Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Security considerations prior to hardware service System
I recently shipped my MacBook Pro back to Apple for replacement of a humming motherboard. The technician asked me to give him my login password, and to consider setting (in the Users System Preferences pane) the machine to automatic login, which I preferred not to do.

In thinking about this, it occurred to me that private info is scattered all over my machine. I also remembered, years ago, that when I shipped a laptop to a manufacturer (not Apple, of course) for repair, it never arrived. So, I came up with a security procedure that makes it as easy on the technician as possible -- but also tough on any thieves who may come in contact with the machine.

So, don't disable your administrator password or set it to automatic login. Instead, consider creating a special account for the technician. I created one called REPAIR with a four-digit password; I gave the password to AppleCare over the phone, and enabled automatic login or that account. I also used the MacPilot utility to modify the text that appear on the log-in screen to TECHNICIAN - PLEASE USE REPAIR ACCOUNT. THANKS!

You might consider putting a sticker on the case of the computer stating the same thing. Whether you do or don't create a repair account, put a label on the case, in a prominent location, saying FOR PASSWORD ASSISTANCE, PLEASE CALL nnn-nnn-nnnn. That's much better than writing your password on the form you'll be submitting to Apple.

Finally, back up your data. The best solution is to image your hard drive with a program like Carbon Copy Cloner or SuperDuper. I'd also recommend using Apple Backup to create a backup of your keychains, Address Book, etc., and any other personal data and settings you have.

Read on for some other things to consider if you're sending a machine away for service...

Here are some other things you may wish to do in the interest of general security, prior to sending your machine in for service:
  • In the Security System Preferences pane, uncheck 'Require password to wake from sleep.'
  • In the Sharing System Preferences panel, turn off all sharing options.
  • Deauthorize your iTunes account. If your hard drive is erased by the tech, or if the machine gets pilfered, it's more of a pain to deauthorize iTunes without your machine than with, and you can simply reauthorize it when you get it back.
  • Go to the Keychain Access program and delete all your keychains.
  • After you've done all the above, do one more manual .Mac sync, then disable .Mac sync. You probably don't need to deauthorize it, since this makes a bit of a hassle when you get the machine back, and could result in duplicate data. Instead, when you get the machine back, make sure to set .Mac to a full reset -- .Mac overwrites your machine -- to restore your data.
  • Consider deleting your iCal and Address Book info as well, and use .Mac to restore them, as above.
  • In Safari, forget all passwords, delete cookies and history.
  • In Firefox, use the Clear Private Data command.
  • Take this opportunity to change the passwords on any online services you use that contain private information about you -- banking, eBay, .Mac, credit cards, etc. A pain, but you should have done that a few months ago anyway, right!
  • I use a firmware password on my Mac, which I didn't disable. Again, I gave the password to the AppleCare agent, and put the sticker on the machine.
For the truly paranoid:
  • Consider using Orbicule's Undercover software. This silently installs on your machine; if it is stolen, you notify Orbicule, and the machine sends a regular signal back to them anytime it goes online (and an iSight snapshot, if you have the camera.) In order to effectively use Orbicule, you need to have an autologin account set on your machine. So in this case, either use the REPAIR account, or set your Guest account to automatic login.
  • Repeat the above procedures if you have multiple accounts.
  • Check with your insurance company to see if your machine is covered for theft and damage in transit. Apple's shipping service provides coverage, but getting compensated could be a hassle.
  • Don't forget to make a copy of the info sheet you filled out and sent back to Apple, and write down the tracking number for shipment.
I'm not totally sure of the best way to secure your Mail messages would be; I'd welcome feedback on that.

[robg adds: There are some good ideas in here if you're taking a step-by-step approach to securing your personal data prior to sending your machine back. My approach is somewhat different: in the two cases where I've had to send machines back to Apple, I wiped the machine clean and reinstalled the OS with a dummy Repair account.

