0

I recently gave my laptop to Apple for repair, and they required my admin password. Of course I supplied a temporary password, but they still had access to the admin account.

I trust Apple, but I'm still a little paranoid that someone may have added something malicious to my computer during that time. I dropped my computer off a few days ago and received it today, so I simply ran find / -type f -mtime -4 and manually checked for anything strange, but found nothing.

I don't know if the above is very effective since an attacker could just use touch to change the creation dates.

I also ran a ClamAV scan (though I'm not sure if it's that good on OS X since it's really a Linux tool?) which found nothing.

Is there anything else I can do to ensure the integrity of my OS X system?

Sully Chen
  • 103
  • 2
  • So you trust Apple by using its hardware and a variety of software from Apple (like the OS) but you are not sure if you should trust their repair service? Where do you draw the line in what you trust and not? Given that the repair service has full access to the system undetectable changes could be done but also hardware changes could be done like adding a key logger. – Steffen Ullrich Jun 30 '17 at 06:18
  • Ah, I should have clarified -- I'm more concerned about the individuals doing the repairs than Apple itself. – Sully Chen Jun 30 '17 at 07:16

1 Answers1

0

Modification dates are not trustworthy at all. ClamAV doesn't even scan for Linux malware, it just allows a Linux machine to find Windows malware in files that it hosts.

Without physical control of the machine it is certainly possible that someone could have installed malicious hardware such as a keylogger or modified existing hardware, but that would be a relatively expensive thing to do for no reason. Do you have a reason not to trust the Apple repair employees? Are you concerned about a specific threat?

Installing malware would be the most likely "drive by" attack since it is basically free. The most effective way for you to ensure the integrity of your system in this case would be to perform a fresh install of the operating system onto a clean wiped disk. Backup your important files, but not any executable files. Change all of your passwords from the freshly installed operating system.

I cringe at the thought of sending my machine in to a repair place, and probably would do the system wipe immediately at a minimum. I would have wiped the machine before sending it as well.

trognanders
  • 2,925
  • 1
  • 11
  • 12
  • Ah I see. It was an official Apple repair site and I suppose I don't have any reason to worry, but I'm just paranoid haha. I might do a clean wipe in that case just to be safe. Thanks! – Sully Chen Jun 30 '17 at 18:27