Tripwire: Anti Evil Maid Defense
What are Evil Maid Attacks?
Evil maid attacks, first defined by Joanna Rutkowska (source), has been a difficult threat to people who care about their device security and personal privacy. In an evil maid attack, the attacker gets physical access to the target device when the user left it at home or in a hotel room. They secretly compromise the device in order to spy on the user's past and future activities, without the user ever noticing. Because physical access gives the attacker so much control, currently there is no software or firmware solution that effectively defends against evil maid attacks. Even though there are Secure Boot and Trusted Platform Modules (TPM), it is still possible for the attacker to install something like a hardware keylogger to bypass those defenses.
How can Tripwire help?
Tripwire is a robust monitoring system that defends against sophisticated adversaries. In comparison, traditional home monitoring products can only defend against burglars, who are not technically-sophisticated and only want to steal money. For higher-profile users, such as:
Developers of critical software (recall the xz backdoor)
High-ranking officials in businesses/organizations
Investigative journalists
Attorneys with high-profile clients
...
... continue reading