mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git
synced 2025-07-02 11:56:40 +00:00
add evil maid attack
This commit is contained in:
midas
parent
9854652f15
commit
0af7aa2b9c
1 changed files with 5 additions and 2 deletions
|
|
@ -200,8 +200,11 @@ in this post we are going to do a threat modelling exercise:<br><br>
|
||||||
<h3>Countermeasures</h3>
|
<h3>Countermeasures</h3>
|
||||||
This attack has the same issue as the previous one and could be deployed during a schedule maintenance at Bob's datacenter even if Alice was using a baremetal. If she were to migrate to such a setup, then ensuring a TPM is present on the motheboard and only signed firmware updates are accepted would be a first step. This wouldn't protect her from a malicious update signed with a legitimate key as some government agency could deploy.
|
This attack has the same issue as the previous one and could be deployed during a schedule maintenance at Bob's datacenter even if Alice was using a baremetal. If she were to migrate to such a setup, then ensuring a TPM is present on the motheboard and only signed firmware updates are accepted would be a first step. This wouldn't protect her from a malicious update signed with a legitimate key as some government agency could deploy.
|
||||||
|
|
||||||
|
<h2><b>Evil Maid Attack</b></h2>
|
||||||
|
<h3>Attack</h3>
|
||||||
|
With physical access to the server, a rogue technician could inject a rootkit into the UEFI to mainain persistance, running their code before the OS loads.
|
||||||
|
<h3>Countermeasures</h3>
|
||||||
|
A baremetal server in a physically locked enclosure such as ones used by payment processors in their datacenters would greatly reduce the likelihood of this attack. Again, Alice deems the current sensitivity of her data not sufficient to justify the costs.
|
||||||
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue