The original article says: "A user can prevent such an attack by using two-factor authentication (RSA challenge-response implemented in a USB token) or e.g. one-time passwords, so that there is no benefit for the attacker to capture the keystrokes."
One notes that this would also solve the problem with hardware based key-loggers. It also says "Another suggested approach has been to keep your boot partition on a separate USB stick. This solution obviously doesn't take into account the fact that the attacker might install Evil Maid into your BIOS." But on most laptops, BIOS modifications can be password-protected - how does the maid get installed into the BIOS then?
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
usb sticks - a better solution?
Date: 2015-07-16 08:53 pm (UTC)The original article says:
"A user can prevent such an attack by using two-factor authentication (RSA challenge-response implemented in a USB token) or e.g. one-time passwords, so that there is no benefit for the attacker to capture the keystrokes."
One notes that this would also solve the problem with hardware based key-loggers.
It also says
"Another suggested approach has been to keep your boot partition on a separate USB stick. This solution obviously doesn't take into account the fact that the attacker might install Evil Maid into your BIOS."
But on most laptops, BIOS modifications can be password-protected - how does the maid get installed into the BIOS then?