Skip to content

Trending tags

F-Secure’s Guide to Evil Maid Attacks

Adam Pilkey

15.02.18 2 min. read

UPDATED TO ADD: The guide has been updated to address new research about cold boot attacks.

Last year, F-Secure Senior Security Consultant Harry Sintonen discovered an issue with Intel’s Active Management Technology (AMT) that an attacker can use to compromise a laptop in less than a minute. The attack lends itself well to the notorious “evil maid” scenario – a class of attack that involves an individual (such as a maid) compromising hardware (such as a laptop) while it’s left unattended (such as in a hotel room).

While many might think they never leave their devices unattended, it’s very difficult to do this in practice. In fact, Harry points out that the AMT issue he discovered can be taken advantage of so quickly, that all it takes is for someone to distract the “mark” while a partner performs the exploit.

“Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete,” Sintonen says.

Attackers with physical access to a device don’t have to rely only on the Intel AMT issue. There are numerous ways they can compromise a device, such as cold boot attacks, replacing components with hacked ones, loading malicious software from a USB key or other peripheral, and more.

Given that these attacks can have a severe impact on organizations, it’s worth taking a few basic measures to protect devices (especially for employees that often find themselves working while away from the office).

That’s why F-Secure created a guide to evil maid attacks. The guide provides a comprehensive resource on how to harden devices against attackers that have physical access to devices.

The advice detailed in the guide ranges from simple things, such as fully shutting down your device instead of leaving it in standby mode, to more advanced protection methods, such as enforcing a secure boot process.

And while the guide notes that there’s no 100% protection against an evil maid attack, implementing the recommendations can make the attack so difficult that only the most skilled, determined adversaries will find it practical to use in a real scenario.



Adam Pilkey

15.02.18 2 min. read


Highlighted article

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.