Do Not Disturb app

Former NSA hacker and current macOS security expert Patrick Wardle has released this week an app named Do Not Disturb that can be used to detect "evil maid" attacks —a term used to describe unknown persons that leverage physical access to hack and steal data from a device.

Version 1.0.0 of the app, which Wardle is releasing through his website, was built explicitly for laptops and works by detecting "lid open" events.

According to Wardle, when Do Not Disturb detects a lid open event, it can take a series of actions, such as displaying a local alert in the hopes of scaring off the intruder; sending an alert to a remote Apple device (iPhone or iPad); logging the attacker's actions (creation of new processes, USB insertions, etc.), or running custom scripts that could wipe the device, disable the USB interfaces, or automatically re-lock the device every few seconds.

The custom scripts are not included with Do Not Disturb, and the user will need to provide or write them himself.

Do Not Disturb comes with an iOS companion app

Digita Security, the company where Wardle works, has also released an iOS companion app for Do Not Disturb. Users will need this app to link their devices to Do Not Disturb and receive the mobile notifications. The app is available via the Apple App Store.

Do Not Disturb alert

When users receive an alert on their iOS devices, the user can dismiss the alert if they're the ones opening the lid, order the laptop to take a picture of the intruder, or completely shut down the laptop.

Do Not Disturb iOS companion app

Future plans for Do Not Disturb's development include adding support for more than "lid open" events, in the hopes of preventing evil maid attacks that do not require intruders opening the lid. Alerting on power events and USB insertions are the directions that Wardle is currently exploring.

Do Not Disturb settings


Do Not Disturb settings


Do Not Disturb settings


Do Not Disturb settings


Image credits: Patrick Wardle

Related Articles:

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives

Apple Announces macOS 10.14 Mojave With Dark Mode, Dynamic Desktop, Stacks, More

Apple Releases Security Updates for macOS, iOS, Safari, More

ProtonMail Launches Free ProtonVPN VPN Service For Macs

Apple Releases Security Updates for MacOS, iOS, and Safari