Overclock.net banner
1 - 8 of 8 Posts

· Registered
Joined
·
184 Posts
Discussion Starter · #1 ·
Hey all,

So my sister was recently given a Mac by her ex-husband. This Mac was apparently freshly formatted, but when she took it home, it automatically paired with her iPhone and iPad. She is now concerned about the possibility that this seemingly innocent gift, was given to her in order to spy on her.

I don't know much about Macs, but I wanted to find out if there is anything that her ex-husband could have put on this Mac so he could have access to her emails or texts, or even the possibility of knowing where her Mac was with some form of GPS tracking. I know that spyware and viruses are more difficult to place on Macs, but that it is possible. Also, her ex-husband is a pretty tech savvy guy and he knows a lot of people in the computer industry, so if this type of thing is possible, he would have access to it.

So, am I being paranoid here? Is there any software we should be looking for? I told her it might be in her best interest to reformat the Mac again, but I am not sure how easy it is to even do in the first place.

Any help here would be appreciated.

Thanks,
Rylant
 

· Goodbye
Joined
·
10,785 Posts
Just factory restore the mac.

Step 1

To start, make sure that all of your files are backed up elsewhere. When you revert your MacBook Pro back to factory settings, you will also be wiping out all of the data on your hard drive. If there is anything you want to keep, take the time to move it all onto an external hard drive.

Step 2

Once your files are backed up, shut down your MacBook Pro. Plug it into the AC adapter, and then boot it back up. Finally, press and hold "Command-R" (the "Command" and "R" keys at the same time) to start the restore process. Hold these keys until the Apple logo appears on the screen, and then release them. You will be taken to an alternative boot screen with a "Mac OS X Utilities" menu.

Step 3

In order to complete a system restore, you will need to connect your computer to the Internet. Select "Wi-Fi" from the Utilities menu and find the router you will be using. Enter your Wi-Fi username and password to connect.

Step 4

Depending on which version of OS X you are using, your Utilities menu will be slightly different. Look for either "Internet Recovery" or "OS X Recovery," and select whichever one you find. This should present you with a "Reinstall OS X" option. Click on it, and then wait as your MacBook Pro connects to the Internet and gathers information on your laptop from Apple servers.

You may be prompted to provide your Apple account information, including username and password. If so, provide it. In any case, this process will eventually reach the point where your MacBook downloads the latest version of OS X, as well as the standard programs that Apple includes pre-installed on every laptop. Your hard drive will then be automatically formatted, and the computer will restore itself to factory settings.
 

· Registered
Joined
·
2,234 Posts
I would be careful actually with backing anything up. You don't want to save anything that could be spyware on the computer. If you want to be extra safe, full format the HD and set it all back up again. If it is a new computer, it will have internet recovery which can be booted to. That is what I would do if you suspect craziness.
 
  • Rep+
Reactions: Rylant

· Premium Member
Joined
·
13,477 Posts
If it were me, I would have some fun trying to find anything malicious on it. But if you're not that kind of person, then I would probably just format the thing and start over, which should be easy since you say that it was "recently" given. It's probably the safest thing to do in any case, from anyone.

Oh, and always tape up your webcam/mic - or remove (unplug) it altogether if you doubt you will ever need it.
 
  • Rep+
Reactions: Rylant

· Registered
Joined
·
4,503 Posts
One of the odder things about macs is they don't have firmware as such. There no flashing, you just write to it. A HD wipe won't do the firmware. A true paranoid would reset the firmware to factory spec as well, after making a copy of the original just in case it is Spyware so you've got some proof.
 

· Data Recovery Engineer
Joined
·
24,814 Posts
Reflashing the firmware on that machine would be... difficult. Firmware flashing on a Mac is a pain in the but and if it bricks, then new board.

Just reformat the system and start fresh, then things should be fine. I get a lot of this crap come into my store and most of the time it is people wrapping themselves into a tisy for not apparent reason.
 

· Data Recovery Engineer
Joined
·
24,814 Posts
That does not reset the firmware on a Mac... that reset PRAM (Command + Option + P + R). This is NOT firmware, but a type of non-volitile memory that stores the following:
Status of AppleTalk (old and no longer used)
Serial Port Configuration and Port definition (no longer used)
Alarm clock setting
Application font
Serial printer location (no longer used)
Autokey rate
Autokey delay
Speaker volume
Attention (beep) sound
Double-click time
Caret blink time (insertion point rate)
Mouse scaling (mouse speed)
Startup disk
Menu blink count
Monitor depth
32-bit addressing (now 64bit)
Virtual memory
RAM disk
Disk cache

Security keys for iMessage is also stored in PRAM.
The firmware on the Mac is similar to that of BIOS (but closer to UEFI used on modern motherboards) and it is required for the system to even work and is used in pretty much the same way as PCs. However, they do have extra bits like SMC (System Manage Controller) and PRAM (Parameter Random Access Memory) All systems, regardless of what they are, have firmware/BIOS/EFI/UEFI on them that controls various aspects of the system, initiate the boot process, boot manage, so on and so forth.

Just as an FYI, I work with Apple computers daily for a living (NOT an Apple Genius). Yes, they do things differently than a PC, but there is also a lot of things that are shared with PCs as well, since they are no longer PowerPC based (even then they worked in a very similar fashion).

This attack goes after the firmware that controls the Thunderbolt ports and interfaces directly with the firmware (BIOS if you will) of the system itself. This allows the firmware (bios) of the mac to be overwritten with modified version of what the attacker wants (at least, that is how I understand it).
 
1 - 8 of 8 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top