ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Security vs. convenience: Apple chooses poorly

By | August 18, 2008, 6:06am PDT

Summary: Guest post by Oliver Day My PowerBook is in the third year of its life and has begun falling apart on a regular basis. I’ve had the laptop in for repair at least five times this year alone. Every time I bring my laptop in Apple employees ask me the same question: “What is your administrator password?” The [...]

Guest post by Oliver Day

My PowerBook is in the third year of its life and has begun falling apart on a regular basis. I’ve had the laptop in for repair at least five times this year alone.

Every time I bring my laptop in Apple employees ask me the same question: “What is your administrator password?”

The first time I heard this question, I thought he was joking. Apple is not kidding.

Apple chooses poorly

They have offered every excuse imaginable for this practice but none have come close to convincing me to refuse to hand over my password. Sometimes the technicians would even try to intimidate me by saying that they might not be able to continue the repair if I refuse. One technician even tried to charge me an additional $100 for the installation of OS X for failing to divulge my password. The claim was that he had to perform additional work since I refused to cooperate.

This is official Apple policy and it needs to stop.

Consumers should never be asked for their passwords. It is a practice that defies logic to anyone that is trained in security. Given the state of the art in live OS distros, there is absolutely no reason that Apple should ever need access to consumers files for hardware repairs anyway. It isn’t as if technicians haven’t been caught pilfering files from users in the past.

When bringing Apple computers in for repairs, I strongly recommend that users do the following until this is resolved:

  1. Create a clone of the boot drive.
  2. Secure erase the contents of the drive.
  3. Install a fresh copy of the operating system.
  4. Re-image the drive once you receive your computer back.

This adds all kinds of time overhead to a process which already sets the consumer back.  All because Apple still believes this is a valid way to treat its customers.

(Image source: QiFei’s Flickr photostream — Creative Commons 2.0)

* Oliver Day is a security researcher at StopBadware.org, a project of the Berkman Center for Internet and Society at Harvard University.  He has over ten years experience in web and network security, working for companies including @stake, eEye, and Rapid7.  Oliver’s blog can be found here.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Password, Apple Inc., Oliver, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
126
Comments
Add Your Opinion

Join the conversation!

Just In

They've never asked me for one...
astro_z 25th Sep 2008
I frequently drag my users' dead (or dying or squeaking or white-spotting) Macs to the Apple store for service, and i've -never- been asked for the admin password in the last four years.

'Tis a good thing, since i usually didn't know them.

--dick
View in thread
0 Votes
+ -
What if..
msalzberg 18th Aug 2008
they need to install diagnostic software?
0 Votes
+ -
You can't
Real World 18th Aug 2008
run diagnostics on a Mac from a bootable disc?
0 Votes
+ -
Absolutely not true!
Intellihence 18th Aug 2008
0 Votes
+ -
lol
rtk 18th Aug 2008
reread the post, it was a rhetorical question.
0 Votes
+ -
It wasn't even that!
GOTBO 27th Aug 2008
It was an easy mistake to make given that the whole construction of the sentence is wrong and subsequently misleading. Any sentence beginning with "You can't" is deemed to be a statement not a question. If you extend "You can't" to it's unabbreviated form you get "You cannot" and of course this doesn't make a question in any shape or form. To turn this into a question the original author should have started the sentence with "Can't you", or to use proper English, "Can you not"!

Is it any wonder there are so many problems in the world when people find it so difficult to communicate at such a basic level?
0 Votes
+ -
Slowly rock from side to side
Real World 12th Sep 2008
That should help dislodge that stick in your butt.

The question mark made it a question. The statement was not grammatically incorrect. Maybe it could have been better, but it was fine and the meaning was unambiguous.
0 Votes
+ -
What if the technician ....
ShadeTree 18th Aug 2008
... booted to an external drive containing a clean OS and the diagnostics to do his testing? Nice try at defending a bad practice, however!
0 Votes
+ -
Booting from a clean disk...
msalzberg 18th Aug 2008
can't always tell you what's happening on your problematic
one, does it?

Nice try at pretending to understand troubleshooting,
however!
0 Votes
+ -
Are you sure about that...
Sleeper Service 18th Aug 2008
...given the tools available?

Because I think you're wrong.
0 Votes
+ -
Yes, I'm sure.
msalzberg 18th Aug 2008
Not everything can be diagnosed or solved without actual
access to the boot disk.

