Apple’s Fall From Grace – Go Hack Yourself!

There are almost no viruses for Mac and Apple has done a great job protecting their users from many of the vulnerabilities that plague other platforms, but what if I told you that anyone, including your 10 year old, could take complete control of your computer in under 1 minute if they’re sitting in front of it?  What if I told you that simply losing your laptop could expose all the client data you have on that computer?

When we first started working in Real Estate there were almost no Macs.  MLSs didn’t support them, so as badly as most wanted to throw their PC out the Window (ha ha) Apple simply wasn’t an option.  But now, you can’t pass two desks in your average Real Estate Office and not find one Mac.  As it turns out, this isn’t a good thing.  Here’s why:

We’ll just walk you through the process so you can see how easy it is, or even hack yourself.

Warning!  Doing this on OS 10.6.4 or less has been known to cause crashes.

  1. Shut down your Mac.
  2. While the Mac is booting, hold down command+s.  You’ll boot to a prompt.
  3. Type “mount -uw /” without the quotes and hit enter.
  4. Type “rm /var/db/.applesetupdone” without the quotes and hit enter.
  5. Type “shutdown -h now” without the quotes and hit enter.  Your Mac will shut down.

You’ve just told your Mac that it’s new and that it should go through the initial setup again, as if it were just taken out of the box.  The problem is that when you’re done with the guided setup of your “new Mac” you will have created a new Admin account.  An Admin account you can use to reset the password on your old admin account, to turn off parental controls on any account on the Mac, or to access any files on the system.

Watch how it’s done by a 12 year old…

Once you’ve reset passwords in other accounts, you can log into them with the same access, opening browsers and using saved passwords, pulling up client information, contracts, personal information — THE WORKS!  The ONLY thing anyone needs to access everything on your Mac, including private emails, contracts, documents, addresses, and those naughty photos you should never have taken, is simply physical access to your computer.  That’s it.

I contacted Apple Support about this today.  Their response: “There is nothing you can do to resolve this.  We recommend keeping a very close eye on your computer and the child that’s using it.”
This isn’t new information, but it will be a surprise to many of you.

I’m writing this post on the last PC in our office.  I guess I can now say it’s our first PC.  Security of this type is less of an issue for us because we don’t maintain access to our client’s private data, but still…  We can not justify purchasing another Mac unless this is fixed.

Test it if you like (but we don’t really recommend it).  Call Apple and tell them how you feel about it.  Personally, I think this is a deal breaker.
If your clients knew this (which they will shortly) do you think they’d give you one once of personal information with the glowing Apple logo on your desk?  I wouldn’t!

(God I hope they do something about this.)

In the meantime, here are some things that might help Mac users address the issue of sensitive data on their Macs.

Is there a way to secure files I keep on my Mac?
Free Encryption options: http://mobileoffice.about.com/od/mobilesecurity/ss/how-to-encrypt-files-with-TrueCrypt.htmAnother solution for Laptop users would be to use an external hard drive and store all your sensitive data their, making sure to secure it when it’s not in use, but it too will be accessible if found by someone that wishes to access the data on it.

Is the same thing possible on my Windows computer?
The short answer is yes, but it is NOT easy and it does NOT take a few seconds to do.  And depending on the setup windows version and setup, having a working admin account on a Windows machine does NOT allow access to other user files on the same system.

Related Posts:

11 Responses to Apple’s Fall From Grace – Go Hack Yourself!
  1. Jon Hardison
    May 6, 2013 | 5:30 pm

    Okay… I've just got to share this little update.
    I did the NVRAM thing and it works perfectly! Here's where I miscalculated. My son, in response to this assault on his 12 year old freedom just hacked past it. No, he didn't open the computer and bla bla bla. That wasn't it. Want to know what he did?

    The friggin' kid rigged cameras and waited for his parental controls to kick him off so he could ask me to give him a little more time. Those cameras recorded the password. He recovered the cameras in the middle of the night, woke promptly the next morning, got in, uninstalled all the parental controls and even removed Norton Family entirely!

