A clever solution for constantly locking workstations

ROBOT

[Vasilis] works at CERN, and like any large organization that invented the World Wide Web, they take computer security pretty seriously. One ‘feature’ the IT staff implemented is locking the desktop whenever the screen saver runs. When [Vasilis] is in his office but not at his battlestation, the screen saver invariably runs, locking the desktop, and greatly annoying [Vasilis].

The usual Hackaday solution to this problem would be a complex arrangement of RFID tags, webcams, and hundreds, if not thousands of lines of code. [Vasilis] came up with a much better solution: have the computer ping his phone over Bluetooth. If the phone is detected by the computer, kill the screen saver.

The code is up on Github. It’s not much – just 20 lines of a Bash script – but it’s just enough to prevent the aggravation of typing in a password dozens of times a day.

Comments

  1. dave says:

    This was solved back when we loaded websites through Netscape Navigator, it’s a program called mousemover.

    dun sun.

    • AnthonyD says:

      Or you could set the mouse on an analog watch.

    • john says:

      Mouse simulators just prevent the screensaver from starting, i.e. no security whatsoever. You might just as well completely switch off the screensaver. The BlueTooth solution presented here at least allows for the screensaver to kick in when the phone of the workstation user is not detected.

    • Dan says:

      Except he probably wants to keep his desktop locked while he’s gone. Coworkers are known for replacing the desktop wallpaper of unattended computers…

    • he doesn’t want it to NEVER lock, only when he’s not close (i.e. within Bluetooth range)

    • defaultex says:

      I think the ultimate hacks I seen for locking screen were the following, based on mouse type:

      Wheel Mouse – replace the ball with a gyro ball from a hobby shop, give the ball a good twirl before putting it in. Makes the mouse pointer constantly move in one direction for awhile. Helps to use a water based lubricant on the replacement ball, that way it’s easy to clean off your hands and lubes up the wheels in the mouse making it easier to use.

      Trackball – same as wheel mouse except you might need to brace the mouse against the keyboard or a book to keep it from flipping over.

      Optical Mouse – prop the bottom edge of the mouse pad up just enough so that the mouse wants to roll back, but low enough so that it’ll only roll back against a thin book or even just the desk. Place dipping bird far enough so that it taps the side of the palm area on the mouse. When the dipping bird comes down you want it to just graze the edge of the mouse, makes the mouse pointer wobble in place.

      Touchpad – move the touch pad very close to monitor. Tilt it to be parallel to the monitor’s display area, slide it so that there is a bit of an air gap between the monitor and the pad. Rub a wash cloth or similar cloth fabric against your hair for a second, and place it hanging between the pad and the screen. This works best in a drafty office.

  2. Mohonri says:

    I seem to remember a hardware hack a couple years back where someone built a mouse emulator that moved the mouse ever so slightly, every minute or so. The movement is enough to keep the screensaver from starting, but small enough that you don’t notice it.

    Heck, did it make its way out of prototype phase?

    • Thopter says:

      Set an optical mouse on top of an analogue wristwatch with a second hand.

    • chango says:

      At a former job, some of the silicon validation software engineers repetitively tested the USB host of a new chip by pushing an optical mouse back and forth with a pen taped to an oscillating desk fan. Certainly one of the finest hacks I’ve witnessed.

  3. Addidis says:

    Your phones bt will probably work much further than desired.

    This is about security … it is basically like saying banks are annoying and just carrying all your money on you. People are the weakest link in any (security) system.

  4. alangarf says:

    https://github.com/jcs/blueping

    Not really a new idea.

  5. Josh Deng says:

    There is a windows version of this:

    http://www.daveamenta.com/products/btproximity/

  6. Caleb says:

    Can’t you just put the mouse on an analog watch whenever you leave?

  7. 0c says:

    Gosh what if there was some way to sniff, decrypt, and synthesize Bluetooth traffic? Perhaps with an easily concealable piece of hardware that cost about $100?

    Nah, that’s probably just fantasy. I guess Vasilis’ solution is secure enough!

  8. smee says:

    That is not a good idea. Check your security and user policies. In security sensitive environments something as simple as this can get you canned without remorse.

    Should this not get you kicked out on to the street then why not just, you know, ask to have the local user policy restrictions adjusted?

    • smee says:

      Just checked github. It is his own damn security policy. He is making a solution to a problem he created for himself.

      Who sets a lockout to 1 minute, immediately makes an easy way to circumvent it, and then puts it all on github for anyone to see? I wonder if he also parks his car under bird’s nests just so he has an excuse to blog about his car cleaning methods.

  9. R0unin says:

    Something that does this called BlueProximity has been around for a while http://blueproximity.sourceforge.net/
    To comply with security sensitive environments, the propper way to use these tools is to only enable the locking and presence feature (ie. don’t unlock automatically when you get back to your desk).
    I actually use BlueProximity in conjunction with a IR motion sensor connected to an arduino. The idea is that if I forget my phone at my desk, but there is no motion at my desk for a given time it will also lock my workstation.

  10. vonskippy says:

    Nothing like one lazy ass user to defeat the entire network security.

    Be sure to put that code in your project folder when you apply for your next job.

  11. CraigBurden says:

    Genius! Great job, I might use it on my laptop, just for fun!