Driver issues, for example.
0 Votes
+ -
I think he was saying...
shadfurman 20th Aug 2008
for hardware issues, you don't need the password.
0 Votes
+ -
Sure it does.
ShadeTree 18th Aug 2008
If the problem remains you have removed the software load as a source of the problem If the problem is gone it indicates a problem with the hard disk or the load.

Nice demonstration that you have no clue how to troubleshoot! Troubleshooting 101 would tell you the first thing you should do is determine if it is hardware or software that is to blame.
0 Votes
+ -
Deleted.
msalzberg Updated - 18th Aug 2008
NM
0 Votes
+ -
Nice demonstration...
msalzberg Updated - 18th Aug 2008
that you have no clue how to troubleshoot.

Troubleshooting 1: Reproduce the problem. If you can't
boot up the computer with the normal boot disk, you can't
do the job. Just because the customer tells you what's
wrong, you have to check for yourself. Ever bring your car
into a dealer? If you tell then the problem, they write
"customer states..." They check for themselves. And so
should you. You can't do that without access.

Of course, using your method, if you then determine it's
not the hardware, you then have to get access to the boot
disk. So now you've just wasted your time, and the
customer's time.

I know you want to just post bad things about Apple, but
in this case, they're not in the wrong.
0 Votes
+ -
Safety first
cquirke 19th Aug 2008
Nope, I don't start by "reproducing the problem", in case the problem case is itself destructive.

Instead, I re-establish each layer of assumption, before standing on that to fix the next.

Firstly: Is the system safe to run at all? The answer would be no, if the RAM is bad, or if it is prone to spontaneous lockups or resets. So the HD's taken out, and the rest of the PC left to run MemTest86 with boot disk removed (to more easily spot unattended resets that would otherwise restart the MemTest).

Secondly: Is the hard drive safe to operate? To test that, the HD drops into a "frame" system that never boots it. For PCs, I boot Bart a CDR and from there, backup files, then I boot BING and image C: - done in that order in case the HD fails midway through the image boot. Once that's done, I use HD Tune from Bart boot to check S.M.A.R.T. history detail, surface scan, and those details again in case they change.

Thirdly: Is the file system safe for writes? For FATxx 137G I can test with DOS Mode Scandisk, else I have to use ChkDsk (which gives no interactive control) from the Bart boot.

Fourthly: Is the code base safe to run, or is it infected? This involves running scanners and other tools and measures from Bart CDR boot.

By this time, I "know" I can trust the hardware to run the software properly, and the software to be free of deliberately-malicious software. I can now try problem repro, and other more specific steps.

Throughout all of this, I expect full access to all files on the system, and generally attain this by working "from orbit" e.g. Bart CDR boot. Anything I cannot access (for whatever reason), I cannot begin to assure you is malware-free.
0 Votes
+ -
yep
shadfurman 20th Aug 2008
so just get used to Apple techs rifling through your crap. Not big deal. Impossible to do without. Only way to get the problem fixed.

Hey boneheads, diagnosing for a PC or a Mac is the same process. I've never heard of a tech anywhere asking for a customers admin password without doing the work with the customer there. Yea if your in a hurry and want to give them it thats great, but if you don't want to... your computer can have everything a person needs to steal your identity without you even knowing its there. Specially if you have some sort of autocomplete feature turned on in your browser.

People that take their computers in to be fixed usually don't know enough about the inner workings to protect themselves appropriately.

No tech should REQUIRE in ANY sense your admin password. And it should be no big deal to refuse if they request it. Yes they might not be able to fix some problems, but they aren't even going to know until they look at it.
0 Votes
+ -
First Rule of Troubleshooting 101
kevin.denison@... 18th Aug 2008
The first rule of troubleshooting 101 is - Is it plugged in?
0 Votes
+ -
LOL!
shadfurman 20th Aug 2008
I've had that problem SOOO often!
0 Votes
+ -
What fantasy world are you living in?
bregalad 18th Aug 2008
Real users come to the "repair" shop when their printer runs
out of ink. They don't have backup drives, troubleshooting
software or the knowledge to do any of the things
recommended here.

Here's a real problem for everyone here. Customer can't
connect to the internet.

Let's follow the advice in the article and comments and see if
its even possible to solve this problem.

Boot from an external drive and check the hardware. Great, it's
a software problem (customer pays more $/hour than Apple
pays for a hardware repair so shop is really happy). Customer
refuses to supply any passwords because they've been told not
to.

