Evil Maid Attack

This is a kind of cyberattack in which the hacker targets and attacks devices left unattended. Take an unprotected device, for example. The hacker will try to extract data or download malware onto it. But the evil maid attack can also work on protected devices, too, by tampering with them to bypass security and steal data.

How does the evil maid attack work?

  • The hacker physically accesses an unattended device, like a mobile phone or laptop the owner may have left in their hotel room.
  • If the device is not protected by passwords or encryption, the hacker will then attempt to extract any private files.
  • If the device is protected by encryption but has no password set, the hacker could try installing malware or modify the device’s settings to set up a secret way to attack at a later date.  
  • If the device does have password protection and is protected with encryption, the attacker could still tamper with its firmware to create a fake password prompt the next time the user loads the device up. This fake password prompt relays the victim’s legitimate details to the attacker and automatically deletes itself after a restart.
  • After the attacker is satisfied with their work, they will attempt to erase any trace of their actions and will even restore the original settings and delete any logs that may lead to suspicion. 

How to stop an evil maid attack

  • Do not leave your devices unattended.
  • Protect your hard drive with reliable encryption to block attackers from stealing your data.
  • Set up secure boot features to block unauthorised tampering to the device’s boot process and make sure your system only boots trusted software.
  • Use tamper-evident seals to alert you of any physical tampering.
  • Set up multi-factor authentication to block unauthorized access even if the attacker somehow obtains your password.
  • Frequently inspect your system to check for any signs of tampering, like any unexpected hardware upgrades or unfamiliar software.