[tech] It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out … a deep technical dive into the difficulties around proving if a computer has tampered been with. ‘There is a sneaky class of attack, called “evil maid” attacks, that disk encryption alone cannot protect against. Evil maid attacks work like this: An attacker (such as a malicious hotel housekeeper, for example) gains temporary access to your encrypted laptop. Although they can’t decrypt your data, they can spend a few minutes tampering with your laptop and then leave it exactly where they found it. When you come back and type in your credentials, now you have been hacked. Exactly how an evil maid attack would work against your laptop depends on many factors: the type of computer you use, what operating system you use, which disk encryption software you use, and the configuration of firmware used to boot your computer, firmware which I’ll call “BIOS,” although it can also go by acronyms like EFI and UEFI. Some computers have considerably better technology to prevent evil maid attacks than others – for example, attackers have to do more advanced tampering to hack a Windows laptop encrypted with BitLocker than they do to hack a Mac laptop encrypted with FileVault (as of now, anyway) or a Linux laptop encrypted with LUKS.’
This entry was posted on Monday, October 22nd, 2018 at 11:35 am and is filed under Tech.