Locking your Mac based on iPhone proximity

November 21, 2012
sysadmin mac security ios

Update I should note I only partially sorted out getting this to actually work. Probably requires more tinkering and may be best to just go get an app that does the lock/unlock for you.

This procedure is roughly based on Lock Your Mac When Your iPhone Is Out of Range. I’d seen this in the past, but never got around to figuring out how to set it up. Since I’ve got an iPhone with good battery life, leaving Bluetooth on isn’t as scary as it was on my old Android phone, so I thought I’d give it a shot.

I’ve gone the extra steps of figuring out how to retrieve your password from Keychain in order to do the unlock. The sample unlock AppleScript in that post suggests storing your Mac account password in plain text in the script (not so great) and offers that you can save your script as “Run-only” to obfuscate it. I tried that for kicks and while the script itself is obfuscated, your plain text password is still there if you just cat the file.

This is still a work in progress (i.e., I need to actually test it all out), but I wanted to document how I figured out to interact with the Keychain in Lion via shell commands (since the old AppleScript hooks were removed by Apple).

Lock script

on run
	activate application "/System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app"
end run

Unlock script

The following assumes you’ve added a password entry to your Mac Keychain named “ProximityAdminPassword” containing your Mac account password.

on run
	set thePW to getPW("ProximityAdminPassword")
	tell application "/System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app" to quit
	tell application "System Events" to keystroke 125
	delay 1
	tell application "System Events" to keystroke thePW
	delay 1
	tell application "System Events" to keystroke return
end run

on getPW(keychainItemName)
	set thePW to do shell script "security 2>&1 >/dev/null find-generic-password -gl " & quoted form of keychainItemName & " | awk '{print $2}'"
	return (text 2 thru -2 of result)
end getPW