Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.
Joanna Rutkowska, a well-known security researcher known mostly for her work on low-level rootkits and virtualization, has published a tool that enables an attacker to boot a protected laptop from a USB drive, record the encryption tool's passphrase and then decrypt its contents without trouble. Known as Evil Maid, Rutkowska said the attack is simple enough to be pulled off by a hotel housekeeper and is effective against TrueCrypt.

The attack works like this: A laptop user, even one who is paranoid enough to power down his encrypted machine, leaves it alone for a few minutes. An attacker inserts the USB drive containing Evil Maid into the laptop and boots the machine from the USB drive. The tool installs a sniffer on the laptop, which will then log the encryption passphrase the next time the user enters it. The passphrase can be stored on the disk and then recovered by the attacker later.

The link for this article located at Threat Post is no longer available.