Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Firmware password now more secure

Firmware password now more secure
Thread Tools
AKcrab
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status: Offline
Reply With Quote
Mar 11, 2011, 01:03 AM
 
MacBook Air (Late 2010) and MacBook Pro (Early 2011): Recovering a lost firmware password

From now on it's going to take more than physical access to the machine to beat a firmware password.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Mar 11, 2011, 01:31 AM
 
That's a good thing.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Mar 11, 2011, 06:19 AM
 
Not necessarily — all this tells us is there's not a recommended way to beat the firmware password. For all we know, the MacBook Air could be set up exactly the same way as existing Macs, since resetting the password on those requires rearranging the RAM, the RAM is not a user-accessible part on the MBA. Not sure about the MBP, although it stands to reason that if Apple technicians are able to defeat the firmware password, then there has to be some way to do it, which they are using.

I don't think it's ever possible to be 100% secure when the person you're trying to keep out has physical access.

edit: Actually, I doubt the process is different at all. Apple's knowledge base suggests the same thing for the 2008/2009 models, and I can't find any articles detailing the process for other Mac models, so my guess is that they have decided to add a solution to their knowledgebase site for people who have forgotten the firmware password, without broadcasting the weakness of said passwords for all to see.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Mar 11, 2011, 07:37 AM
 
^^^ That makes sense.

If the Apple Store can do it, ANYONE can do it. It's just a matter of knowledge and some tools.

-t
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Mar 11, 2011, 10:19 AM
 
Not to mention that the method will leak to the internets. It's only a matter of time.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Mar 11, 2011, 10:22 AM
 
Most definitely.

-t
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Mar 11, 2011, 11:16 AM
 
Depends. Physical security is a question of how long something takes. Switching the RAM around takes a few minutes. If it takes 30 minutes to reset, then that's a Good Thing. If it takes as long as it does today, then it's just annoying.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
AKcrab  (op)
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status: Offline
Reply With Quote
Mar 11, 2011, 03:43 PM
 
I can't say much more on this topic, but I think it will be a while before someone figures out how the new system works. I can say that the new process is certainly MUCH different than the old way.
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Mar 11, 2011, 05:25 PM
 
Originally Posted by Person Man View Post
Not to mention that the method will leak to the internets. It's only a matter of time.
I could detail the entire process here and non-Apple personnel would still be unable to disable the EFI password.
Vandelay Industries
     
AKcrab  (op)
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status: Offline
Reply With Quote
Mar 11, 2011, 05:26 PM
 
That's a great way to put it, Art.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Mar 11, 2011, 06:10 PM
 
I'm guessing challenge-response via serial number through Apple's repair tracking system.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Mar 11, 2011, 06:58 PM
 
Sounds like Apple actually DID improve security.
Good to know.

-t
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:10 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,