tag:blogger.com,1999:blog-24586388.post1384385046456881063..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: Evil Maid goes after TrueCrypt!Joanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger55125tag:blogger.com,1999:blog-24586388.post-80579889340846272112009-11-02T23:40:37.762+01:002009-11-02T23:40:37.762+01:00Brilliant proof of inherent insecurity - the TrueC...Brilliant proof of inherent insecurity - the TrueCrypt guy's answers were somewhat doofish though - if I have to carry a strongbox around with me, why pay for his product?<br /><br>The point of using an encrypted disk of course is to prevent infiltration - if it's just a minor inconvenience it might block a petty thief (so would the strongbox) but clearly an orchestrated effort yields results - and if you've got something valuable enough on your notebook, someone will orchestrate an attempt - although, with cheap teraflop parallel GPUs, evolving quantum algorithms, etc. if it's really valuable enough someone might put together enough horsepower to brute force and render the encryption on your disk meaningless anyway (with or without skimming your passphrase).<br /><br>Excellent article!!Unknownhttps://www.blogger.com/profile/01210959421235789329noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-52442781378129971492009-10-23T20:14:15.878+02:002009-10-23T20:14:15.878+02:00@Joanna,
Like @Sham and @Anonymous-MK, I too have...@Joanna,<br /><br />Like @Sham and @Anonymous-MK, I too have started booting from a USB key containing my kernel. In fact, I have no MBR or LUKS header on my internal HDD at all, just encrypted data. Click my name for details.<br /><br />The other nice thing this gives you is plausible deniability that there's even encrypted data present. Of course, if someone looks at the drive, you'll have to re-encrypt to prevent them from detecting only certain sectors have changed...<br /><br />Previously, I was hashing my /boot partition once I was booted, but that would have only detected tampering after the fact. I like your pre-boot method better, but if I'm going to boot off of USB, I might as well boot right into my OS.<br />--<br />PetePetehttp://peteslinuxtips.blogspot.com/2009/10/encrypting-your-hdd-with-plausible.htmlnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-33684867189344377212009-10-23T18:29:34.998+02:002009-10-23T18:29:34.998+02:00I know this may be a little moot, but much along t...I know this may be a little moot, but much along the lines of the USB Hasher, I've used the USB Bootloader (a Linux formatted USB stick) with a copy of the TC Recovery ISO boot image installed on it. Once I have suggessfully built that, I remove the TC bootloader from my laptop (thus replacing the TC BL with the original MBR), which BTW, you then have to reinsert the header data back onto the volume (which you do all of this with the rescue CD), and voila, you have a laptop with a non-booting HD, no TC bootloader, and a USB stick that you keep with you at all times for security. Yes, yes, I know, it follows the same risks as having the Hasher key stolen, so I also have a toughbook with a quickrelease HD.. :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-61760099838702634292009-10-23T18:21:10.786+02:002009-10-23T18:21:10.786+02:00@Anonymous: right now we're not planning on ma...@Anonymous: right now we're not planning on making our DiskHasher freely available.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-64804564555549501082009-10-23T18:11:23.576+02:002009-10-23T18:11:23.576+02:00Joanna, another user asked this, but I didn't ...Joanna, another user asked this, but I didn't see a reply:<br />Any chance of getting Disk Hasher from you folks?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-46228194271361413392009-10-23T16:41:54.003+02:002009-10-23T16:41:54.003+02:00I also expect the Evil Maid to copy the whole HDD ...I also expect the Evil Maid to copy the whole HDD when s/he infects the bootloader. That way she only needs to retrieve the password from the machine, not the whole HDD. This could be done via wifi, bluetooth, etc.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-91722874601105940452009-10-23T01:01:16.425+02:002009-10-23T01:01:16.425+02:00A general note to the last 30 or so people whose c...A general note to the last 30 or so people whose comments were rejected by the cruel moderator: <b>RTFA</b> (and other comments too), before posting. Also, keep in mind it's a technically-oriented blog, and let's keep it that way.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-35443665747079165922009-10-22T23:41:31.467+02:002009-10-22T23:41:31.467+02:00@Joanna "it is more difficult to break TPM, t...@Joanna "it is more difficult to break TPM, then it is to open a sealed envelope in a clear way"<br /><br />There is a very long history/study of breaking sealed envelopes; for example water vapor led to special glues and heat-sensitive ink...and so on. The problem for envelopes becomes control strength is inversely related to the number of times you can use one so you then must carefully maintain an inventory.Davi Ottenheimerhttp://davi.poetry.org/blognoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-451772191329157712009-10-20T10:28:44.725+02:002009-10-20T10:28:44.725+02:00Hi Joanna,
