The “evil maid” hack can’t touch self-encrypting drives

evil maid 4There’s a new chink in the armor of software-based drive encryption – the Evil Maid Hack.  Privacy Digest explains how it works

Just like hacks before it (remember Cold Boot?), the Evil Maid doesn’t work on self-encrypting hard drives like those from Seagate.  That’s because encryption is hard-wired into the drive and automatically locks it when power is removed.  Nothing on the drive, including the bootcode, can be accessed without the user’s password.

The Evil Maid would be staring at a password entry screen, cursing away, unable to see let alone change the bootcode.

You can close this gap – in laptops, servers or storage systems – with self-encrypting versions of Seagate Momentus, Savvio, Cheetah, and Constellation drives.

2009-10-28T14:16:41+00:00

About the Author:

2 Comments

  1. andrew March 30, 2010 at 3:42 am - Reply

    I’m amazed more people don’t talk about these drives in the context of the ‘Evil Maid’ attack. Seems like the perfect solution to me.

  2. Mark Wojtasiak March 30, 2010 at 7:40 am - Reply

    I agree Andrew, but of course, I am biased. The ecosystem for encrypted drive technology is maturing everyday, so the day when this technology is mainstream is coming.

Leave A Comment