Computer Alarm that Triggers When Lid Is Opened

"Do Not Disturb" is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering.

Wired article:

Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely. The app can also be configured to take more custom actions like sending an email, recording screen activity, and keeping logs of commands executed on the machine.

Can someone please make one of these for Windows?

Posted on April 24, 2018 at 6:04 AM • 32 Comments

Comments

meApril 24, 2018 6:27 AM

should i really make it? there is a windows event for "wake up from sleep mode" so you can run a application on wakeup and it can take photo or whatever you want but...
if you have a password on the account people will do nothing, and if they tamper with the pc for example by removing hdd and mounting it on other pc to read everything the app won't save you.

what i find more insteresting it's an anti theft system that respect your privacy (aka no trust to third party that can see wherever you go)
i did that program for me and i can geolocate the notebook with the wifi + reverse ssh for remote access even behind nat. but i never published it

RKApril 24, 2018 7:04 AM

PowerShell cmdlets for Pushover are readily available from the gallery. Just schedule a job (in the Task Scheduler) to listen to that event and have it call the Pushover cmdlet that sends a push message to your phone. No, you won't get the remote control functionality of that app, but the notification part can be easily achieved with little to no experience. If you want to, you can snap a picture as well, upload it to somewhere like your OneDrive/Google Drive and send a link to it along with the Pushover message.

GMSApril 24, 2018 7:05 AM

An IT trainer used this (or a similar) app to "secure" his macbook while he paused the training. Even while it was password protected, he still used these images to discourage people from browsing through his stuff by displaying the image the camrea had taken on the wall.

TomApril 24, 2018 7:11 AM

Let's see... a remotely-accessible screen capture and keylogger. What could possibly go wrong?

MyNameApril 24, 2018 7:12 AM

Most PC desktops I have worked on the last 10-15 years have this option in the bios to alert that the case has been opened when booting not sure if it is possible to trigger OS level events when that sensor is is tripped.

meApril 24, 2018 8:09 AM

@Tom
ye, it will be abused for sure, not to talk about security problem in developing it.

keinerApril 24, 2018 9:23 AM

@Tom

Common sense is not as common as one might assume... Brainless is the new smart.

David RudlingApril 24, 2018 9:43 AM

Superficially attractive idea but I have to say that I am 100% with Tom on this one.

Impossibly StupidApril 24, 2018 10:02 AM

It's times like that that I wish I could simply upvote @Tom and downvote the OC spammer. Although it sure would be nice for @Bruce to explain why he likes this idea . . .

D-503April 24, 2018 10:28 AM

The hard drive accelerometer has more entertainment value. The one on my most-frequently-travelled-with laptop has logged thousands of "free fall events". You can use it as an amateur seismograph[1]. It's probably easy to use it to log times that the laptop has been picked up or moved. The newest mac laptops lack this feature, drat.
[1] http://qcn.stanford.edu/
http://quakecatcher.net/about/sensors/macbook-pro/
"they may rattle about when a big one hits"

BooferyApril 24, 2018 10:42 AM

This seems trivial to thwart as all it takes is a cell phone jammer. They are not difficult to come by. Illegal, sure, but if one is into stealing/hacking stuff can't see how violating that specific crime is going to bother one given all the other crimes being committed.

Clive RobinsonApril 24, 2018 10:53 AM

@ Tom,

Let's see... a remotely-accessible screen capture and keylogger. What could possibly go wrong?

A better question would be "What could possibly go right?"

@ ALL,

Anyone remember back to when there was a lot of upset because a school technician installed anti-theft type software onto the school machines that the kids had to take home to do homework on. The notable feature of the software was it took photos.

Whilst we do not know for certain the press certainly assumed it was taking pictures of the students in their bedrooms etc.

But the other issue is do you want to be photographing yourself in various states of dishevelement and having it uploaded onto various "cloud" devices from the PC or phone you send them to? After all if Celebs get their selfies hacked there is no reason for others likewise not to have their photos hacked.

Also even if you use SSL etc the chances are the SigInt agencies will get to keep copies untill hell has not just frozen over but turned to metalic hydrogen.

Which brings us to the next point, as we know because of the very loose lips of certain USGov entities both the Dutch and Israeli sigint agencies have taken opportunity to activate the cameras on laptops of foreign nationals especialy those in their governments employ. There job would be way eaaier if as with the CarrierIQ debacle the software you used sent the photos etc to the Internet and they just snagged a copy in passing. Nice and covert and no way for you to know it's happening.

Oh and APT has been around for a while and we know that all Superpowers and many first world nations are into cyber-espionage in one way or another. History shows that the human MICE faillings are a good way to get people to act for a foreign power. There is a chance that your pictures could end up sitting in a folder with your name and number on it just waiting for you to be turned at some point...

It's the old J Edger "Hoover up all the dirt that's fit to blackmail with" technique brought upto date.

Paranoia Destroys YaApril 24, 2018 10:59 AM

Emailing a picture reminds me of iAlertU which haven't used in 5 years after the novelty wore off.

albertApril 24, 2018 11:12 AM

@MyName,
"...have this option in the bios to alert that the case has been opened..."

Exactly how does this work?
. .. . .. --- ....