Obviously, before I did this, I built a bootable backup of the entier system using either Carbon Copy Cloner or SuperDuper. I then verified that the backup was complete and usable, and then reinstalled OS X with a format and install. When the machine came back, I simply restored my full backup, and I was right back where I started, without any fear of what might happen to my data if the machine were to be lost.]
    •    
  • Currently 3.25 / 5
  You rated: 3 / 5 (4 votes cast)
 
[14,306 views]  

Security considerations prior to hardware service | 18 comments | Create New Account
Click here to return to the 'Security considerations prior to hardware service' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Seucrity considerations prior to hardware service
Authored by: FunkDaddy on Aug 11, '06 07:40:49AM
Unless you use FileVault, it's not much real security, seeing as they could just mount the disk in FW Target mode to bypass the permissions.

[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: RussellK on Aug 11, '06 07:55:35AM

A couple of quick initial thoughts on reading this:

1. In Safari, using the "Reset Safari" command is an easier, more complete way of wiping the browser clean. It erases the browsing history, empties the cache, clears the Downloads window, removes cookies, removes saved names and passwords plus other Autofill text, and clears Google search entries.

2. As long as we're being really paranoid here...attaching a note telling the technician to call you for password info/assistance is a good idea, but remember that anyone who "intercepts" your shipment can call the number you provide as well. If/when the tech calls you, ask for a number to call him/her back so you can verify you're calling the Apple office at which they claim to work.



[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: riktexan on Aug 11, '06 08:17:23AM

This is a great and reasonable security method that is not overly paranoid. I'm getting ready to send an iBook away for a repair and will use it.
While the method is certainly not foolproof it will probably discourage a "casual" thief.
Thanks
Rick in Maine



[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: kyngchaos on Aug 11, '06 08:27:59AM

Did they want an admin-enabled account? I'd be worried about that. But if they just wanted to try to reproduce problems as is, I'd make sure to not enable admin for the dummy user.

And, shouldn't they be using some repair disk anyways? possibly putting in one of their HDs.

Better yet, for ultimate data safety - if you have one, get an old spare HD, maybe one you upgraded from at one time, and clone a bootable system, but not your home folder or other data, to it and put that one in your Mac before sending it off.



[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: kirkmc on Aug 11, '06 08:31:53AM

Last time I sent off a Mac for repair (an iBook), I was told that if they don't have admin acces, they'd wipe the HD.

This is, however, an improvement over the past. For the same iBook, about a year ago, I sent it and was not asked to set up anything, and the idiots in the Netherlands (who Apple no longer uses for repairs) didn't bother to call me and ask for an admin account password, they just sent the iBook back. So it had to go back to them again, at Apple's expense...

---
Read my blog: Kirkville -- http://www.mcelhearn.com
Musings, Opinion and Miscellanea, on Macs, iPods and more



[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: morespace54 on Aug 11, '06 09:04:53AM

Well if they really wipe the HD in case they don't have an Admin password, it's sounds good to me (as long as you made a backup prior to send it)...

Kind of an "extra soft" security measure



[ Reply to This | # ]
Doesn't help much...
Authored by: dbs on Aug 11, '06 09:29:05AM

If someone has physical access to your machine they can get at anything on your disk that is not encrypted. (Particularly if they are repairing your machine which makes it easy to remove the hard disk.)

You either need to encrypt your data (I have my tax and quicken data stored on an encrypted disk image, for example) or securely erase it (putting it in the trash and using the secure delete function). Anything short of that leaves the data pretty easy to access.

The hint will only make it take a few extra seconds for someone who wants to get your data to get it, and maybe prevent someone from just poking around for fun.

If you just want to prevent the casual snooper then just create a "repair" account as suggested and put the password on the machine with a sticky note. Worked every time for me. I didn't bother trying to keep my machine secure because it's really hard to do it effectively.



[ Reply to This | # ]
Security considerations prior to hardware service
Authored by: ghay on Aug 11, '06 09:51:20AM

From an Apple Tech a *LOT* of the problems I see are software, and may not reproduce in another user account.

In any event, if the tech doesn't have the password he will simply reset it to something to allow his access. It is worth noting that Apple does not guarantee data safety during repairs. If a tech deems it required to wipe and re-install that will happen. Service providers are allowed to charge for backup services, so I would just backup at home and wipe your important data as shown here.



