Hacker News new | ask | show | jobs
by golubevpavel 4515 days ago
Hm. What's wrong with FileVault?

I knew that there could be some issues with my laptop after service it Apple, they informed me about it. But I thought to myself, come on, it's just a minor cooler issue, they won't even need to login to fix it. How could they possible break anything.
1 comments
d0 4515 days ago
FileValult problems: http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-back...

AFAIK they don't login to fix hardware issues -- they netboot diagnostics software but on multiple occasions I was informed by people that Apple had "made a backup of their system" before a reinstall. What that entails and what the retention policy is, I do not know but I suspect unless they're doing a three-pass erase on their temporary storage devices afterwards (which is unlikely) then your data is easy pickings...

My MBP, which is incidentally knackered, is still FileVault encrypted. It will stop a casual theif getting in but not much more

link
tptacek 4513 days ago
So if I understand what you're saying here, you think that a thief working at the Apple store might have either themselves had access to your Apple ID, or was colluding with someone inside of Apple at Cupertino to get access to your Apple ID, so that they could steal $8500 from you?

Am I missing something about the story here or is that an accurate summary?

link
aroch 4515 days ago
So turn off letting your Apple ID unlock your FV volumes. A FV drive, that's locked cannot be unlocked just by having local access.

You authorize Apple to make a backup of your drive if yu're having work done that may cause data loss.

link
d0 4515 days ago
There is an issue with user switching and firewire/DMA that allows remote access as well as cold boot attacks but these are out of reach of most people.
link
acdha 4515 days ago
firewire / thunderbolt DMA access was fixed many years ago: if you enabled a firmware password, those buses have DMA disabled.
link
toomuchtodo 4515 days ago
Are you saying that if I have a firmware password on my MBA that my internal SSD is inaccessible via Thunderbolt externally (until I've entered my password)?
link
aroch 4515 days ago
No, but your TB device wouldn't have read access to physical memory (where keys would be)
link
acdha 4515 days ago
No - but it means that a device can't read your FileVault keys out of memory so all they can read is the encrypted volume.
link
rdl 4515 days ago
They generally do ask for a login on your system when you give them the machine for service. You don't need to provide it.
link