JeremyApril 24, 2018 2:25 PM

I would have guessed that the majority of people are more likely to have an adversary get their phone than their desktop. If that's true, giving your phone the power to override your desktop doesn't seem like a security win.

jimboApril 24, 2018 3:55 PM

I don't know Apple Mac products but does anyone think this will catch any state action on your computer?
Why wouldn't they just unplug the power before opening the case? Why wouldn't they reset the case has been opened bios flag just like the authorized repair shop before turning it back on?

HmmApril 24, 2018 4:24 PM

@albert

"Exactly how does this work?" power mgmt event logging

Shutting down the computer remotely solves a few problems, takes a picture, good. Then what?

Laptop gets shoved into a lead-lined carryall and out the door it goes. Enjoy your memorialized photo!

TechnotronApril 24, 2018 4:28 PM

Few years ago Intel had built Anti-Theft Technology in Windows PCs. It had a countdown timer that the PC owner could set through a trusted website. The PC would periodically check with this website if it had been reported stolen. If not stolen, the website would reset the counter value. If stolen, the website would lock down the PC. If the PC couldn't connect to the website before the counter ran down, the PC would lock down by itself and wouldn't even boot past the full BIOS. The owner could unlock it through a passphrase. It shipped with a sticker that was supposed to deter a potential thief.

PGP took this further by storing their encryption key in the Intel chip. So even if the thief popped the laptop hard drive in another PC, they couldn't attack the encryption because there was nothing to attack.

Unfortunately, Intel gave this to McAfee, who then killed it.

EvilKiruApril 24, 2018 7:10 PM

@albert @MyName: Ah yes, removing the cover of such a desktop computer case would trip a switch connected to the motherboard, causing a bit to flip in the battery backed CMOS memory, even if the computer was powered down and unplugged from the wall. The BIOS would then complain about it the next time you booted it up.

MyNameApril 25, 2018 5:14 AM

And here's what you get at boot as long as the flag has not been reset.
http://motivation.tistory.com/741

Obviously you'd have set a BIOS password so the attacker could not just enter the BIOS and reset the switch after tampering with your PC

VinnyGApril 25, 2018 8:36 AM

@MyName, Albert, etc. - re: intrusion detection - Another possibly more concise link on chassis intrusiton detection:
http://www.dell.com/support/article/us/en/19/SLN18479
Dell "business class" systems all have (or had) this feature. Essentially useless in most environments, not so much for the ease of disabling in BIOS, but because of false alarms if maintenance is at all decentralised.
@Boofery re: cell phone jammer - I take you mean active jamming? For a much lower tech solution, it shouldn't take a lot of effort to concoct a highly portable Faraday cage.
How difficult could it be to identify the location of the switch triggered at laptop lid opening and devise a shim of some kind to ensure it doesn't trip? At worst, the app is a security risk in its own right, at best it seems to address a very narrow risk band. IMO the most likely result is fostering a false sense of security on part of laptop user...

CallMeLateForSupperApril 25, 2018 8:41 AM

@Clive
"Whilst we do not know for certain[,] the press certainly assumed it was taking pictures of the students in their bedrooms etc."

In the cases of Rhode Island schools, we *do* know for certain that the schools' laptops cum spyware took pictures of children in their bedrooms. Subsequent to the surveillance coming to light, the story, and at least one photo, made the press. One of my sibs lives in RI and has a child in primary school and one in middle school, so I was attracted to the stories (to put it mildly).

I don't recall the exact number of RI schools that participated in the free-laptop-with-spyware program - maybe a dozen school *districts* - but they ranged from Providence (north RI) to the southern coast.

Garret FrankApril 25, 2018 11:27 AM

The best use of this application was when someone posted a picture of the alert they got when their dog had opened the laptop while the user was away from home and was staring blankly into it.

albertApril 25, 2018 11:37 AM

@Everyone,
Thanks for responding to my question.

@VinnyG,
"...re: intrusion detection..." If I were responsible for my companys desktops, I'd want this tamper detector on all systems, for internal security protection*. All the old desktops I own have an actual tamper -protection- system, a latch that you lock with a padlock! Nowadays, a special tie-wrap, preferably with RFID, would do. Tamper -indicators- would be useful for travelers with laptops, even if they are 'burners'. You'd have to assume that they'd been compromised in some way, depending how long you were 'away'. So, pull the battery, and check it out when you get back home. I don't like the idea of traveling with any sensitive data.
With todays baked-in spy systems, have we reached the end of security as we have known it?

-----------
*My desktops would not have wifi access, USB ports, or removable disks. Whatever happened to thin clients?
. .. . .. --- ....

Yabba Dabba No WindowsApril 25, 2018 3:51 PM

Indeed, Windows 10.

I have never figured out if it is hubris, if he's taunting us, or simply lying.

VinnyGApril 26, 2018 2:57 PM

@Albert re: tamper prevention/detection - All great ideas! Unfortunately the effort to put the locks/tags/switches/settings in place and get lip service agreement to authorizing policy is the smallest part of the exercise. After that, you have to get management to commit the dollar and wetware recources necessary for monitoring, enforcement, and training. In my experience with several corporate employers, that's where it all falls down :(

albertApril 26, 2018 3:31 PM

@VinnyG,
I'm beginning to like the idea of thin-client systems for in-house use. Problem is, most companies allow the use of laptops in house. Even if they are 'company' laptops, it's a huge security problem. Docking stations replace desktops, and the company laptop doubled as an extra nice unit for personal use. I don't know what it's like now.
. .. . .. --- ....

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.