We all are aware of the cyberhacking and phishing that takes place in the digital world. And safeguarding us from petty hacks is always a few clicks away. But what about real-world hacking like literally physically hacking into the hardware. Ever thought about that?
A security firm Eclypsium posted a video on Youtube shocking laptop users of the dangers of evil maid attacks.
Only under 5 minutes, researcher Mickey Shkatov was able to install a malicious firmware on a laptop by connecting a device directly into the chip which contains the BIOS/UEFI.
The programming device he brought with him cost around $285 and the generic backdoor is available on Github. The device is specifically build to flash BIOS of a PC or laptop with a backdoor, or a rootkit. After that it was pretty simple, he just opened up the laptop and attached the device to the firmware chip.
While all the major tech companies are doing everything in their power to secure users from hackers, it’s challenging to protect users against evil maid attacks. These are performed by hackers which have access to your room, house or they are very close to your laptop or PC. One big reason is that it’s difficult to detect physical attacks.
“Physical attacks are hard to defend against, and most people aren’t doing anything to defend against them,” John Loucaides, Eclypsium’s VP of engineering, told the MotherBoard.
According to John, an amateur who has access to an unattended PC would still take 10 to 20 minutes to figure out what backdoor to deploy for the specific computer once the device is plugged in.
John goes on saying “It’s not that hard of an attack to pull off as most people think. It takes less time and less effort than most people realize.”
As of now, there is no way to entirely fool-proof your laptop from any physical hacking. But the good side is raid attacks are infrequent and they would still need the victim’s laptop to initialize their unethical practices.