Create an application which simulates the look of a full disk encryption boot prompt for password, then steals the password. The user merely assumes the machine had rebooted randomly while he or she was away.
How would one guard against such an attack? Perhaps a customizable prompt screen, an idea similar to the login screens with pictures used by banks to thwart phishing. However, we need to prevent the attacker from spoofing that.
Originally inspired by the Android system upgrade which reboots.
1 comment :
You could use S-Key; never using the same password twice would ensure you knew about breaks in sequence.
Post a Comment