---
type: "term"
title: "Evil Maid Attack"
description: "A physical attack where an adversary with brief unsupervised access to a device (e.g., left in a hotel room) tampers with it — installing hardware keyloggers, modifying boot loaders, or extracting encryption keys."
resource: "tlctc:term:evil-maid-attack"
tags:
  - "glossary"
---
# Evil Maid Attack

A physical attack where an adversary with brief unsupervised access to a device (e.g., left in a hotel room) tampers with it — installing hardware keyloggers, modifying boot loaders, or extracting encryption keys. In TLCTC: the physical access step maps to `#8 Physical Attack`. Subsequent technical steps map to their respective clusters: installing a keylogger = `#8 → #7`, extracting credentials from the device = `#8 → #4`.

**Reference:** V1.9.1 Buzz-Word Refinement (#8)

See also: Physical Attack (#8), USB Baiting

---