قالب وردپرس درنا توس
Home / Tips and Tricks / The Paranoid Mac User Guide to Stop Remote Snooping and Evil Maid Attacks «Null Byte :: WonderHowTo

The Paranoid Mac User Guide to Stop Remote Snooping and Evil Maid Attacks «Null Byte :: WonderHowTo



If you are concerned about the safety of your Mac, you can easily prevent the most dangerous attacks. Named for the tactics of accessing an unattended computer in a hotel room, with Do not Disturb and LuLu, Objective-See's free macOS tools, we can keep an eye on the unattended computers and display suspicious network connections that suggest "evil." Girl "being attacked A malware infection.

Evil Maid attacks are a real problem.

In a bad maiden attack, someone can access your computer when you're away. An example of this is a company executive at a business dinner in China, whose laptop full of corporate secrets is safely stowed in the hotel safe. A motivated attacker could exploit this unattended device by accessing the hotel safe, inserting a USB key into the laptop and booting from the drive to bypass passwords securing the device.

These attacks are common in some countries where valuable intellectual property of laptops makes business travelers susceptible to uncontrolled interference with electronics. The scary thing about these attacks is that it's often impossible to know if someone has accessed your device while you're away, and you do not know what's happened to your laptop since you last accessed it.

Malware & Remote Connections

When a malicious maid manages to transfer malware to a computer, it usually has to connect to a command and control server to take orders and upload stolen data. This feature is not intended only for malicious maid attacks because malware must connect to a remote device to be useful. Although there are many different types of malware for MacOS computers, because of the common feature that we need to connect to a remote server, we can identify malware on our system trying to connect.

Some Other Details Can Make The Difference A regular program that tries to check for updates and malware to download instructions. Applications that are not properly signed, that have VirusTotal-flagged processes, or links to suspicious URLs can potentially detect malware.

Detecting Threats Based on Their Behavior with LuLu & Do Not Disturb

Written by former NSA hacker Patrick Wardle, LuLu and Do Not Disturb are tools for macOS that allow a user to keep track of security. Do Not Disturb looks for nasty attacks by maids and allows the user to receive a warning and a photo from the webcam when their MacOS device is opened with an iOS app. When this option is enabled, a log of what the user has done each time the device is accessed and opened will open a record of what the user is doing so that you can play back whenever you are away from your computer.

Watch for Malware Connected LuLu is a remote command and control server and firewall that generates alerts for outbound network connections and gives the user the last word on which connections to make from their computer , After setting up a whitelist with programs that are allowed to connect, LuLu saves the user settings and only flags new outgoing connections for review. When Malware is installed on the device, LuLu marks the connection attempt while trying to connect to upload stolen files or receive further instructions.

What you need

To install and not disturb LuLu, you need a fully updated MacOS device and a network connection. We will download it from [Objective See website] where you can find more fantastic free security tools for macOS.

These tools should be noted that they can generate quite a few warnings. First of all, LuLu must be explicitly informed which programs can and can not connect. Before you set the whitelist, this can get a little annoying. Worse, if you ignore these warnings, they're no longer useful. Therefore, make sure you find the right balance between transparency and alarm fatigue associated with these security tools.

Step 1: Download LuLu

First, we will navigate to the Download page of Objective Lake for LuLu. Here we see the download link under the LuLu symbol in the upper left corner. Click on it to download the installer.

If the installer is in your Downloads folder, double-click the LuLu Installer.app file to open the installation menu and enter your password to authorize the program to install.

Step 2: Install and configure LuLu

In the LuLu installer, click Install to complete the installation process.

When the process is complete, a message appears stating that a reboot is required to complete the installation. Restart your device and you should be ready to use LuLu!

Step 3: Setting Rules for Network Connections

If your macOS device has restarted, open the LuLu app to the list of network rules , Applications are divided into different categories, eg. Apple apps, third-party apps, and user-installed apps. In this menu, you can revoke the permission or change whether an app is allowed to connect or not.

Whenever a program attempts to connect, LuLu attempts to find a rule that says whether it is allowed or not. If no rule is found, you will be prompted to create a rule with a window like the one below. If you want to see the history of the request, click the ancestor icon to see the operation that performed the experiment.

If you are suspicious Check the VirusTotal score for a request. Click the VirusTotal icon to see if it has been classified as suspicious.

When you click the Details link, the full VirusTotal report is displayed.

Let's go! LuLu is set up and monitors your network connections.

Step 4: Download Do Not Disturb

Next we'll lock our MacBook, iMac, Mac Pro, or any other MacOS computer it might be vicious against. Maid is attacking. Navigate to the download page of Objective-See for "Do not disturb". Click the "Download" link in the top left corner of the DoNotDisturb icon to download the installer.

Step 5: Installing and Linking to iOS Device [19659003] After the download is complete, click the DoNotDisturb.app installer in the Downloads folder to start the installation. Enter your password when prompted, and then click Install to complete the Do Not Disturb setup. When this is done, click "Next" to close the installer.

The menu bar on your macOS device should now display the Do Not Disturb logo. Click on it and then on "Settings" to open the configuration menu. In this menu, you can choose to show alerts, disable the icon in the menu bar, or suppress the warnings when you sign up with a fingerprint. You can also disable the remote feature if you do not have an iOS device to connect to.

In the next section, you can define an action to take when the device opens. For example, if you want to request a Canary Token or Grabify URL, you can catch the IP address each time the device is opened. You can also choose to monitor suspicious behavior, such as USB insertions, in the first three minutes after the computer opens.

Finally, you can create a shortcut to Do Not Disturb Mobile Companion application developed by partner Digita Security that will help you when opening Your computer can receive instant notifications on your iPhone or iPad. You can even trigger a hard shutdown to enable hard drive encryption. To link the app, click the Link icon and then Generate QR Code to generate a scannable QR code.

Scan the QR code in the Do Not Disturb app for iOS, and you should be ready to go! The mobile app is free for the first week. You must then subscribe to the in-app version for a $ 0.99 monthly fee or a $ 9.99 annual fee. If you do not want to sign in or do not have an iOS device, you can check the logs on the device instead. The iOS app is completely optional.

Step 6: Check the logs

If you prefer to check the access logs locally, click the icon in the menu bar and then click "View Log." This opens a console window with a full list When your device was accessed and what was done immediately afterward, you can check to see if you have not detected any logins or if you have experienced events like a USB connection that you do not remember.

Now you can monitor past access to see if your device has been opened unattended.

Objectives: Protects Protect Your Mac from Maid Attack

With the clever iOS app and user-friendly interface, Do Mit Not Disturb k You can also keep your Mac in mind if you do not have it under control. LuLu provides a second line of defense against malware and monitors all connections that indicate the presence of malware on the system.

These tools are not a miracle cure against malware, as they can be easily bypassed if an attacker wishes to disable them. However, they make users much safer and more sensitive to what's happening on their MacOS device, and it's definitely worth installing for any Mac user who's serious about security.

I hope you liked this tutorial for detecting malware on your Mac with LuLu and do not bother! If you have questions about this tutorial on backing up macOS, please contact us. If you have a comment or an idea for a future episode, feel free to contact me on Twitter @KodyKinzie .

Don & # 39; t Miss: Sniffing Passwords on a Mac in Real Time

Cover photo and screenshots of Kody Kinzie / Null Byte


Source link