How to Defeat Full-Disk Encryption in One Minute

    Date20 Oct 2009
    Posted ByAnthony Pell
    Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too. Joanna Rutkowska, a well-known security researcher known mostly for her work on low-level rootkits and virtualization, has published a tool that enables an attacker to boot a protected laptop from a USB drive, record the encryption tool's passphrase and then decrypt its contents without trouble. Known as Evil Maid, Rutkowska said the attack is simple enough to be pulled off by a hotel housekeeper and is effective against TrueCrypt.

    The attack works like this: A laptop user, even one who is paranoid enough to power down his encrypted machine, leaves it alone for a few minutes. An attacker inserts the USB drive containing Evil Maid into the laptop and boots the machine from the USB drive. The tool installs a sniffer on the laptop, which will then log the encryption passphrase the next time the user enters it. The passphrase can be stored on the disk and then recovered by the attacker later.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.