[ Reply to This | # ]
Security considerations prior to hardware service
Authored by: phil@hms.harvard on Aug 11, '06 09:55:57AM

This is certainly a valid issue, as is the suggestion. Where the laptop is going to Apple, there is a good chance that they will just reformat/restore the drive anyway, especially if there is any hint of OS issues. From my perspective though (which is that of an Apple certified tech, working 2 jobs at 2 different authorized service centers), there are many issues where the problem is not 'really' OS specific, but user specific. Running the standard suite of disk utilities can often times remedy these issues, as can creating a test account to isolate the problems. Ultimately it is quite common that the only solution will be to examine the users Library folder, and perform repairs at that level. Certainly, changing the password prior to service, if possible, is advisable. I "NEVER" ask for passwords; it's so quick and easy to reset to a common password, then ensure the customer changes it back (the downside being they usually don't- but then they can't blame me for knowing their password). From a slightly different perspective, I very rarely have ever had anyone question the security of their data, whether being service in house or shipped out. Not saying it's right or wrong, just not a common issue.



[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: ibroughton on Aug 11, '06 10:27:52AM

Just have your home directory on an external hard drive. When you ship your machine you know that none of your valuable data is being passed around the repair centre (I know it happens, I used to work for a large UK computer company) and secondly, you have very little to do when your machine gets back to you as the data never left you!

Or am I missing some point here?

---
The server is up but the site is down and I don't know which direction you are trying to go



[ Reply to This | # ]
Some random thoughts on this...
Authored by: babbage on Aug 11, '06 11:07:52AM

The advice in this hint isn't bad, but it's more than a little paranoid, and it seems to overlook the fact that if someone else has physical access to your machine, they can more or less do anything they want with it -- mount in firewire target mode and browse the full filesystem, put the hard drive in another computer and browse it that way, etc. A lot of these steps are a lot of work that won't really get you around that problem.

That said, I wouldn't worry about it too much. The people doing these repairs are extremely busy, and generally won't have time (or interest) in poking around on your hard drive in the first place, unless they're trying to reproduce a problem. It's a bit like having to get undressed for the doctor at a physical exam -- it isn't a sexual thing for the doctor, they've seen it all before and are not really interested in you, they're just quickly checking for problems before moving on to the next patient.

Here's what I'd suggest instead:

  1. Always do a full backup before having anyone work on your computer. Even if the original symptoms don't suggest it'll be necessary, the technicians may decide the best solution is to erase or replace the hard drive, and you cannot depend on them contacting you before taking this step. Remember: their goal is to get through as many repairs per day as possible, and to get each repair turned around as quickly as possible. They are not going to be interested in playing phone tag with you to get an admin password when it would more expedient to just reset the password or wipe the hard drive, especially when you signed a form up front stating that the repair technicians are not responsible for data on the computer.
  2. Since you've already got a backup, if you're paranoid about people poking around, just erase the drive before the repair. That way there's no personal data to eavesdrop on. Better still, since many problems turn out to be software, you may find that an erase & install solves the issue you were having. And if it doesn't, you can use that as a data point in discussing the issue with technicians: "I'm seeing behavior X with my computer, and it keeps happening after I erased the hard drive, so I don't think it's software."
  3. If you're not paranoid about eavesdropping -- and again, I wouldn't be, these people are generally way too busy for that -- then a reasonable compromise between erasing the drive and doing nothing at all is to set up a test account with administrative priviliges, and provide the username & password for that account with the repair. This again gives you a data point to provide the technicians: "I'm seeing behavior X with my computer, and it keeps happening under a new, empty user account, so I don't think it's a user settings issue." (Just remember that this doesn't eliminate the need to do a backup first: it just saves you the hassle of erasing first, and may eliminate the hassle of having to restore things afterwards.)
  4. If you're not at all paranoid about eavesdropping -- and again, this probably isn't unreasonable most of the time, but know that you're taking a chance -- then just send the computer as is, along with your admin password. This has the benefit of being the least hassle, but again it doesn't eliminate the need to do a backup, and it does have the risk of someone snooping. I just happen to feel that risk is low. Nonzero, but low.
  5. If you're very paranoid about your data, and you have a backup, and you want a quick way to lock everything up that is likely to be robust against someone with physical access to the computer, consider turning on FileVault and turning off auto login. This would eliminate the need for most other steps -- clearing out Safari history, etc -- since your whole home directory becomes one encrypted disk image. To allow the technicians to do the repair, set up a second admin account for them to use. As long as they don't have your admin password, they will not be able to unlock the contents of your home directory. Just be aware that if they have to erase or replace the drive, you're going to have to restore from backup, but again that's true with every other option here.

