In computer security circles, there is a growing consensus about the growing complexity of modern exploits and vectors of attack. There was a time when IT security experts could easily determine or detect if someone had tampered with a laptop; however, the sophisticated threats in use these days make this determination more difficult, particularly in the case of “evil maid” attacks.
Be Aware of “Evil Maid” Attacks
When laptops are physically tampered with in settings such as hotel rooms and airports, they are said to have been breached by an “evil maid.” These situations are more likely to happen in hotels where laptops are left unattended for a few hours; other settings for evil maid attacks would be at airports and during conferences. The attackers in these cases will gain physical access to a laptop by posing as housekeeping staff, airport security personnel or conference attendees.
In a recent article published by The Intercept, a website that specializes in activism, the disclosure of secret information and leaks, tech journalist Micah Lee explained how he set up a “honeypot” laptop to invite evil maid attacks at hotel rooms and airports over two years. Using various detection tools, Mr. Lee came to a few conclusions:
- First of all, he could not determine with absolute certainty if his laptop was compromised.
- Second, he determined that full disk encryption is one of the best protections against potential evil maid attacks.
- Finally, laptop users who handle extremely sensitive information may want to use secure operating systems that boot from USB drives such as The Amnesic Incognito Live System, known as Tails, or Whonix.
When a clever evil maid attacker realizes that a laptop has full disk encryption, he or she will still have at least one more software or hardware exploits to apply so that the system can be compromised the next time the laptop is accessed.
Protection Against Laptop Tampering
If you want to learn more about full disk encryption and securing data stored on your laptop when you travel, contact A Plus Computers in Apple Valley. With a solid system configuration that includes encryption, VPN, two-factor authentication, biometrics, or even a secure operating system such as Tails, your data will be safer against evil maid attacks.