Support Center > Search Results > SecureKnowledge Details
Check Point response to the "Evil Maid" attack Technical Level
  • Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack.
Check Point Full Disk Encryption is not vulnerable to the "Evil Maid" attack, as this particular program specifically targets the True Crypt boot code, and will therefore not work on Check Point FDE.
Note, however, that Check Point FDE is potentially vulnerable to this type of attack. A possible such attack, for example, could be a program that targets or mimics the Check Point login and boot process at an attempt to acquire credentials.
Currently there are no known programs that perform this type of attack on Check Point FDE.

Using two-factor authentication with Smart Cards to minimize the risk level of this type of attack makes it more difficult for the attack to succeed, but still not impossible. All a simplistic password sniffer such as the "Evil Maid" would get is the PIN to the Smart Card, however the sniffer cannot obtain the keys protecting the disk keys, which remain only on the Smart Card.
The "Evil Maid" attack requires physical access to the victim's device, therefore another form of mitigation would be to use a tamper resistant case for the device (e.g., a laptop) against this type of physical attack.

At its core, the "Evil Maid" program and all similar programs are malware. Further enhancements such as TPM support in Full Disk Encryption are needed to effectively protect against such malware attacks. Check Point plans to implement TPM support by using tamperproof hardware to detect attempts at manipulating BIOS, boot sectors, and boot code in our future release of Check Point FDE.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document