Let’s start with a simple question, what is Physical Security? and why it’s important?

Based on techtarget.com’s article:

Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

Physical security is often overlooked — and its importance underestimated — in favor of more technical threats such as hacking, malware, and cyber espionage. However, breaches of physical security can be carried out with brute force and little or no technical knowledge on the part of an attacker.

What are the components of Physical Security?

Physical security has three important components: access control, surveillance and testing. Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, bio-metric access control systems and fire suppression systems. Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors. Third, disaster recovery policies and procedures should be tested on a regular basis to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.

What are evil maid attacks?

According to Wikipedia’s article: An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it. If the targeted device is totally unlocked or unattended then it’s an easy job, but what if this device is “Turned-Off” or “Locked” like in our case? A simple glitch or a vulnerability in the targeted device could be exploited by the lovely evil maid if she knows exactly what she is doing and has the basic level of targeting. In this blog post we will show you a glitch ( or a vulnerability) we have discovered in the lock screen of macOS Mojave 10.14.1 that allows a physical attacker to snoop on what’s behind the lock screen. Before we head to the PoC video let’s imagine this attack scenario: You were checking your inbox and you suddenly stopped on one of the email messages you were reading before you forgot your car keys outside your home, you just took couple of minutes to go and grab it and when you came back you found your MacBook locked and everything is totally fine, but hmm wait, that 500$ gift card you just bough and you got its code in your email message is not valid anymore, What the hell just happened?!!!! Here, watch the PoC video to figure out what just happened (pay attention to the second #18 in the video very carefully):

You’ve missed it? Here is a clear view of what actually appeared before the user is able to write the password to login:

Unfortunately my old MacBook got corrupted and i couldn’t verify the fix because i replaced it with a faster Core i9 one with the latest Mojave 10.14.2 and i can’t even reproduce the issue anymore, i believe that the issue got fixed in Mojave > 10.14.2. Here is what came to my mind when i discovered this issue:

Yes it is a minor issue (if not an issue at all) and i totally agree with you when it comes to threat-modeling and risk analysis but trust me, it only takes a GLITCH!

Protect yourself against Evil Maid attacks Protecting against Evil Maid attacks in the first place is a matter of cautious before it became just a matter of software, to be aware of any evil surroundings, to not to have any unattended devices, to not to trust anyone/anything anytime and to strength your physical security fighting the evil maid attacks on a software-level we strongly recommend you to use solutions like “DnD by Objective-See”:

The solution is ideal for the security-paranoid users, it contains of two parts, a software you can install in your macOS and the other part is an iOS application (both of those parts are available to download from Apple’s Official AppStore) when opening the lid of your MacBook you will get a notification on your mobile phone you can also execute script on different events or for example take a photo of any MAID that touches your MacBook while you are away.

Keep an eye on our blog in the near future because we will be preparing and publishing a MEGA blog-post regarding macOS Security and how to protect yourself against evil-maid attacks along with other physical attacks with some cool tools made by our friends at @Objective-See Stay safe, till the next one

A minute if you please!

Building a website, API, an application or dealing with any kind of sensitive information? Anything related to the security and Safety of your business? Or already launched one without considering security? Worried about your personal security? Think twice before going public and let us protect your business!

apple glitch lock macOS Mojave Physical Security screen screen lock