre
That's no more social engineering than installing a hardware keylogger is.
It's a technical solution. Social engineering would be convincing the user
person-to-person to give up their password (as with a phone call).

Phishing scams and virus emails are social engineering in that they are
conning the user into taking an action. You're not 'conning' the user into
entering their password, you are just making it look like the system is normal
and the user is entering their password on their own (because they are looking
for access to the system). It would no more be a social engineering hack if
you were to make a duplicate laptop with _only_ a keylogger on it, and then
burst into the room guns-blazing once they tried to log in with the password.

Maybe I'm off here but most social engineering has to do with convincing the
user to trust 'you' where 'you' can be an unsolicited email telling them to
send money to Nigeria, or a person on the phone claiming to need their
password to 'reset their account.' In the case of this attack (or a
keylogger), they are trusting something that they already trust, their laptop.
You're not 'convincing' them to trust their laptop. You're just covering up
the fact that it's been compromised.

~~~
timf
You seem to want to limit the definition of social engineering to actually
coming into social contact with the password-giver.

The victim trusts the hotel, the social engineering I saw here is getting into
the position of being a maid (who is trusted to not mess with your stuff
(well, not by me but apparently by some)). Just like you can social engineer
yourself into any company in order to get at the machines and install a
keylogger.

In my original statement I did not do a very good job at how I am dismissing
the interestingness of the original blog post, but a keylogger insertion
(either software or hardware based) is a time tested technique,there is
nothing new here with the attack "payload."

So all I see is "how did the attacker get physical access" but did not flesh
this viewpoint out at all, and I apologize.

Think of it in terms of remote exploits and their payloads. Why discuss the
subtle differences between rootkit #1 vs. rootkit #2 and how each will screw
you: the problem is actually in the attack vector, not the payload. Once
you're in, the details are somewhat boring (relatively speaking).

------
fnid
Evil maid is modifying the boot record with a hook to their own code. If the
boot record where this function is located is hashed and verified at the next
boot, couldn't truecrypt alert the user to the compromise?

------
rbranson
Couldn't a secure token (ala RSA SecurID) theoretically be used in some manner
to prevent this attack?

~~~
hmmmm
Even easier to get around. Truecrypt uses your passphrase to decrypt the key
which is then used to decrypt the disk. With a ID tag it would just match the
tag generated number with it's own algorithm and then decrypt the disk . All
the evil maid would then have to do is add a line to the Truecrypt loader that
said if key=999 unlock anyway.