As for the specific suggestions given, some thoughts:

  • Putting a sticker saying "call xxx-xxx-xxxx" instead of providing a password up front is clever, but probably futile. Again, these people don't have time to play phone tag with you, so if they can't get through to you on the first call, they'll probably just give up & erase the drive instead. Remember, these people are very busy and the repair facility may be an around-the-clock operation; a technician working on your machine at 3am probably won't feel it's appropriate to give you a call, and you probably don't want anyone calling you then anyway. Again, it's better to create a secondary admin account for them to use -- username & password both "test" or "apple" or something obvious like that.
  • Deauthorizing iTunes is excellent advice, and often forgotten.
  • Most of the application-specific advice -- turn off .Mac sync, delete keychains, wipe web browser settings, wipe Mail, etc -- become moot if you use FileVault.
  • Setting a firmware password is the ultimate in paranoia. There's good reasons to do this -- say, you don't want info on your laptop falling in to the wrong hands if stolen from the airport or coffee shop, etc -- but preventing technicians from doing their job probably isn't one of those good reasons. Again, it's like being paranoid about the doctor seeing you naked -- get over it, that isn't interesting to someone in that role. Either turn off the firmware password, or provide the password to the technician that's taking the repair notes. Don't think that setting such a password wil protect you -- there are easy ways to get around it if you have access to the machine, such as changing the RAM configuration (pull out a DIMM and the password restriction goes away) -- it just slows things down for the (generally honest) person that's trying to help you with your broken computer.
  • Installing antitheft software isn't a bad idea, but be aware that it's easy to circumvent, not least by just erasing the hard drive. If you're worried about this, something like Lojack for laptops might make more sense, but better still would just be to make a backup, make sure your serial number & machine configuration is documented at home, and contact your insurance company about a claim if it turns out the computer has been stolen. In all liklihood, if the computer is lost or stolen while in the possession of a repair facility, they will take responsiblity for providing your with a replacement for it, whether or not the legal release form you signed says they will do so or not. (Taking care of the customer in such a situation is just good business sense, so usually they'll do what they can to help you here, as long as you cooperate with their efforts to help you.)
  • On some computers it's easy to remove the hard drive before the repair. Don't be tempted by this. If the repair facility receives a computer that is missing major components, they won't be able to properly reproduce the symptoms & isolate the cause, and can either refuse the repair, or requote it at a much more expensive rate. Even if the problem is "obviously" not related to the hard drive or the data on it -- say, the computer isn't turning on at all, or none of the I/O ports work and the behavior is the same while booted from an external hard drive -- the repair facility will need to verify the symptoms on the whole system prior to the repair (to elliminate the possibility that the missing hard drive is causing the problem), and will need to verify that the symptoms are resolved after the repair is done (which won't be possible if you can't boot to a state where the system is working normally.) Again, if you cannot allow any risk of the data being eavesdropped, then you're better off erasing the drive before the repair.

Above all, keep in mind that these people are trying to help you, and if you make it difficult for them to do their job, either by being antagonistic about the data or the passwords or what have you, you're mainly just making it slower and harder for them to help you. Paranoia has a place, but keep things in perspective -- the main thing you want is to get back a working computer as quickly as possible, and the main thing the technicians want is to finish your repair as quickly as possible so that they can move on to the next customer.

(By the way, I've written all of this in an abstract way, as it should mostly all apply regardless of who you're having work on your computer -- Apple, CompUSA, Geek Squad, the independent shop in your town, whatever.)