Shop can't go any further. Customer is pissed off that "genius"
can't solve her problem and never returns. Great strategy.
0 Votes
+ -
great solution
Hogleg 19th Aug 2008
so the solution to ignorance is asking for a password in defiance of best practices and violating the ineffable number one rule? Don't say such stupid things. Maybe you bank should ask for your pin every time you need help there. We could unify banking software...one version for everyone...save millions, dont you know? If the consumer comes to me and they can't get on the interweb, I charge the 50 bucks for their ignorance and fix it. I don't ask them to give their password to me and noone else. If its inconvenient, tough. That's why they call it a job.
0 Votes
+ -
Depends on the Problem
mikefarinha 18th Aug 2008
Thankfully I know how to fix my own PC from pretty much any disaster. However couldn't your situation be analogous to hiring someone to fix your stove without letting them into the house?
0 Votes
+ -
But
Real World 18th Aug 2008
you get to stand there and watch the guy fix your stove. You can see if he tries to make off with the fine china. Does the Apple tech let you watch every click and keystroke when hes logged in as root?
0 Votes
+ -
Safe Computing
mikefarinha Updated - 18th Aug 2008
I would definitely make backups of everything I could before I would let my PC out of my control. And I agree that I would trust a 'Mac Genius' about as far as I could throw one, however I think you're preaching to the choir here. Most people that read tech news probably have the skill to remedy most of their problems.

The problem here is obvious. Troubleshooting a computer requires access to critical system resources, which are locked behind the admin account. How would you expect someone to fix a problem when they can't access anything?

Complaining without any constructive criticism is just a rant. Do you propose any solution?

A lot of 'security experts' I've run into are heavy on scare and light on solutions.
0 Votes
+ -
I'd have to say
Real World 18th Aug 2008
no, I'm not proposing a solution, because I never would have created a policy that requires a customer to give me root to troubleshoot his/her system. Ditch the policy. That's my solution.
0 Votes
+ -
Perhaps it depends on the point of view
mikefarinha 18th Aug 2008
Maybe I'm not seeing this the same way you are. What exactly was the problem that needed to be fixed?

What type of problem would you need to take in your Mac to be fixed that wouldn't require the root password?
0 Votes
+ -
Well, in your Real World...
msalzberg 18th Aug 2008
what do you do when you then determine you need access?
Call the customer, and have them give you the password
over the phone (how do they know who you are?). Or do you
ask them to come back to the store to give it to you?

You can ditch the policy, but then you can't fix all of the
problems with the malfunctioning computers.

That's how it is in the real world.
0 Votes
+ -
Follow the advice in the article(nt)
Real World 18th Aug 2008
.
0 Votes
+ -
I'll ask again.
msalzberg 18th Aug 2008
What policy would you set that doesn't allow service
technicians access to the computer, and yet still allows them
to do what is necessary for repair?

How would you make that work? In the Real World, that is.
0 Votes
+ -
Fine
Real World Updated - 18th Aug 2008
Well, if you're done trying to play off my screen name, I'd adopt the best practices used by just about every competent IT shop out there. Never, EVER divulge your password. Ever. In corporate IT shops, the technicians have root (or admin) on the systems. In consumer IT, companies like Dell and Lenovo request that you REMOVE THE HDD before shipping the system back for repair. If there is a problem specific to the account, my advice would be have the customer log into the system for the tech and watch everything the tech does, so that they cannot later claim that something nefarious was done "in their name".

Right, wrong or indifferent, I hope that answers your question.

*Edit: fixed grammatical error.
0 Votes
+ -
It makes no sense to me...
msalzberg 18th Aug 2008
to ask someone to troubleshoot a system if I'm not giving them the entire system. Remove the HD, and the system is compromised, in terms of ability to troubleshoot a problem.

Maybe that's why Apple's customers are so satisfied with Apple's support, and Lenovo's and Dell's are significantly less so. Check out PC Magazine's survey.
0 Votes
+ -
Not really
laura.b 18th Aug 2008
It would be analogous to hiring someone you have never met before to fix your stove and handing him the key to your house so you can run around town while he works instead of staying there with him, all the while trusting that he won't make a copy of the key and rob you blind.
0 Votes
+ -
Even without the password
itguy08 18th Aug 2008
You can get at all the data and make a copy of it.

None of the OS's (Linux, OS X, Windows) have drive encryption turned on by default.....

