Macs aren’t easy to hack, and most attempts require physical access to the machine. Ex-NSA staffer Patrick Wardle has created a security app designed to warn you if someone tries to interfere with your MacBook, alerting you as soon as the lid is opened …
He created the app after he believes that he was lured on a Tinder date in Moscow in order to allow someone to attempt to hack into the Mac in his hotel room. An attempt to gain access to an unattended Mac is known as an ‘Evil Maid’ attack as a hotel maid would be in the ideal position to execute it.
Do Not Disturb (DND) continually monitors your system for events that may indicate a precursor of “evil maid” attack. Specifically it watches for ‘lid open’ events (idea credit: @thegrugq).
If you’ve shut your laptop (and thus triggered sleep mode), the majority of physical access attacks may require the lid to be opened in order for the attack to succeed. Such attacks could include:
- Logging in locally as root, by exploiting a bug such as ‘#iamroot’
- Locally logging in via credentials captured by a hidden camera
- Inserting a malicious device into a USB or Thunderbolt port.
The Mac app is free, logging details of what was done and allowing you to execute a script, but if you want to receive alerts on an iOS device then you need the companion app. This gives you a 7-day free trial then requires a $0.99/month or $9.99/year subscription.
The iOS app allows you to view a photo of the attacker and remotely initiate a hard shutdown of the Mac.
Wardle grabbed the attention of the Mac world in 2015 when he found a simple way to bypass Gatekeeper and allow a Mac to run malware. In 2016, he demonstrated Mac malware that can tap into live webcam and mic feeds. Last year he found a way to extract plain text passwords from Keychain. Earlier this year he did a deep dive into some nasty malware that can take screenshots, download and upload files, and execute commands.