---

--
DO NOT LEAVE IT IS NOT REAL

[ Reply to This | # ]

Seucrity considerations prior to hardware service
Authored by: jonnycrunch on Aug 11, '06 03:05:40PM
I, personally, am ultra-paranoid about all of my information stored in my peripheral brain that is my laptop and don't let anyone have access. If I am sure that i am dealing with a hardware problem my solution is to swap out my harddrive with one with only the basic Mac OS X installed with it set for automatic login ( I use an old 4Gig). This serves two purposes: one is that it helps be determine if I am dealing with a Software or hardware problem and two, my peripheral brain isn't open to prying eyes while it is being serviced. I also agree with the importance of regularly scheduled automatic backups as suggested in multiple hints here at macosxhints.com.

[ Reply to This | # ]
Seucrity considerations prior to hardware service
Authored by: babbage on Aug 12, '06 10:40:42AM

In theory, if you submit a computer for repair with a major module such as the hard drive replaced by a third party component, then you're out of warranty coverage and the repair facility doesn't have to cover the repair. Enforcement of this may be spotty, but it's worth being aware of.

Again, if your data is private and you don't want someone seeing it, then make a backup and erase the drive before the repair. If it's really private and you're afraid of them using tools to try to recover erased data -- hint, they won't, but if you're paranoid you're not going to believe me anyway -- then use a multi-pass erase to scramble & zero out the disk. And if you're really really paranoid, then go ahead and swap the drive, but just be ready for the possibility that the repair will be declined.

---

--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]
Unbelievably stupid hint
Authored by: voldenuit on Aug 11, '06 10:54:59PM

I can't believe Rob even ran this piece promoting a sense of naive pseudo-security.

Anything but Robs comment to the hint is complete bunk if your data is of any value to you.

Zeroing the drive before installing a clean system adds a tad more of security if someone is really out to get you...



[ Reply to This | # ]
Professional
Authored by: macubergeek on Aug 12, '06 12:45:55PM

I do Infosec for a living and I'll tell you that this suggestion provides absolutely no security whatsoever. As long as anyone can touch your computer they own your computer. Boot off an install cd and reset the root password, target disk mode, yoink the drive out and mount it under a linux filesystem with hfs support etc etc. and those are just the suggestions off the top of my head. Your only protection is to pick an honest repairman(woman).



[ Reply to This | # ]
More harm than good...
Authored by: harleyb on Aug 12, '06 05:09:59PM

As a senior tech at a large Canadian AASP, I can tell you that if our clients followed this information, my job would get quite a bit harder and the quality of the repairs would go down the crapper. Look at it from the tech's point of view: I'd say more than half of the repairs we get are either entirely software, or will only happen when logged onto the client's account. In this case, in the "repair" account, we won't find the problem, and we'll bill you for the time we wasted trying to find it.



[ Reply to This | # ]
I don't get it !
Authored by: mag on Aug 13, '06 07:29:44AM

Seriously, seeing how trivial it is to change the admin password when you have access to an OS X install disk, I just don't understand why Apple needs your password. I've had 2 serious repairs done on an iBook, both serviced by a reseller (not Apple), the first one was a motherboard swap, the second a change of optical drive. I've never been asked for any password. Only the 2nd time I had a post-it note on the machine giving me the new password that had been changed by the technician so he could test the new drive. The only time I could see a need for a password is if you've enabled it in the firmware.



[ Reply to This | # ]
Wipe the drive, install clean System
Authored by: k2r on Aug 13, '06 04:01:53PM

I always backup my system and reinstall a blank system before sending anything in.

It's a PITA on windows-systems but on Macs it only takes an hour or so.

Make a complete backup to an external disk using CarbonCopyCloner.
Boot from external disk to see that everything is okay.
Wipe the internal disk if you are really paranoid.
Reinstall system from the Installer-CDs.

When the system comes back - boot from external disk and use CarbonCopyCloner to clone your system back to the internal disk.
Takes another hour or so.

And: Always have backups.



[ Reply to This | # ]