Show HN: Tripwire: A new anti evil maid defense

Summary

Tripwire: Anti Evil Maid Defense What are Evil Maid Attacks? Evil maid attacks, first defined by Joanna Rutkowska (source), has been a difficult threat to people who care about their device security and personal privacy. In an evil maid attack, the attacker gets physical access to the target device when the user left it at home or in a hotel room. They secretly compromise the device in order to spy on the user's past and future activities, without the user ever noticing. Because physical access gives the attacker so much control, currently there is no software or firmware solution that effectively defends against evil maid attacks. Even though there are Secure Boot and Trusted Platform Modules (TPM), it is still possible for the attacker to install something like a hardware keylogger to bypass those defenses. How can Tripwire help? Tripwire is a robust monitoring system that defends against sophisticated adversaries. In comparison, traditional home monitoring products can only defend against burglars, who are not technically-sophisticated and only want to steal money. For higher-profile users, such as: Developers of critical software (recall the xz backdoor) High-ranking officials in businesses/organizations Investigative journalists Attorneys with high-profile clients ... Traditional monitoring systems can't help them defend against strong adversaries (e.g. professional spies and criminal hackers). A strong adversary will likely disable/jam the network on the premise, and then compromise the target device and the monitoring system so that it looks like no intrusion was detected. Additionally, because most of the home monitoring products are for-profit and closed-source, it's possible that they have undiscovered security vulnerabilities. In general, the companies that develop those monitoring products cannot be much trusted either, given past cases where employees in those companies spied on the users. See: https://www.justice.gov/usao-ndtx/pr/adt-technician-pleads-...