Dealing with Evil Maid attacks is important as overlooking it can lead to loss of your sensitive data and more. These type of attacks usually occur in public areas, hotels, and cafes. The attacker can be in the form of anyone - a stranger, a maid or some friend.
In 2018, Harry Sintonen, a senior security consultant from F-Secure had issued a fresh warning about evil maid attacks exploiting Intel’s Active Management Technology and other techniques.
The investigation showed that insecure defaults in Intel’s Active Management Technology (ATM) could lead to the ‘evil maid’ scenario. The issue in the ATM could allow an intruder to completely bypass login credentials in any laptop in 30 seconds. He said even a minute of distraction from the laptop was enough for an attacker to gain access to the target machine.
What is an Evil Maid attack - An Evil Maid attack is an attack in which attackers gain physical access to an unattended computing device for their malicious activities. A simple and common way of launching the attack is as follows:
The attack can pose a high risk for company executives, government officials and journalists as they possess a lot of confidential information. Whether the purpose of the attack is to change, steal or sell information, there is a high chance that the attacker can make changes to the device’s software in order to control the device remotely.
How is it different from the Evil Twin attack - The Evil Twin attack is basically a type of Wi-Fi attack. It occurs when a hacker places himself in the vicinity of a legitimate hotspot. Once it is set up, the victims identify the bogus SSID as the legitimate AP and connect their devices to it.
This simplifies the work of the attacker who can later collect personal or corporate information without the knowledge of users.
While both Evil Maid and Evil Twin attacks are intended at stealing sensitive information, Evil Maid attack can be limited by locking the device. The Evil Maid attack can occur only when a hacker gains physical access to the desktop or laptop.
Unlike the Evil Maid attack, Evil Twin attack occurs over wireless communication. Therefore, users must be cautious about connecting with public hot spots for web browsing and online shopping or banking. Corporate employees must connect the internet through a VPN while using free Wi-Fi in public places.
How to stay protected from the Evil Maid attack - The following preventive measures can help you stay safe from the Evil Maid attack: