An evil maid attack is a method for an attacker to gain access to a computer by tampering with it in the user’s absence. By installing software such as keyloggers or hacked bootloaders onto the system, the user’s credentials (such as passwords) can be captured the next time the system is started up, and either stored locally (to be picked up later) or sent to the attacker using the internet. By capturing the user’s credentials, the attacker would be able to access even the most securely protected devices, such as those with full disk encryption.

The attack is given its name due to the fact that people frequently leave their computers or other devices unattended in their hotel rooms when they are travelling, leaving them at risk of being tampered with by those with access to their rooms (such as the hotel maids).

Although certain precautions can be taken against the attack, such as updating BIOS and using BitLocker, the only way to be certain that an attack has not taken place is to not leave the device unattended.

 

Last updated: 2 June 2018