There was this recent article (here in HN) about these "evil public charging ports that can hack your smartphone" and how there is an entire ecosystem of devices to protect against them.... when in practice no one has heard about any one single example of such evil charging port, and that in practice carrying out such attack is so target-specific and leaves so many warnings signs that the entire thing sounds implausible to say the least.
These evil maids are even more implausible than that. Has to be ridiculously targeted. If you are really targeted by such a powerful state-like entity, wouldn't it make much more sense for them to just send a NSA letter to Intel (or whatever the weakest link in your chain is, and there are plenty of extremely weak chains here, like the BIOS manufacturer) and/or backdoor the hell out of it?
Secure Boot was never about security for normal users nor security for the majority of us. This is like https://xkcd.com/1200/ all over again. At the point the attacker can write arbitrary bytes to your hard disk, its way past the point where the majority of users care.
It's not just about evil maids and physical access. Even if you did get root level RCE, you did not have access to screw with hardware security. With the UEFI keys, you suddenly have a whole new level of persistence, meaning that if you ever get pwned, you can basically throw your hardware in the trash, because even a system level wipe will not be a guaranteed way to clean malware.
If your attacker has root, and your system allows flashing the BIOS from root (many do), he can simply disable Secure Boot, or enroll one extra signature -- his. If the system doesn't allow flashing a BIOS even if an attacker has root access, then Secure Boot makes no difference whatsoever.
What does the boot rom have to do with the root user of an operating system? How does root help you disable secure boot if there is a password to change UEFI settings for instance?
At the point where you have root you basically won. You can ship user’s data elsewhere. You can install a key logger. You can empty their bank account.
But yes if the OS also let’s you change the boot ROM then you can make your root access semi-permanent.
All smartphones use ARM and USB and Android, and _even then_ the evil USB charging port is targeted -- you still have to tailor it to the target's screen ratio, Android version, Android UI/skin, even launcher if they have one, etc.
> it'd just be a matter of replacing a binary with a iffy'd version that runs before any decryption happens, e.g. replacing plymouth.
You'd at least need to imitate the UI your target is using for unlocking the disk (e.g. plymouth theme). Then, after the user types something, either virtualize the rest of the boot process (which is already extremely implausible), or otherwise reboot in a way that does not immediately cause the user to be suspicious. All of this is as targeted as it gets. A generic version would get as far as your average phishing email.
But... how do you plan to replace my bootloader in the first place? You'd need root access for that. At that point, it is already game over for the target! Why would you need to tamper with the bootloader at that point?
Or are you thinking about breaking into my house and do that in my offline computers ? How is that not a "targeted attack" ?
adding `store password somewhere` doesn't get in the way of plymouth's theming (which is separate), it doesn't change the rest of the boot process, etc etc etc etc etc, its taking an open source project, adding some lines to it, compiling, and swapping a binary out. Why would it need to any of this other stuff?
> You'd need root access for that. At that point, it is already game over for the target! Why would you need to tamper with the bootloader at that point?
Yes that is the crux of the Evil Maid attack, a drive-by install of software. e.g. at a coffeeshop while one is on the toilet, at an office, at a hotel by an evil maid, etc etc. AEM is about detecting changes in trust: if the loading sequence is changed, then the verifier (another device like a usb dongle) can't verify (since the TPM can no longer unlock the prior secret due to the chain changing).
You might want to look into the article I linked in my earlier comment to get the full idea of what is meant by evil maid
> Yes that is the crux of the Evil Maid attack, a drive-by install of software. e.g. at a coffeeshop while one is on the toilet, at an office, at a hotel by an evil maid, etc etc.
If the laptop was left online and unlocked: What do you expect to gain by installing a patched plymouth versus installing a traditional remote control software and/or keylogger ? You don't even need root for the latter!
If the laptop was left locked: do you plan to open the laptop, remove the disk, transfer some files to it (matching the same distro & version of all components your target was using, otherwise the entire thing may just crash or look different and reveal the attack), hope the target doesn't notice his laptop was literally taken apart (most laptops just can't be opened at all, for the ones which can, even mine has a simple open-circuit tamper detector...), then come back in the future _and do the same_ again to recover the captured password? And how is this not a ridiculously targeted attack?
Besides, at that point, you could simply install a wiretap on they keyboard, an attack which unlike the evil maid crap I have seen _millions_ of times in the wild (e.g. at public pinpads, card readers at gas stations, etc. ).
I agree that this is the reason, but having Intel as the guard only makes it so that it could have already been hacked/leaked/bypassed and you never know.
At least if it was user controlled we can ensure that other people's leaked keys don't bypass our security.
If it's user controlled what stops an attacker from bypassing it as the "user"? Most people just want to have a secure device and will not think about security, not want to do any work to secure their device.
"The name refers to the scenario where a maid could subvert a device left unattended in a hotel room – but the concept itself also applies to situations such as a device being intercepted while in transit, or taken away temporarily by airport or law enforcement personnel. "
I genuinely hate this "cute" yet condescending name. Maids are on the low skill low wage end of the spectrum. Even if there is a motive to mount a physical attack, possibly a targeted one, it will either be performed by a person impersonating a maid or with the help of an operator giving instructions. So, either an "evil" maid who is not really evil, or an evil "maid" who is not really a maid. Contrived, inaccurate and demeaning.
Most people don't choose low paying physically demanding jobs when they can paste together stack overflow answers.
That said, "Evil Maid" fits here because of that - they are no someone that you expect to need technical protections from but theoretically they could be a genious adversary or just hired by one.
I tend to agree with your analysis. But that is precisely my beef with the term. You seem to be saying that the term fits _because_ it describes a population that violates security expectation, _because_ it is "generally not smart, except for theoretical surprises" or "easy to hire for nefarious purpose". Neither one is very flattering, neither one equates to "evil" and neither one applies specifically to maids. A neutral term would have been an "adversary with temporary physical access" but that is not nearly as catchy.
Its definitely on the high end of attacks and a bit unlikely, but i dont think its exclusively nation states. Well within the reach of thieves who want to steal your bank info or something.