Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Check Point response to the "Evil Maid" attack

Solution ID: sk43119
Product: FDE / Pointsec PC
Version: R70
Date Created: 04-Nov-2009
Last Modified: 04-Nov-2009
Rate this document
  • Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack.
Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack, as this particular program specifically targets the True Crypt boot code, and will therefore not work on Check Point FDE.
Note, however, that Check Point FDE is potentially vulnerable to this type of attack. A possible such attack, for example, could be a program that targets or mimics the Check Point login and boot process at an attempt to acquire credentials.
Currently there are no known programs that perform this type of attack on Check Point FDE.

Using two-factor authentication with Smart Cards to minimize the risk level of this type of attack makes it more difficult for the attack to succeed, but still not impossible. All a simplistic password sniffer such as the "Evil Maid" would get is the PIN to the Smart Card, however the sniffer cannot obtain the keys protecting the disk keys, which remain only on the Smart Card.
The "Evil Maid" attack requires physical access to the victim's device, therefore another form of mitigation would be to use a tamper resistant case for the device (e.g., a laptop) against this type of physical attack.

At its core, the "Evil Maid" program and all similar programs are malware. Further enhancements such as TPM support in Full Disk Encryption are needed to effectively protect against such malware attacks. Check Point plans to implement TPM support by using tamperproof hardware to detect attempts at manipulating BIOS, boot sectors, and boot code in our future release of Check Point FDE.

Give us Feedback
Rate this document
Additional comments...(Max 2000 characters allowed)
Characters left: 2000