Less than an hour into a Tinder date in a Moscow restaurant last year, Patrick Wardle began to wonder about the laptop he'd left in his hotel room. Wardle had come to the city for a security conference; as a former NSA[1] staffer who'd worked on the elite hacking unit known as Tailored Access Operations, he was paranoid enough[2] to bring only a "burner" PC on his trip, carefully stripped of any sensitive information. But when his date told him she was a former employee of Russia's Ministry of Foreign Affairs, the question became real for him: Had he been lured out of his room so that someone could lay hands on that computer? And if so, would he ever know for sure?
Wardle never found evidence of tampering or malware on that burner machine. But he did keep thinking about so-called "evil maid" attacks, the classic security problem that computers are far more vulnerable to hacking when the attacker can get physical access to them. Like, say, in a hotel room, while the computer's owner is ordering appetizers on the other side of the Moskva River.
Now Wardle's making his own best effort to grapple with that evil maid problem—if not to solve it, at least to make the job much more difficult. This week at the RSA security conference, he's releasing Do Not Disturb[3], an app for Mac laptops that tries to detect physical access attacks with a dead-simple safeguard: If someone opens the lid of a MacBook running the tool, the app sends a notification to the owner's phone.
"The majority of 'evil maid' attacks require an active, awake computer," Wardle says. "So Do Not Disturb runs on your Mac and monitors for lid-open events, which are