Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer
 Support Center > Search Results > SecureKnowledge Details
Support Center
 Print    Email
Check Point response to the "Evil Maid" attack

Solution ID: sk43119
Product: FDE / Pointsec PC
Version: R70
Date Created: 04-Nov-2009
Last Modified: 04-Nov-2009
Rate this document
[1=Worst,5=Best]
Symptoms
  • Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack.
Solution
Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack, as this particular program specifically targets the True Crypt boot code, and will therefore not work on Check Point FDE.
Note, however, that Check Point FDE is potentially vulnerable to this type of attack. A possible such attack, for example, could be a program that targets or mimics the Check Point login and boot process at an attempt to acquire credentials.
Currently there are no known programs that perform this type of attack on Check Point FDE.

Using two-factor authentication with Smart Cards to minimize the risk level of this type of attack makes it more difficult for the attack to succeed, but still not impossible. All a simplistic password sniffer such as the "Evil Maid" would get is the PIN to the Smart Card, however the sniffer cannot obtain the keys protecting the disk keys, which remain only on the Smart Card.
The "Evil Maid" attack requires physical access to the victim's device, therefore another form of mitigation would be to use a tamper resistant case for the device (e.g., a laptop) against this type of physical attack.

At its core, the "Evil Maid" program and all similar programs are malware. Further enhancements such as TPM support in Full Disk Encryption are needed to effectively protect against such malware attacks. Check Point plans to implement TPM support by using tamperproof hardware to detect attempts at manipulating BIOS, boot sectors, and boot code in our future release of Check Point FDE.

Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
Characters left: 2000