  12. ejonesss says:

    if you are able to add software to your terminal then why not go into the screensaver settings and change it to a really long time or even never.

    do the same for the energy saver settings so the hard drive does not keep spinning down

  13. David says:

    It’s at CERN… in Switzerland. There is no crime, they just like to lock things.

  14. I suggested this back when working for a large multinational and we had an IT policy that whenever you leave your desk, you should lock your computer – why not automatically lock it when your bluetooth device is out of range?

    Unlocking would naturally have to be manual, for security purposes.

    The IT didn’t like the idea. Probably too much hassle to implement.

  15. philipp says:

    I did something very similar a year ago:

    The main problem will be the battery of the phone: With every “ping” the phone wakes up and will consume some battery.

    But you have to ping it often (once every 10 sec or so) to be effective…

  16. I guess he’s a very busy man, if his screensaver kicks in dozens of times during the day…

  17. strider_mt2k says:

    What I did was take a small fan, color every other blade with a silver sharpie and run it at 1.9 volts so it is real slow (YMMV).
    Set the optical mouse on top of it and it will jiggle just fine once you find the spot. (I made a bracket for mine that aligns it so I can just drop the mouse on it.
    -the cursor usually jiggles up to the upper left corner, but it’s good if you don’t move the mouse off the fan.

    I find this extremely useful at my bench at work where I work at another machine but want to monitor my emails and such on my main PC right next to it.

  18. noouch says:

    We have this policy at the office as well. People get around it by playing something in VLC in the background.

  19. Peter Brickles says:
  20. 0xfred says:

    Why are so many people suggesting solutions that would cause it never to lock? That’s not what he wanted and can be done by just disabling the screensaver (provided he has permission to). He just wants it to not lock if he’s nearby.

    At my office I’d need something slightly different – ensure it locks immediately if I leave my desk. My colleagues only need a few unattended seconds to send out an email to the whole team offering to buy them cakes, confessing to an unusual sexual interest, etc.

    • Chris Muncy says:

      I’ve done this a few times in my office. A few of my guys were known to send out the lunch email. One day their station wasn’t locked and they invited the entire staff out to lunch at their expense. They got the hint…

    • signal7 says:

      There is one rule with email: you can’t trust anything in your inbox. Forging an email to look like it came from your coworker is child’s play.

    • Dissy says:

      The best part about using most of these fully-defeating methods will be the results.

      If IT doesn’t like you, they report you to HR and you lose your job.

      If IT hates you, they will disable your screen saver and make your workstation lock requiring password every 15 minutes if you are using the machine or not :P

  21. Hackert says:

    Very nice but to bad the security officer at CERN would allow this!
    It is so simple to sniff the Bluetooth ping and replay it as a hacker to get access to his computer….

    WoW -1

  22. fartface says:

    Why doesnt his IT department enter this century and use smartcard authentication. MY workstation does not lock until I remove the Smartcard, which is also my ID. so if I get up to go to the bathroom I have to remove it. screen locks. works great.

    It amazes me how many IT departments are horribly out of date and relying on a very short lock timeout.

  23. vlachoudis says:

    Just to clarify is not my IT which enforce me to lock the computer. I have set the screensaver to 1min locked with password. I wanted to lock the desktop ONLY if I am not present in the office (or in bluetooth range). The moment my phone comes into range (about 10m in our building) it unlocks the screen.

  24. Harvie.CZ says:

    1.) sniff bluetooth MAC
    2.) set that MAC to your phone
    3.) kaboom!

    Due to use of l2ping you can just set this MAC to your Wifi or Wired ethernet NIC and simply connect next to or directly to target workstation to unlock it…

  25. Felipe says:

    This is stupidity.
    Here, screensaver is constantly disabled. Whenever I leave, I just hit Ctrl+Alt+L and it’s done

  26. Joao says:

    dangerous solution. you can set a bap or any other bluetooth device with the same mac addr and you are in serious trouble.

  27. Fritoeata says:

    My favorite quarterly magazine just did a write-up on this whole BT+Linux thing.

  28. Whatnot says:

    I had no idea BT responded to ping, that is a bit of a problem,, it makes it possible to DoS BT very easily, and drain the battery in the process.

  29. crashsuit says:

    If you’re on Windows, there are a number of small, free utilities to prevent your computer from idling. I use Caffeine, and then I just hit Windows+L when I walk away from my computer.

  30. Mayank Patel says:

    There is a very simple trick which does not need any 3rd party program. Just open Windows media player and play sample video in loop and computer will not lock till video is playing…

  31. Philip says:

    Passive RFID implanted in your butt cheek + arduino, RFID reader, bluetooth radio and inductive charger in chair seat (inductive charger so it can charge when you roll it under your desk) = best idea ever?? Because it uses an inductive charger, RFID implants, Bluetooth, AND an arduino. Who’s with me?

    This is a joke please don’t implant RFID in your arse then blaim me.

  32. Simple and smart, I like it. I wonder if something like this would work for keeping lights on in a room…have to read up on Bluetooth specs.

    And hey, if you want to implement something like this, but don’t have a smartphone (Some people don’t!) you could just get someone’s old low-end smartphone off eBay for a couple bucks. I bought a Samsung Prevail on eBay for $13 to use as a dedicated wi-fi mouse/keyboard.

  33. John Smith says:

    Can’t believe this hasn’t been mentioned yet:
    – Press Windows key to open start menu
    – Balance mouse on Up key
    – Highlight on Start menu cycles up forever

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,779 other followers