Skip to main content

Security app created by ex-NSA staffer warns you if an attacker opens the lid of your Mac

Avatar for Ben Lovejoy  | Apr 27 2018 - 4:31 am PT
0 Comments

Macs aren’t easy to hack, and most attempts require physical access to the machine. Ex-NSA staffer Patrick Wardle has created a security app designed to warn you if someone tries to interfere with your MacBook, alerting you as soon as the lid is opened …

He created the app after he believes that he was lured on a Tinder date in Moscow in order to allow someone to attempt to hack into the Mac in his hotel room. An attempt to gain access to an unattended Mac is known as an ‘Evil Maid’ attack as a hotel maid would be in the ideal position to execute it.

Do Not Disturb (DND) continually monitors your system for events that may indicate a precursor of “evil maid” attack. Specifically it watches for ‘lid open’ events (idea credit: @thegrugq).

If you’ve shut your laptop (and thus triggered sleep mode), the majority of physical access attacks may require the lid to be opened in order for the attack to succeed. Such attacks could include:

  • Logging in locally as root, by exploiting a bug such as ‘#iamroot’
  • Locally logging in via credentials captured by a hidden camera
  • Inserting a malicious device into a USB or Thunderbolt port.

The Mac app is free, logging details of what was done and allowing you to execute a script, but if you want to receive alerts on an iOS device then you need the companion app. This gives you a 7-day free trial then requires a $0.99/month or $9.99/year subscription.

The iOS app allows you to view a photo of the attacker and remotely initiate a hard shutdown of the Mac.

Wardle grabbed the attention of the Mac world in 2015 when he found a simple way to bypass Gatekeeper and allow a Mac to run malware. In 2016, he demonstrated Mac malware that can tap into live webcam and mic feeds. Last year he found a way to extract plain text passwords from Keychain. Earlier this year he did a deep dive into some nasty malware that can take screenshots, download and upload files, and execute commands.

Photo: Cyberscoop

Check out 9to5Mac on YouTube for more Apple news:

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

Mac

Mac

Apple’s Mac lineup consists of MacBook, MacBoo…
Security

Security

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear

Dell 49-inch curved monitor

Dell 49-inch curved monitor