TrueCrypt LogoOn Wednesday, I wrote about TrueCrypt, and the requirement to create a Rescue Disk if you were going to use System Encryption.  I  looked into that, as I was setting up a test laptop so I could try the “Evil Maid” attack on TrueCrypt System Encryption.

And by Jove!  The Evil Maid attack works.

In short, the Evil Maid attack is a way to grab someone’s TrueCrypt’s passphrase.  Have a look at this photo of my test laptop:
Evil Maid - Can this password be hacked

Now here’s the reality check.  You need physical access to the computer, twice.  Once to corrupt the TrueCrypt Boot Loader, and once again to recover the password.

But, provided you can get access, say as a hotel maid, you can render TrueCrypt security useless.  This attack reminds me of a company I used to work for, and their approach to when building keys get lost.

“Replace the lot, we can’t guarantee that they haven’t been copied while they’ve been out of our sight.”

Perhaps we need to start adopting that policy to TrueCrypt protected computers.

You can read about the “Evil Maid” attack, by Joanna Rutkowska and Alex Tereshkin, here.

Bookmark and Share