FYI, the fake Bitlocker prompt has bee...Hi Joanna,<br /><br />FYI, the fake Bitlocker prompt has been implemented by my colleagues, see <a href="http://testlab.sit.fraunhofer.de/downloads/Publications/Attacking_the_BitLocker_Boot_Process_Trust2009.pdf" rel="nofollow">their paper</a> if you're interested.<br /><br />See you in Hamburg next week.<br /><br />Cheers,<br /> Alexalechhttp://www.alech.denoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-18092691585499370882009-10-19T23:37:22.583+02:002009-10-19T23:37:22.583+02:00@Anonymous: unfortunately things like swimming poo...@Anonymous: unfortunately things like swimming pool activities, which might seem strange to many computer geeks, are examples of things that normal people actually do, and cannot be simply ignored. Plus this doesn't protect you against BIOS/firmware compromise.<br /><br />Good point about the sealed envelope though, it seems certainly better then carrying a strongbox. Although, personally, I still believe it is more difficult to break TPM, then it is to open a sealed envelope in a clear way (any "research" done in this area?).Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-7420770873041802492009-10-19T23:27:49.347+02:002009-10-19T23:27:49.347+02:00Great article! There are however two counter-measu...Great article! There are however two counter-measures that I don't see mentioned that are quite simple, yet effective:<br /><br />1. Install Windows on a SATA-stick, e.g. from OCZ, and always keep it in personal custody (except perhaps while in the pool). Only use the built-in HDD as a volume-encrypted secondary drive, if at all.<br /><br />2. Store the laptop in a sealed envelope when left unattended, e.g. in a hotel room. Easy to use sealings are available in many qualities, e.g. postal security tape, depending on your level of paranoia.<br /><br />In addition, of course also use the onboard TPM with all static measurements, enable BIOS admin & boot passwords, HDD ATA passwords (on secondary drives), etc, and never leave the computer unattended with Windows still in RAM.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-13294079874258240552009-10-19T23:20:35.560+02:002009-10-19T23:20:35.560+02:00@Vincent: Ignoring for the while the fact that TC ...@Vincent: Ignoring for the while the fact that TC doesn't support smart cards, or even keyfiles, for system disk encryption, still the problem with using a smartcard is that in most cases the decryption will be carried by the CPU and not by the smarcard for the performance reasons. Evil Maid can always catch the key if it gets to system DRAM.<br /><br />@Anonymous-smartass: the big deal here is about how cheap, fast, and simple this attack is.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-7452866038739610972009-10-19T23:14:44.716+02:002009-10-19T23:14:44.716+02:00I don't get what all the fuss is about.
The m...I don't get what all the fuss is about.<br /><br />The maid could just replace your computer with an identical-looking model (or swap drives, or set the bios to netboot, or whatever) that had a bogus password entry program.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-48406238635584432382009-10-19T18:30:44.062+02:002009-10-19T18:30:44.062+02:00If I have enabled 2-factor using smartcard with TC...If I have enabled 2-factor using smartcard with TC, does that make it safer since the evil maid need my smartcard to unlock my encrypted HDD?Vincentnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-8335626612379731122009-10-19T15:22:09.912+02:002009-10-19T15:22:09.912+02:00There is something similar to attack Sophos' U...There is something similar to attack Sophos' Utimaco, you can read the paper here: http://www.mentat-solutions.com/whitepapers/57-utimacosafeguardeasy45xuserpasswordloggingAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-89698947146931173732009-10-19T14:11:22.062+02:002009-10-19T14:11:22.062+02:00@Samyee: Your setup would not prevent compromise o...@Samyee: Your setup would not prevent compromise of the laptop (think e.g. Blue Pill Boot, instead of simple Evil Maid). This means the Maid can still infect your laptop and get access to any resource you will be accessing from your compromised laptop, no matter what authentication is used between the laptop and the other resource.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-86501869632168300732009-10-19T14:03:58.954+02:002009-10-19T14:03:58.954+02:00Run TrueCrypt on the backend server and then RDP i...Run TrueCrypt on the backend server and then RDP into it. It will foil Joanna's attack, unless the hotel maid can sneak into the data center server. In our POC of deploying TrueCrypt on Microsoft Presentation Virtualization (Present-V), the keyfile is stored in the user smart token (in user's possession) while the process is always on 24x7 at the backend terminal server (i.e no boot-up process). <br /><br />See my blog: http://networkerslog.blogspot.com/2009/10/truecrypt-on-present-v.htmlsamyeehttps://www.blogger.com/profile/00953121441659794088noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-8947537817192877252009-10-19T12:50:17.070+02:002009-10-19T12:50:17.070+02:00@Think Secure & @Joanna,
