Home / Tech / The Detect Evil Maid Attacks: Do Not Disturb

The Detect Evil Maid Attacks: Do Not Disturb

Among the best ways to undermine a computer is with physical access. A lot of us have likely left our laptops unattended (possibly in a hotel room while traveling?). It would be nice to know if somebody attempted to hack it! Do Not Disturb (DND) continually monitors your system for events that may indicate a precursor of”wicked maid” attack. Specifically, it watches for’lid open’ events.

If you’ve shut your notebook (and thus triggered sleep mode), nearly all physical accessibility attacks may need the lid to be opened in order for the attack to be successful. Such attacks could comprise:

Again, most of these attacks take a closed laptop to be opened…either to alert it (i.e. to process a malicious apparatus ) or for the attacker to interact with the notebook! As with any security tool, proactive or direct efforts to especially bypass DND’s protections will probably succeed. Additionally, any attack that does not require opening the lid of a closed laptop will stay undetected.

Future versions will expand DND’s observation and detection capabilities (perhaps alerting on electricity events, USB insertions, etc).

Do Not Disturb, can also detect unauthorized access by less evil adversaries…like one’s mother.

As soon as an unauthorized lid available event is detected DND will locally log this function. It may be configured to:

  • Locally exhibit an alarm
  • Remotely send an alarm to a registered iDevice
  • Execute a specified action (i.e. run a script, etc.. )
  • Monitor for interesting events, such as new procedures, USB insertions, new logins, etc..

Do Not Disturb, by design, does not differentiate between authorized or unauthorized lid open occasions. That’s to say, it is going to alert you any time your laptop’s lid is opened (unless configured, to ignore upon a successful touch ID authentication occasion ).

Compatibility: OS X 10.12+

About Julio Gray

Check Also

Microsoft Research Detours Package

Detours have been utilized by several ISVs and can be employed by product groups at …

Powered by keepvid themefull earn money