Do Not Disturb app

Former NSA hacker and current macOS security expert Patrick Wardle has released this week an app named Do Not Disturb that can be used to detect "evil maid" attacks —a term used to describe unknown persons that leverage physical access to hack and steal data from a device.

Version 1.0.0 of the app, which Wardle is releasing through his website, was built explicitly for laptops and works by detecting "lid open" events.

According to Wardle, when Do Not Disturb detects a lid open event, it can take a series of actions, such as displaying a local alert in the hopes of scaring off the intruder; sending an alert to a remote Apple device (iPhone or iPad); logging the attacker's actions (creation of new processes, USB insertions, etc.), or running custom scripts that could wipe the device, disable the USB interfaces, or automatically re-lock the device every few seconds.

The custom scripts are not included with Do Not Disturb, and the user will need to provide or write them himself.

Do Not Disturb comes with an iOS companion app

Digita Security, the company where Wardle works, has also released an iOS companion app for Do Not Disturb. Users will need this app to link their devices to Do Not Disturb and receive the mobile notifications. The app is available via the Apple App Store.

Do Not Disturb alert

When users receive an alert on their iOS devices, the user can dismiss the alert if they're the ones opening the lid, order the laptop to take a picture of the intruder, or completely shut down the laptop.

Do Not Disturb iOS companion app

Future plans for Do Not Disturb's development include adding support for more than "lid open" events, in the hopes of preventing evil maid attacks that do not require intruders opening the lid. Alerting on power events and USB insertions are the directions that Wardle is currently exploring.

Do Not Disturb settings

 

Do Not Disturb settings

 

Do Not Disturb settings

 

Do Not Disturb settings

 

Image credits: Patrick Wardle

Related Articles:

Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More

macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files

Jamf Now Makes Managing & Protecting Apple Devices Simple

Method to View Contact Info on a Locked iOS 12.1 Device Disclosed

Mac CryptoCurrency Price Tracker Caught Installing Backdoors