"HDD Lock" ...@Think Secure & @Joanna,<br />"HDD Lock" or simply ATA Password is very easy crackable on 97% of HDDs. The mechanism of this in laptops is that BIOS stores a correct ATA password for a given HDD. When you swap disks, BIOS-stored password and HDD password will not match. Some RAID controllers will also setup vendor-default password on any connected HDD.<br />You can use ATA terminal to exploit flaws in HDDs firmware and recover the password. On some HDDs you can use standard 0x20/0x21 ATA commands, but you have to send special 'unlocking' command first (for example, 57 44 43 00 00 a0 8a). So - don't think ATA password is some kind of security. It's an ilusion of security.everyday_normal_guynoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-89140341558718255732009-10-19T12:15:37.632+02:002009-10-19T12:15:37.632+02:00@Vincent: Digisafe looks interesting indeed.@Vincent: Digisafe looks interesting indeed.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-35178911222363964492009-10-19T12:08:54.782+02:002009-10-19T12:08:54.782+02:00Hi,
I think this (http://www.digisafe.com/product...Hi,<br /><br />I think this (http://www.digisafe.com/products/products_DiskCryptMobile.htm)maybe a better product as compared to Datalocker.<br /><br />DiskCrypt store its keys in the smartcard instead of in the device itself such as Datalocker.Vincentnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-75945089828004173772009-10-19T11:55:22.336+02:002009-10-19T11:55:22.336+02:00@Vincent: unless McAffe uses some hardware-based s...@Vincent: unless McAffe uses some hardware-based supported integrity checking technology, e.g. TPM-supported trusted boot, then it is vulnerable. We don't necessarily need to understand the FDE's loader code in order to implement Evil Maid-like sniffer. Instead, we can implemented the sniffer as a resident keylogger, e.g. using interrupt hooking, or in a more modern way, using Blue Pill Boot approach.<br /><br />@Hamid: keep in mind that BIOSes have long history of "admin" or "support" password backdoors... Relaying on BIOS to secure your laptop is a bit of a stretch to me...Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-3031660480152077742009-10-19T10:07:31.205+02:002009-10-19T10:07:31.205+02:00As of "poor man's solutions" section...As of "poor man's solutions" section you've mentioned protecting BIOS and in comments I see points to password protected (read locked) hard disks.<br /><br />Locking HDD with password will prevent plug-it-in-another-system case. I've previously played with this protection and there`s really no easy software based way to bypass it. Considering you have enough time, changing HDD chipset board with an unlocked (& same brand/model) one is a solution but it`s not always possible in hotel situations & also not working for all brands.S. Hamid Kashfihttps://www.blogger.com/profile/08049067812791150826noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-38297585266864114992009-10-19T08:35:40.030+02:002009-10-19T08:35:40.030+02:00For all who speak German: in his blog Michael Ritt...For all who speak German: in his blog Michael Ritter came up with a rather simple interim-solution (until the stubbern TC-developers do something about it): he wrote a batch file checking the first 63 sectors of the boot drive for manipulation at every logon. If you see a manipulation, re-write the bootloader, re-encrypt your drive (new master key) and Bob's your uncle. I like it!<br /><br />http://www.sicherheitsblog.info/blog/index.php?/archives/249-2009-10-17.htmlLancenoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-25398413118730017682009-10-19T03:57:27.787+02:002009-10-19T03:57:27.787+02:00Do you think it will worked against other HDD encr...Do you think it will worked against other HDD encryption solution such as Mcafee Safeboot? This seemed to be a very strong solution and often use by enterprise and maybe some government agencies.<br /><br />Does it mean we need to understand the function call used by Safeboot for the passphrase during preboot in order to modify Evil Maid to hook to it?<br /><br />http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/endpoint_encryption.htmlVincentnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-48303127492700542482009-10-18T21:42:55.774+02:002009-10-18T21:42:55.774+02:00@Anonymous: The "Immutable MBR" solution...@Anonymous: The "Immutable MBR" solution would not work, because all FDE loaders take more then just one sector.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.com