    I'm thinking frontal lobotomy? Maybe that'll work. LOL! I'm screwed!

    HEY CIA Guys! I've got one for you!

  2. Anonymous
    April 30, 2013 | 3:53 pm

    Similar to a CMOS. Apple is Unix based. A website called Macwindows.com is an awesome source for information on integration of Mac's into a Windows environment.
    For all the Active Directory Administrators facing Apples computers on their domains. 🙂

  3. Jon Hardison
    April 30, 2013 | 2:21 pm

    So it's like your standard BIOS password on a PC? Ugh! Why in the hell would Apple not tell someone this? Going to look it up now. Thanx Hippy21169! You Officially ROCK! (Yes. You can add that to your resume if it's not already there.) 😉

  4. Anonymous
    April 30, 2013 | 12:02 pm

    If you password protect the NVRAM for the Mac it will prompt for a password before you can get to a prompt. Not surprised that Apple tech support didn't know this. I work in a school district with Mac's and Windows. I prefer Windows myself but we get what we are given and have to deal with it all.

  5. Inna Hardison
    April 27, 2013 | 4:12 pm

    Larry – we wish. The kiddo simply researched hot to get around parental controls on Google, and this is a common hack kids use, apparently. Hence, this post:-)

  6. Larry Rowan
    April 27, 2013 | 1:30 am

    Congratulations, it looks like you have a budding Genius in your household.

  7. Loren Nason
    April 26, 2013 | 11:13 pm

    You are using OpenDNS aren't you? It won't help much for a tech savy 12yr old though as he prob knows how to change the DNS settings 😀

  8. Jon Hardison
    April 26, 2013 | 10:38 pm

    Yeah… I've basically stopped paying attention to Windows since Vista. I'm on 7 Ultimate 64 myself, but bought Windows8 although I won't install it seeing as it's… well, you know. 😉
    Putting in 30 mins to block everything and setup parental controls only to have it all undone in 60-120 seconds is enough to drive any home school parent batcrap crazy! That's how we stumbled on this. 🙁

  9. Loren Nason
    April 26, 2013 | 9:47 pm

    Hey Jon! Totally and completely agree a properly setup WIN7 Pro (business edition) network in Active directly is WAY more difficult to break as fast. But a win7 pro (business edition) in workgroup mode still easy. I think the MAC workaround that you show is scary easy.

    I'm not a "this is better" guy either. Both systems have issues and the one you pointed out is big issue. HUGE!

    Physical access trumps almost all security measures except 2-factor authentication and whole disk encyrption (which makes the user hate their computer more ).

    What would be cool is the similar 2-factor authentication like gmail but tied to computer logon.

    😀

  10. Loren Nason
    April 26, 2013 | 3:54 pm

    Maybe not a few seconds on a PC. But if I have physical access and computer is bootable by USB I can also reset passwords most of the time and do same thing…. login to users account and have access to everything.

    Physical access to a machine trumps all security measures except whole disk encryption.

    Yes, an admin account DOES allow access to other user files on a windows box if you know how to do it.

    • Jon Hardison
      April 26, 2013 | 4:14 pm

      Hey Loren! Thanx for stoppin’ by: That’s true for the most part, but not entirely. If you’re talking about a home edition Windows box or similar, absolutely. But once you get up in the pro or ultimate range (business class), you have other options for security that make this far more difficult and time consuming.

      Keep in mind that I’m not a “PCs are better” guy. We use both pretty much all the the time. I see this as more a barrier to entry issue. The knowledge and time required to gain full access to a properly configured Mac vs a properly configured business class Windows machine aren’t even close.

      A Mac can be done in the time it takes to go to the bathroom. I think that’s a real problem.
      I had every intention of purchasing a Mac when our last PC bit it. But knowing what I know now…? It presents too many problems.

      It’s an even bigger problem for folks who use all Apple network stuff. Airports offer zero blocking features… it’s just a mess in my opinion.

Leave a Reply

Wanting to leave an <em>phasis on your comment?