Tuesday, October 27, 2009

The Legendary Evil Maid Laptop Thief

This is a not-so-far-fetched scenario. In this post on TechRepublic's IT Security blog, the mythical evil hotel maid uses her equally mythical handy-dandy Evil Maid USB Stick to boot up your laptop from your hotel room, circumventing your TrueCrypt disk encryption, and steals data from your laptop.

And, she gets away with it without you ever knowing it. You don't suspect anything when you get back to the room. The laptop is off and closed, just as you left it, before you headed out a few hours before.

Substitute the mythical maid for an industrial spy who social engineers his or her way into your hotel room, and you have a real-live data theft scenario, coming to a theater near you.

While the example in the blog post is about a workaround to defeat TrueCrypt, the basic idea is that someone with physical access to a box basically owns it. Today it might be bootable USB key, but yesterday it was a bootable something else, like a live Linux CD, such as Knoppix.

So, what's the best defense?

As an occasional road warrior myself, I never let my laptop out of my sight. Yes, that's right. The best lock is an eye. Wherever I go, the laptop goes. And, it never stays in the room during the day, when the mythical Evil Maid might come by.


Anonymous Information Security said...

Well if you handcuff it to your arm why do you need disk encryption?

12:46 AM  

Post a Comment

<< Home