Intel Xeon workhorses boot evil maids out of the hotel: USB-based spying thwarted by fix Ex-Intel security dragons have breathed fresh fire into the old maxim: if someone has physical access to your machine, you're pwned. US-based Eclypsium, founded by former Chipzillans Yuriy Bulygin and Alex Bazhaniuk, confirmed this week it is possible to pull off a classic evil maid attack against Intel-powered servers and …
Actually what's best is to use nailpolish with glitter or stripes photograph is and place to the photograph as an ad into a newspaper. That way you'll have a constant public hash of your security measure.
BTW there's little else you can do otherwise against "evil maid" attacks, since that maid can just as well replace the mainboard.
Of course the failure on Intels side is to expose the debug interface on some connector that's actually moderately usefull for other things, so removing it is hardly ever an option.
Maybe they should have used the game port - it used to carry MIDI signals if I recall correctly, which should be bidirectional so there's your comms interface right there; and I suspect the intersection of hardcore retro-gaming musicians and server admins is really, really, really close to the empty set...
"But then the system wouldn't boot as your encryption keys for Secure Boot are in the TPM."
If you just want got get around Secure Boot, that's trivial. You replace the whole computer with an identically looking one. This computer only asks the user for their password and sends it via radio to you. It will then pose as if the password is incorrect or the computer is broken.Then you have both the original computer and the password, which you can use to get all the data...
The pro attack then will swap the computer back, the user will think they momentarily forgot their password and will be to embarrassed to ever report it.
It it's not fixed by this fix, it'll be fixed by the next one. Or the one after that. Or the one after that. Or the one after that. Or the one after that. Or the one after that. Or the one after that. Or the one after that.
Look...its still less patches than Adobe Flash OK? You've removed Adobe Flash, ok.... hmmmm
Regards
Head of Intel Security
"Because security is important to somebody... somewhere.... I guess"
Hot glue gun is your friend. Fast. Safe. Very good insulator. Does not dissolve or otherwise damage the board. While easy to "inject", very difficult to remove without triggering a chassis intrusion alert and/or removing the server.
Just walk down the isle and perform a "firmware fix" on all the suspects.
How many JTAG interfaces are there in our tech, just waiting for somebody to pop the case open and replace the firmware. Why go to all the effort of hacking the OS, which might be secured with UEFI, when you can just replace the bios/firmware.
Most JTAG interfaces probably don't end in headers in production kit, but will still be there and easy enough to connect to with a 3d printed widget to align some wires.
Not much prevents this kind of attack from an evil maid, other than gluing devices together so badly they cannot be opened for repair. I guess that is another security plus for Apple...
Neat! Reminds me of the BOFH episode with the "luggable" that was filled with batteries and inverters to sabotage stuff at a tradeshow...
I would desolder the port from the main board, turn it around (people won't check) so you have less danger of connecting to the main board. Then connect AC to the pins as suggested above.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
