A Clever Solution For Constantly Locking Workstations

ROBOT

[Vasilis] works at CERN, and like any large organization that invented the World Wide Web, they take computer security pretty seriously. One ‘feature’ the IT staff implemented is locking the desktop whenever the screen saver runs. When [Vasilis] is in his office but not at his battlestation, the screen saver invariably runs, locking the desktop, and greatly annoying [Vasilis].

The usual Hackaday solution to this problem would be a complex arrangement of RFID tags, webcams, and hundreds, if not thousands of lines of code. [Vasilis] came up with a much better solution: have the computer ping his phone over Bluetooth. If the phone is detected by the computer, kill the screen saver.

The code is up on Github. It’s not much – just 20 lines of a Bash script – but it’s just enough to prevent the aggravation of typing in a password dozens of times a day.

57 thoughts on “A Clever Solution For Constantly Locking Workstations

    1. Mouse simulators just prevent the screensaver from starting, i.e. no security whatsoever. You might just as well completely switch off the screensaver. The BlueTooth solution presented here at least allows for the screensaver to kick in when the phone of the workstation user is not detected.

    2. I think the ultimate hacks I seen for locking screen were the following, based on mouse type:

      Wheel Mouse – replace the ball with a gyro ball from a hobby shop, give the ball a good twirl before putting it in. Makes the mouse pointer constantly move in one direction for awhile. Helps to use a water based lubricant on the replacement ball, that way it’s easy to clean off your hands and lubes up the wheels in the mouse making it easier to use.

      Trackball – same as wheel mouse except you might need to brace the mouse against the keyboard or a book to keep it from flipping over.

      Optical Mouse – prop the bottom edge of the mouse pad up just enough so that the mouse wants to roll back, but low enough so that it’ll only roll back against a thin book or even just the desk. Place dipping bird far enough so that it taps the side of the palm area on the mouse. When the dipping bird comes down you want it to just graze the edge of the mouse, makes the mouse pointer wobble in place.

      Touchpad – move the touch pad very close to monitor. Tilt it to be parallel to the monitor’s display area, slide it so that there is a bit of an air gap between the monitor and the pad. Rub a wash cloth or similar cloth fabric against your hair for a second, and place it hanging between the pad and the screen. This works best in a drafty office.

  1. I seem to remember a hardware hack a couple years back where someone built a mouse emulator that moved the mouse ever so slightly, every minute or so. The movement is enough to keep the screensaver from starting, but small enough that you don’t notice it.

    Heck, did it make its way out of prototype phase?

    1. At a former job, some of the silicon validation software engineers repetitively tested the USB host of a new chip by pushing an optical mouse back and forth with a pen taped to an oscillating desk fan. Certainly one of the finest hacks I’ve witnessed.

  2. Your phones bt will probably work much further than desired.

    This is about security … it is basically like saying banks are annoying and just carrying all your money on you. People are the weakest link in any (security) system.

  3. Gosh what if there was some way to sniff, decrypt, and synthesize Bluetooth traffic? Perhaps with an easily concealable piece of hardware that cost about $100?

    Nah, that’s probably just fantasy. I guess Vasilis’ solution is secure enough!

  4. That is not a good idea. Check your security and user policies. In security sensitive environments something as simple as this can get you canned without remorse.

    Should this not get you kicked out on to the street then why not just, you know, ask to have the local user policy restrictions adjusted?

    1. Just checked github. It is his own damn security policy. He is making a solution to a problem he created for himself.

      Who sets a lockout to 1 minute, immediately makes an easy way to circumvent it, and then puts it all on github for anyone to see? I wonder if he also parks his car under bird’s nests just so he has an excuse to blog about his car cleaning methods.

  5. Something that does this called BlueProximity has been around for a while http://blueproximity.sourceforge.net/
    To comply with security sensitive environments, the propper way to use these tools is to only enable the locking and presence feature (ie. don’t unlock automatically when you get back to your desk).
    I actually use BlueProximity in conjunction with a IR motion sensor connected to an arduino. The idea is that if I forget my phone at my desk, but there is no motion at my desk for a given time it will also lock my workstation.

  6. if you are able to add software to your terminal then why not go into the screensaver settings and change it to a really long time or even never.

    do the same for the energy saver settings so the hard drive does not keep spinning down

  7. I suggested this back when working for a large multinational and we had an IT policy that whenever you leave your desk, you should lock your computer – why not automatically lock it when your bluetooth device is out of range?

    Unlocking would naturally have to be manual, for security purposes.

    The IT didn’t like the idea. Probably too much hassle to implement.

    1. I work at a company that forbids personal phones in many workplaces. You’ve probably never heard of the company, but it owns IP addresses 9.***.***.*** and 10.***.***.***

      1. sorry to burst your bubble, but no one owns class a range starting with 10. it is reserved for any private network according to the IANA . anyone wanting to build thier own private network can use that ip and it’s range from 10.0.0.0 to 10.255.255.255. its the exact same as the 192.168.0.0 to 192.168.255.255 range that all consumer routers come set to – free to use for private networks. if your company is using 10.x.x.x, it’s because they are allowed to just like anyone else, for their internal network, and by telling us your company owns 9.x.x.x, then yes, you work for IBM.

        see part 3 of this : http://tools.ietf.org/html/rfc1918

        and here’s the whole list: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

  8. I did something very similar a year ago:

    The main problem will be the battery of the phone: With every “ping” the phone wakes up and will consume some battery.

    But you have to ping it often (once every 10 sec or so) to be effective…

  9. What I did was take a small fan, color every other blade with a silver sharpie and run it at 1.9 volts so it is real slow (YMMV).
    Set the optical mouse on top of it and it will jiggle just fine once you find the spot. (I made a bracket for mine that aligns it so I can just drop the mouse on it.
    -the cursor usually jiggles up to the upper left corner, but it’s good if you don’t move the mouse off the fan.

    I find this extremely useful at my bench at work where I work at another machine but want to monitor my emails and such on my main PC right next to it.

  10. Why are so many people suggesting solutions that would cause it never to lock? That’s not what he wanted and can be done by just disabling the screensaver (provided he has permission to). He just wants it to not lock if he’s nearby.

    At my office I’d need something slightly different – ensure it locks immediately if I leave my desk. My colleagues only need a few unattended seconds to send out an email to the whole team offering to buy them cakes, confessing to an unusual sexual interest, etc.

    1. I’ve done this a few times in my office. A few of my guys were known to send out the lunch email. One day their station wasn’t locked and they invited the entire staff out to lunch at their expense. They got the hint…

    2. The best part about using most of these fully-defeating methods will be the results.

      If IT doesn’t like you, they report you to HR and you lose your job.

      If IT hates you, they will disable your screen saver and make your workstation lock requiring password every 15 minutes if you are using the machine or not :P

  11. Very nice but to bad the security officer at CERN would allow this!
    It is so simple to sniff the Bluetooth ping and replay it as a hacker to get access to his computer….

    WoW -1

  12. Why doesnt his IT department enter this century and use smartcard authentication. MY workstation does not lock until I remove the Smartcard, which is also my ID. so if I get up to go to the bathroom I have to remove it. screen locks. works great.

    It amazes me how many IT departments are horribly out of date and relying on a very short lock timeout.

  13. Just to clarify is not my IT which enforce me to lock the computer. I have set the screensaver to 1min locked with password. I wanted to lock the desktop ONLY if I am not present in the office (or in bluetooth range). The moment my phone comes into range (about 10m in our building) it unlocks the screen.

  14. 1.) sniff bluetooth MAC
    2.) set that MAC to your phone
    3.) kaboom!

    Due to use of l2ping you can just set this MAC to your Wifi or Wired ethernet NIC and simply connect next to or directly to target workstation to unlock it…

  15. There is a very simple trick which does not need any 3rd party program. Just open Windows media player and play sample video in loop and computer will not lock till video is playing…

  16. Passive RFID implanted in your butt cheek + arduino, RFID reader, bluetooth radio and inductive charger in chair seat (inductive charger so it can charge when you roll it under your desk) = best idea ever?? Because it uses an inductive charger, RFID implants, Bluetooth, AND an arduino. Who’s with me?

    This is a joke please don’t implant RFID in your arse then blaim me.

  17. Simple and smart, I like it. I wonder if something like this would work for keeping lights on in a room…have to read up on Bluetooth specs.

    And hey, if you want to implement something like this, but don’t have a smartphone (Some people don’t!) you could just get someone’s old low-end smartphone off eBay for a couple bucks. I bought a Samsung Prevail on eBay for $13 to use as a dedicated wi-fi mouse/keyboard.

  18. Can’t believe this hasn’t been mentioned yet:
    – Press Windows key to open start menu
    – Balance mouse on Up key
    – Highlight on Start menu cycles up forever

  19. GateKeeper can also lock your workstation. It locks when the user walks away and when the user walks back it will unlock. A keyfob is connected to the computer via bluetooth and communicates with the computer when the user is away

Leave a Reply to daveCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.