undefined | Better HN

0 pointsdogma113810y ago0 comments

Since it's likely that every apple care center can perform this unlock there is a very good chance that there is a machine in virtually everyone of them that also has a service lab that makes these files.

The number of people that can unlock it is probably quite high, this isn't that different than removing an apple id from the device you need to go to the apple store with the device and proof of purchase and they do it for you.

0 comments

4 comments · 1 top-level

Sidnicious10y ago· 3 in thread

Last I heard, service centers have to request these files from Apple on a case-by-case basis, so that only a small number of people need the ability to generate them. All of the complexity (writing a nonce to flash when the firmware password is changed, etc.) exists to make it easy for a service provider to apply an unlock when authorized.

I’d make a large bet that the same is true for removing Apple ID activation locks from devices.

dogma1138OP10y ago

I haven't removed an EFI password but I've removed an Apple ID from 2 devices and it was done in <30min at the Apple Store in Westfield (SB) London.

While It's likely that Apple has probably has some audit trail on these requests just the sheer amount of devices that are likely to need to undergo such procedure make it unlikely that there is some room in Apple HQ where 5 highly trusted engineers issue those files.

Even if you don't count all the end users that lock their devices and can't unlock them all the devices that are returned to apple, go in for a hardware replacement/fix or recycling need to undergo a similar procedure. So If I would be asked to wager on how this process is done it would be that it's an automated process with an audit trail just like what many organizations use to reset account details, passwords and other things.

developer210y ago

Even if the employees capable of directly signing the files make up a very small group, they would probably be authorizing over the phone or a similar indirect route. This opens the door to social engineering by anyone, employee or not, who knows what number to dial and what information to provide. The tech would be authorizing the file without seeing the customer's device and proof of purchase themselves.

To foolproof the system, you would need less than a dozen people trusted with the ability to sign the files, and require the device and proof of purchase to be shipped to them rather than allowing unlocks to be authorized remotely.

It's unfortunate that the last line of defense against a stolen machine, the firmware password, has a backdoor. I'd have expected a firmware password on a MacBook to be just as difficult to bypass as an iPhone's passcode. Apple refuses to unlock phones, but will gladly remove a firmware password on a real machine. Disappointing.

Sidnicious9y ago

The OS X equivalent of an iOS passcode is FileVault. Its current incarnation (v2) uses full disk encryption and doesn't have a (known) backdoor. (v1 used per-user encryption but didn't protect the rest of the disk, and v3 might use AFS to encrypt the whole disk in a way that users can only decrypt their own data and shared areas of the filesystem, not other users' data.)

Firmware passwords are more like Activation Lock for iOS. They make it harder to reuse a stolen computer and stop some less-invasive tampering, but don't offer any guarantees about protecting your data.

j / k navigate · click thread line to collapse