An evil maid attack is an act of hacking a device through physical access. The name refers to a scenario where a hotel employee compromises a laptop, smartphone, or tablet left in a room. Other versions of the evil maid attack include tampering by an airport employee during inspection or an insider attack on a coworker’s computer while they are out for lunch.
The most common targets of evil maid attacks are politicians, journalists, and senior corporate executives — individuals who have access to large amounts of confidential information.
Evil maid attack variations
The most common types of evil maid attack are:
- Data theft or installation of malware on a device that is not protected by a password;
- Compromise of the firmware or BIOS to steal the login and password, with the account credentials being sent to the hacker once entered, after which the hacker needs to physically access the device again to steal information;
- Direct access to the device’s memory obtained by sidestepping OS and BIOS security features (a DMA, or direct memory access, attack);
- Theft of the device and its replacement with a device that looks identical but is infected. As with compromised firmware, the malicious gadget sends the entered password to the hacker, who uses it on the original device.
How to prevent an evil maid attack
Experts recommend the following to avoid having a mobile device or a computer compromised in an evil maid attack:
- Avoid leaving your device unattended where it can be accessed by strangers;
- Protect your device with a strong password and set a minimal lock screen timeout;
- Use full disk encryption;
- Keep system software and device drivers up to date;
- If possible, set up the BIOS to restrict direct access to device memory through communication ports such as FireWire, Thunderbolt, PCI, and PCI Express.