How to Defeat Full-Disk Encryption in One Minute

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

Joanna Rutkowska, a well-known security researcher known mostly for her work on low-level rootkits and virtualization, has published a tool that enables an attacker to boot a protected laptop from a USB drive, record the encryption tool’s passphrase and then decrypt its contents without trouble. Known as Evil Maid, Rutkowska said the attack is simple enough to be pulled off by a hotel housekeeper and is effective against TrueCrypt.

The attack works like this: A laptop user, even one who is paranoid enough to power down his encrypted machine, leaves it alone for a few minutes. An attacker inserts the USB drive containing Evil Maid into the laptop and boots the machine from the USB drive. The tool installs a sniffer on the laptop, which will then log the encryption passphrase the next time the user enters it. The passphrase can be stored on the disk and then recovered by the attacker later.

Rutkowska said the Evil Maid tool is a very simple implementation that could be improved upon.

The provided implementation is extremely simple. It first reads the first 63 sectors of the primary disk (/dev/sda)
and checks (looking at the first sector) if the code there looks like a
valid TrueCrypt loader. If it does, the rest of the code is unpacked
(using gzip) and hooked. Evil Maid hooks the TC’s function that asks
user for the passphrase, so that the hook records whatever passphrase
is provided to this function. We also take care about adjusting some
fields in the MBR, like the boot loader size and its checksum. After
the hooking is done, the loader is packed again and written back to the
disk.

Simple enough, and no mean feat to prevent.

Suggested articles