James Thew - Fotolia
I've heard about several "evil maid attacks" recently. How do these attacks work, and what precautions should I take when traveling? Is full disk encryption enough to protect my data in case an attacker steals my laptop?
Full disk encryption (FDE) is not a panacea for data protection. There are a number of ways that FDE can be bypassed to access the encrypted data on a device. One way to bypass FDE is via an evil maid attack. An evil maid attack is when an attacker has physical access to a device such as a laptop; the owner assumes the device is safe in a hotel room, but an evil maid comes into the room and accesses the computer. Once accessing the computer, the attacker can install malware in the boot loader or keystroke logger to capture the password, and then return to the room later to access the data on the system.
Basically, the owner of the device is making an assumption about a security control -- in this case the device's physically security in a hotel room. The responsible party doesn't feel it needs to plan for what happens if that security control fails. Many people in information security make reasonable assumptions, intentionally and unintentionally, because they need to solve particular problems at hand using their available resources. Most do not have the luxury to do a comprehensive risk assessment for every device or scenario, such as a rare evil maid attack, but these assessments must be thorough and flexible to quickly adapt when risks and security controls change.
Full disk encryption is not enough to protect your data if an attacker gains access to your physical laptop. There are some things you could do to protect against evil maid attacks: using a strong password, setting a password on the bios to prevent changes to the bios, only booting the system off of the hard drive and having some sort of tamper-evident alert if someone changes the hardware. The simplest measure may be to always keep your device with you instead of leaving it in a hotel room or other unattended location.
Read more on how to change enterprise security programs based on new threats
Find out how banking malware can bypass two-factor authentication
Learn about the value of self-encrypting drives for enterprises
Dig Deeper on Disk and file encryption tools
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading