Security firm F-Secure has warned businesses of the dangers of so-called ‘evil maid’ attacks.
The company explained that these attacks – when an attacker such as a maid compromises devices by gaining physical access to them – should be seen as a significant threat to security.
In a new guide warning companies of the dangers, F-Secure said: “While the ‘evil maid attack’ represents a very specific threat with limited opportunity for exploitation (e.g. physical access), its impact can be profound.”
F-Secure explained that these attacks take the form of any kind of physical tampering, “regardless of the opportunity and location of the attack, aimed at obtaining either persistence on the victim equipment for future remote access, or immediate extraction of the desired data, such as the hard disk contents”.
These attacks are of particular concern because the main focus of most software security features is to protect against remote attack vectors, such as malicious websites or malware. However, the ‘evil maid’ attack scenario “changes the attacker perspective as physical access to the target hardware is achieved”.
Businesses are under threat because the majority of devices have not been designed with physical security in mind, therefore leaving them prone to such attacks.
F-Secure advised against leaving devices unattended, including USB drives, and avoiding plugging any found drives into devices. It has also warned businesses to ensure their hard disk contents are encrypted to maintain their confidentiality, which is “essential to mitigate any ‘evil maid’ scenario or, more likely, the loss/theft of your device and data”.
It is also recommended for companies to employ the appropriate level of mobile data management. This is particularly vital for businesses with remote workers who carry out their duties out of the office.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.