Less than an hour into a Tinder date in a Moscow restaurant last year, Patrick Wardle began to wonder about the laptop he'd left in his hotel room. Wardle had come to the city for a security meeting; as a former NSA staffer who'd worked on the elite hacking division known as Tailored Access Operations, he was paranoid enough to bring only a “burner” PC on his trip-up, carefully stripped of any sensitive datum. But when his date told him she was a former employee of Russia's Ministry of Foreign Affairs, the issues to became real for him: Had he been seduced out of his room so that someone could lay hands on that computer? And if so, would he ever know for sure?
Wardle never found evidence of tampering or malware on that burner machine. But he did keep thinking about so-called “evil maid” attacks, the classic security problem that computers are far more vulnerable to hacking when the attacker can get physical access to them. Like, tell, in a hotel room, while the computer's owned is ordering appetizers on the other side of the Moskva River.
Now Wardle's making his own best effort to grapple with that evil maid problem–if not to solve it, at the least to stimulate the job much more difficult. This week at the RSA security conference, he's releasing Do Not Disturb, an app for Mac laptops that tries to detect physical access attacks with a dead-simple safeguard: If person opens the eyelid of a MacBook running the tool, the app sends a notification to the owner's phone.
“The majority of' evil maid' assaults require an active, awake computer, ” Wardle tells. “So Do Not Disturb operates on your Mac and monitors for lid-open events, which are kind of a generic precursor for a lot of physical-access attacks. If someone tries to break into your device, it alerts you.”
Do Not Disturb runs a step further than merely the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a image snapped with the laptop's webcam to catch the perpetrator in the purposes of the act, or they can shut down the computer remotely. The app can also be configured to take more custom actions like sending an email, recording screen activity, and maintaining logs of commands executed on the machine.
Owners of modern MacBooks with TouchID can incapacitate Do Not Disturb with their fingerprint within a time window of a few seconds after opening the eyelid, to avoid setting off an alerting every time they open their laptop. Wardle is releasing the Mac app for free, though his company Digita plans to charge a $9.99 annual subscription for the accompanying iOS app once it's approved for the App Store. Those who don't want to pay that can simply use the email notification feature instead.