Evil Maid and the Challenges of Full Disk Encryption

Joanna and the crew over at Invisible Things have posted a tool to demonstrate how trivial it is to circumvent full-disk encryption products. Evil maid requires that you have access to the machine and can boot it using a usb-stick with the software installed. It then is able to transparently record the user's passphrase for the disk.

This is another example of how full-disk encryption products need to be architected carefully to ensure that problems like this can be considered and controls put in place to avoid them.

Comments

Karton said…
Can we use modified evil maid to protect our laptop?

If that program inject code, we can using it appending it back(i think).

Analogical, can't we use blue pill to on a usb to prevent us against it?

Popular Posts