Wednesday, 29 June 2016

Locking your Windows PC based on the proximity of your phone, using Tasker, AutoRemote, EventGhost and a beacon.

Locking your PC with your phone

There are a number of paid software solutions on the market that you can use to lock and unlock your PC using your phone, and the upcoming Microsoft Companion Device Framework is likely to ensure this becomes a mainstream activity in the near future.

Device unlocking is a little tricky in recent versions of Windows, but locking the device is much simpler and can be accomplished using a few readily available bits of software. While pressing a button on an app provides a nice demo, the ability to lock the machine based on the presence (or more accurately absence) of the user's phone is much cooler. :)

The following tutorial gives step-by-step instructions on setting up such a proximity locking system and it doesn't feature any coding; it uses open source components and a couple of inexpensive Android apps to get the job done. 

Note the solution described below should be treated as a proof of concept only and is not intended to form part of any production-ready security solution. 

As always, I'd love to hear your feedback. If this has proven useful or instructive, or you've spotted any errors or omissions, please feel free to leave a comment below.

Setting up your PC

Download and install EventGhost. EventGhost is a tool that enables us to run tasks, known as macros, on a Windows PC. We'll be setting up an EventGhost macro that locks our PC and triggering it remotely from our phone.

Download and install the AutoRemote EventGhost plugin, following the instructions here.

Install Google Chrome if you haven't already done so.

Install the chrome extension for AutoRemote. This will allow AutoRemote to use Google Cloud Messaging for message delivery, which is likely to be more reliable than direct messaging between AutoRemote and EventGhost.

Create an EventGhost macro to lock your workstation, as described here (note that you could alternatively use EventGhost's built in "Lock Workstation" macro [Select the "Add Macro" item from the toolbar or Configuration menu then select System -> Power Management -> Lock Workstation -> OK] as a substitute for the macro creation step in the instructions, the rest of the instructions still apply).

Attach a beacon of your choice to your PC, or place one nearby. Alternatively, you can use a software based beacon, some examples of which are discussed in this StackOverflow thread. I used a Radius Networks RadBeacon USB, which is my go to beacon for USB based deployments because it's reliable and versatile (it supports iBeacon, AltBeacon, and Eddystone out of the box).

Setting up your Android device

You'll need to download and install the following apps from the Google Play Store (UK pricing is stated for paid apps in the list below):


Set Chrome up as a Device in AutoRemote, which will enable GCM messaging. This video tutorial demonstrates how to do this.

Set up Tasker

Create a Variable (see screenshots)

We need to create a variable, which I've called "%PROX", note that Tasker variables are prepended with the percent symbol, and global variables must begin with a capital letter.

Our new variable - %PROX

Configure a Tasker profile

We need to execute some logic on a recurring basis to check the current proximity of the PC, and lock the PC if the phone is too far away. A limitation of Tasker is that timed jobs can be run no more frequently than once every 2 minutes, but we can get around this by creating two profiles; one that runs on the hour and at every two minutes thereafter, and another that runs at one minute past the hour and every two minutes thereafter. Each of these jobs calls the task that we're about to create in the following step...


Create profile number 1...
...then profile number 2.
Configure profile run timing.


Create a Tasker task

The task makes use of conditional logic - it checks whether the phone is in close proximity to the PC (well, technically the small USB beacon connected to the PC). If the phone and PC aren't in close proximity control passes to a sub-task that uses the AutoRemote plugin to send a message to EventGhost on the PC (via Google Cloud Messaging), which results in a macro being executed that locks the PC.

Create a task...
...then edit the task and add conditional logic.




















There's a good tutorial on using conditional logic for flow control in Tasker here,

Configure Beacon Scanner and Logger:

You can theoretically query Tasker's in-built BTNear state to determine the proximity between your phone and a bluetooth device, but in practice I found this to be unreliable. Additionally, at the time of writing Tasker displays a warning message when you try to configure BLE connections, stating that BLE support is currently experimental and somewhat "buggy". 

In light of the above, I decided to use my own Beacon Scanner and Logger app, as it allows greater control over the scanning interval and features support for realtime logging (thanks to David Schmid for initially requesting I implement the realtime logging feature).

We need to ensure realtime logging is switched on, which will enable Tasker to check the current proximity status of the phone by querying a text file which is regularly written to by the app. We can optionally also set the background polling frequency of the app, to ensure scanning happens regularly when the app is not in the foreground.

To set these parameters we need to access the Settings menu, which is found on the top right of the screen on my phone but may be placed differently depending on the device you're using. Scroll to the bottom of the Settings list to find "Realtime Logging" and tap the checkbox to enable the feature. You may want to uncheck all but "Proximity" in the "Beacon Properties to Capture" section, as this will ensure less data is written to the file and make it easier to see what's happening in the Tasker log. As mentioned, you can also tap the "Scanning Interval" section to see a list of available values and select your preferred option.

Enable Realtime Logging
Configure Scanning Interval

When you're ready to go, you can return to the main screen and toggle the "Start Scanning/Stop Scanning" button as required. Note that the realtime logging file will only contain the item at the bottom of the scanning list, so you can stop scanning at any time if the test value you want to use is the last element shown on screen.

Start/Stop Scanning









Some potential next steps:

The solution above assumes there's only one beacon in range and that beacon is the one attached to your workstation, but in a real world scenario it's likely you'd be in an environment with multiple beacons. You could edit the "If" step of your Get Proximity task to also test for the UUID, major and minor values of the detected beacon, which would effectively filter out all but the beacon you're interested in and prevent your PC locking when it came within range of beacons other than your own. 

If you're comfortable developing mobile apps, or want to give mobile app development a try, you could remove the requirement to use Tasker and AutoRemote completely by building your own app. EventGhost features a basic webserver plugin, which means you can invoke a macro via a simple HTTP request. If you're interested in trying this out for yourself, you'll find further detail regarding the EventGhost webserver plugin here.





Post a Comment