Less than an hour into a Tinder date in a Moscow restaurant last year, Patrick Wardle began to wonder about the laptop he'd left in his hotel room. Wardle had come to the city for a security conference; as a former NSA staffer who'd worked on the elite hacking unit known as Tailored Access Operations, he was paranoid enough to bring only a "burner" PC on his trip, carefully stripped of any sensitive information. But when his date told him she was a former employee of Russia's Ministry of Foreign Affairs, the question became real for him: Had he been lured out of his room so that someone could lay hands on that computer? And if so, would he ever know for sure?

Wardle never found evidence of tampering or malware on that burner machine. But he did keep thinking about so-called "evil maid" attacks, the classic security problem that computers are far more vulnerable to hacking when the attacker can get physical access to them. Like, say, in a hotel room, while the computer's owner is ordering appetizers on the other side of the Moskva River.

Now Wardle's making his own best effort to grapple with that evil maid problem—if not to solve it, at least to make the job much more difficult. This week at the RSA security conference, he's releasing Do Not Disturb, an app for Mac laptops that tries to detect physical access attacks with a dead-simple safeguard: If someone opens the lid of a MacBook running the tool, the app sends a notification to the owner's phone.

"The majority of 'evil maid' attacks require an active, awake computer," Wardle says. "So Do Not Disturb runs on your Mac and monitors for lid-open events, which are kind of a generic precursor for a lot of physical-access attacks. If someone tries to break into your device, it alerts you."

Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely. The app can also be configured to take more custom actions like sending an email, recording screen activity, and keeping logs of commands executed on the machine.

Owners of modern MacBooks with TouchID can disable Do Not Disturb with their fingerprint within a time window of a few seconds after opening the lid, to avoid setting off an alert every time they open their laptop. Wardle is releasing the Mac app for free, though his company Digita plans to charge a $9.99 annual subscription for the accompanying iOS app once it's approved for the App Store. Those who don't want to pay that can just use the email notification feature instead.

'If evil maids know there’s an app that might be monitoring this laptop, they’ll think twice.' Do Not Disturb Creator Patrick Wardle

The Do Not Disturb lid-opening trigger, a suggestion Wardle credits to the pseudonymous security researcher known as the Grugq, certainly isn't a panacea for a computer falling into enemy hands. In fact, computer security professionals usually warn that if an attacker gains physical access to a computer, you should considered the device compromised. It's often possible, after all, to simply flip a closed MacBook over, unscrew the bottom of its case, and start messing with its hardware, even connecting its hard drive to a different computer to analyze its data.

But those sorts of intrusion methods are far less common, Wardle argues, than someone simply opening up a laptop and booting it from a USB drive to bypass its password protection, or even simply typing in a password captured from someone's keystrokes by a hidden camera in a hotel room.

"The typical physical access attack does require opening up the laptop," says Thomas Reed, a Mac-focused researcher for security firm MalwareBytes. "Any kind of an evil maid attack that doesn’t will be pretty rare and would probably require opening the case and tampering with the electronics inside." Reed points out that anyone who's worried about physical access attacks should also enable FileVault disk encryption on their MacBook, and set a firmware password, too.