20 mins with a Linux boot CD and I can get all your data, password or not.
0 Votes
+ -
I didn't say
laura.b 18th Aug 2008
That there was a better way to do it. Even if you are standing there watching the guy fixing the stove, if the phone rings and you go to answer it, he may rip off some of the fine silver, but you did what you could, and sometimes sh*t happens. I was saying that there is a clear distinction between what the OP said and what the level of security threat actually is. It may not be wise to trust those working on your system, but you have to on some level. If you have sensitive data, you should take measures to protect it if you have to hand you computer over to someone else. That is akin to staying at home with the guy working on the stove, as opposed to handing over the key to all your stuff.
0 Votes
+ -
Re: Not really
mikefarinha 18th Aug 2008
"It would be analogous to hiring someone you have never met before to fix your stove and handing him the key to your house so you can run around town while he works instead of staying there with him, all the while trusting that he won't make a copy of the key and rob you blind."

All you're proving is that you can take my analogy out of context. The fact of the matter is that if you want someone to fix something you have to give them access to fix it.
0 Votes
+ -
Not out of context
laura.b 18th Aug 2008
Letting someone in the house is not the same as letting them come and go as they please.


And handing over a computer with the password and all your data on it is not the same as taking some type of preventative measures to protect that data.

You have to give them access to fix it, but that doesn't mean handing over the key to the motherload. Back up your data and wipe you harddrive, don't just trust people to give you back your data intact, anymore than you trust a stranger with unlimited access to your home.
0 Votes
+ -
The answer needs strong data / code edge
cquirke 19th Aug 2008
Changing the policy isn't the answer, because as comments have pointed out, you'd no longer be able to properly troubleshoot the system.

Changing the scope of user account protection from protecting the system, to protecting the user's data, is an answer that needs something else in place.

It's not enough to prevent techs accessing user data; that user data has also to me made incapable of causing system problems. If this is not in place, then the tech cannot exclude system problems that are hidden in the user data that he's blocked from access.

That boils down to a hard edge between data and code. So far, no OS has this in place, so no OS developers see it as something they need to do.

If I can trust your hidden data to have no code capabilities, and therefore no malware code risk, I can ignore it when I fix your system. Else, if you force me to ignore it by blocking my access to it, you have to accept that I may not be able to do my job properly, and your problems may persist.

In practice, exploitable code defects mean you can attain the data / code edge only as deeply as the design level. If that is the case, then "data" shaped to exploit internal code surfaces may cause malware activity to persist from your hidden data stores.

To attempt to fix that, you'd need another hard edge; that between the data you create, and the stuff that enters the system from the outside world. That, too, is poorly applied by today's OSs.

So, in summary:
- block access to data, not system
- exclude code from blocked-access data
- keep incoming crud out of blocked-access data
0 Votes
+ -
More like...
euph0ria Updated - 19th Aug 2008
"However couldn't your situation be analogous to hiring someone to fix your stove without letting them into the house?"

I think it might be more like hiring someone to fix your stove unsupervised and not giving him the combination to your safe.
0 Votes
+ -
Based on history, OS X admin password isn't needed
NonZealot 18th Aug 2008
OS X has so many holes in it (as things like PWN2OWN prove) that the admin password isn't really required.

Besides, unless you've encrypted your drive, physical access to your computer is all anyone needs to "steal" your information if that's what they want to do.

Boot into single-user mode

Within 30 seconds, they have root access to the drive.
0 Votes
+ -
What holes?
itguy08 18th Aug 2008
You mean this:

http://www.channelregister.co.uk/2008/03/28/mac_hack/

"Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing."


So basically a flaw in SAFARI (NOT OS X) let a user in....

Hmm, sounds just like IE Exploits. Difference is that I can freely remove Safari without consequence. You can't do that with IE.
0 Votes
+ -
No you *CAN'T* remove Safari
rpmyers1 18th Aug 2008
Webkit is built into the OS as much as IE is built into Windows.

You can kill the main executable, but you can kill the main executable of IE trivially as well.
0 Votes
+ -
lol
isulzer 18th Aug 2008
either way if you read the details of the bug, you'll notice that it requires a user to be logged in and click on something. You don't need to exploit anything to get all the files off a computer. Unless the drive is encrypted, in which case they WOULD NEED the password to do ANYTHING. Unless they wanna spend a few days decrypting the drive.

