Former NSA staff member Patrick Wardle has a brilliant idea on how to find out if someone is tampering with a MacBook. His iOS app gives a warning when someone opens the lid. Wardle created the app because he believes he was lured to Moscow by a Tinder date for someone to hack his Mac in his hotel room.
Trying to gain access to an unattended Mac to procure, is called the "evil maid" ("evil maid"), as a chamberlain would be the ideal position to execute him. The Do Not Disturb (DND) app constantly monitors the Mac for events that may indicate a precursor to a "bad maid" attack. Specifically, attention is paid to open events.
Such attacks may be:
Local logon as root by exploiting a bug such as '# iamroot'.
Logging in locally using credentials collected by a hidden camera or
attempting to plug a device into a USB or Thunderbolt port. The latter, of course, is not necessarily associated with having to open the lid.
The Mac application is free, logs details of what has been done and allows the savvy user to run a script. If you want to receive notifications on your iOS device, you must use the associated app. It's free for the first seven days, and then a subscription of US $ 99 a month or $ 9.99 in advance will cost you $ 9.99 a year. The iOS application makes it possible to take a picture of the attacker via the Mac and transfer it. It also allows remote shutdown of the Mac.
Wardle is no stranger to the Mac scene. In 2015, he managed to bypass the gatekeeper security feature and run malware on the Mac. In 2016, he showed a Mac malware that can access live webcams and microphones. Last year, he found a way to extract plaintext passwords from the keychain.