Locking your Mac based on iPhone proximity

November 21, 2012
sysadmin mac security ios

Update I should note I only partially sorted out getting this to actually work. Probably requires more tinkering and may be best to just go get an app that does the lock/unlock for you.

This procedure is roughly based on Lock Your Mac When Your iPhone Is Out of Range. I’d seen this in the past, but never got around to figuring out how to set it up. Since I’ve got an iPhone with good battery life, leaving Bluetooth on isn’t as scary as it was on my old Android phone, so I thought I’d give it a shot.

I’ve gone the extra steps of figuring out how to retrieve your password from Keychain in order to do the unlock. The sample unlock AppleScript in that post suggests storing your Mac account password in plain text in the script (not so great) and offers that you can save your script as “Run-only” to obfuscate it. I tried that for kicks and while the script itself is obfuscated, your plain text password is still there if you just cat the file.

This is still a work in progress (i.e., I need to actually test it all out), but I wanted to document how I figured out to interact with the Keychain in Lion via shell commands (since the old AppleScript hooks were removed by Apple).

Lock script

on run
	activate application "/System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app"
end run

Unlock script

The following assumes you’ve added a password entry to your Mac Keychain named “ProximityAdminPassword” containing your Mac account password.

on run
	set thePW to getPW("ProximityAdminPassword")
	tell application "/System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app" to quit
	tell application "System Events" to keystroke 125
	delay 1
	tell application "System Events" to keystroke thePW
	delay 1
	tell application "System Events" to keystroke return
end run

on getPW(keychainItemName)
	set thePW to do shell script "security 2>&1 >/dev/null find-generic-password -gl " & quoted form of keychainItemName & " | awk '{print $2}'"
	return (text 2 thru -2 of result)
end getPW
3dprinting12 alabama7 amalgam4 android2 apple21 auto6 blog24 cat-diary5 cats18 chicago3 college18 comparch5 cooking2 define30 film19 gaming37 georgia2 halloween2 hosting13 hpc11 hugo3 humor35 huntsville5 illinois37 ios2 ireland3 kids5 meme5 monte-sano2 music23 photography35 politics2 programming11 pumpkins2 raid6 rants19 reading25 research11 snow6 sysadmin18 tales-of-the-weird14 tech54 tennessee2 travel11 video8 work29