Basically this guy is dumb and ryan is dumber for posting this; as any repair shop will ask for the password to be able to boot the computer and test its original conditions regardless of OS. How else are you able to mimic the problems and repair them? What happens if you've altered something important like the hostconfig file(actually this is deprecated on OSX I think, but it can still cause problems)? There are ways to fix this without admin access, but... its so much more efficient to have it. They also need access to the log files on the drive. Furthermore you can reset the admin password on any system(OSX, Windows and Linux), unless the drive is encrypted.

There is no reason for not giving someone the admin password, as they can do anything they want without it. And since they are performing a service for you, make their lives easier.

And before you claim... but it was a hardware problem. The question is standard, because they cannot trust the user's judgment as to what is the cause of the problem. They also cannot trust the user to remember if they have turned encryption on. So they ask for the admin password, knowing full well that it may not be necessary and they could steal all the user information if they wanted anyway.

Now as to why ryan posted this... it seems to me he should be capable of knowing this, therefore the only reason would be that he is editorializing because he dislikes apple, which is sad. Because he really isn't isn't using a valid criticism and many readers trust him to provide accurate information. I guess this is a blog and should be classified as an editorial anyway... but these ZDNet blogs try to pass as news.
0 Votes
+ -
Last time I recalled Ryan mentioning he uses a Mac.
Intellihence 18th Aug 2008
I'm glad I don't have these problems, I work on all types of
electronics machines on my own. Currently I'm installing
Windows XP on my PPC Mac right now. YES, it's possible.
0 Votes
+ -
heh
isulzer 18th Aug 2008
He uses all OSes I would suspect. I do. So do many other people. The fact that I use windows doesn't mean I like microsoft. The fact that he uses OS X doesn't man he likes apple. I dont love either. Although... the fact that youre installing windows on an old ppc mac(as primary OS I guess.) is just plain weird. Itanium version with hacked drivers? That's as pointless as installing OSX on a non apple laptop(devices with no drivers etc.)
0 Votes
+ -
Yes you can...
itguy08 18th Aug 2008
Search for Remove Safari Mac in Google.

While it will not remove WebKit, it will get rid of the attack vector as the only things using WebKit will be the OS, which does not generally render HTML from the Internet (unlike Windows).
0 Votes
+ -
Yeah, Safari is the only thing thing that uses WebKit
NonZealot 18th Aug 2008
While it will not remove WebKit, it will get rid of the attack vector as the only things using WebKit will be the OS, which does not generally render HTML from the Internet

Or not...

WebKit is used in Apple Mail and iChat but it's okay because mail clients and chat clients are rarely used as attack vectors into the computer. wink
0 Votes
+ -
Safari can be removed, and it does not get hidden like Internet Explorer.
Intellihence 18th Aug 2008
I can remove Safari completely without any problems, unlike
Internet Explorer. If you were to completely remove Internet
Explorer from Windows, Windows would cease to work. That's
what Bill Gates and many others have stated when on the
anti-trust trial.
0 Votes
+ -
What does IE have to do with it?
NonZealot 18th Aug 2008
I thought we were talking about OS X? Why is it that whenever an Apple fan gets the least bit threatened, they bring up Microsoft? This has nothing to do with Microsoft. Apple lost the PWN2OWN contest because of Apple, not because of Microsoft.

Please itguy08, try to stay on topic. Thanks! happy
0 Votes
+ -
If you bothered to READ
itguy08 18th Aug 2008
I said your "gaping holes in OS X" argument is pure BS.

The hole is with Safari. Same as an IE Exploit (which there are thousands more). Difference is I can uninstall Safari. You cannot uninstall IE.
0 Votes
+ -
You'd better tell Apple that Safari isn't a part of OS X
NonZealot 18th Aug 2008
I said your "gaping holes in OS X" argument is pure BS.

Apple lists Safari as a feature of OS X

I guess you'd better tell them that they are wrong!

And you still haven't enlightened us as to why IE is to blame for OS X being the first OS to get hacked in the PWN2OWN contest. happy
0 Votes
+ -
Oh please mister zealot,,,
Intellihence 18th Aug 2008
Go back to Microsoft & tell them to start patching their OS's,
after all there are more than 20 exploits available for them
that Microsoft hasn't patched. Including Vista, it's been over
200 days. When does Microsoft plan on fixing these issues?
Perhaps when hell freezes over!
0 Votes
+ -
They've never asked me for one...
astro_z 25th Sep 2008
I frequently drag my users' dead (or dying or squeaking or white-spotting) Macs to the Apple store for service, and i've -never- been asked for the admin password in the last four years.

'Tis a good thing, since i usually didn't know them.

--dick

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix