Apple is doing a much better job than all the rest of the PC vendors. Even those vendors that I haven't published keygens for [1] have just stupendously unsound bypass mechanisms for BIOS passwords.
Nevertheless, physical access still means it's game over; and I consider that a feature, not a bug. Given that, it's actually a little amusing that Apple went to all that effort for something that can be defeated with nothing more than a full BIOS reflash.
Maybe not so amusing! As far as I know, you’ll need to take the machine apart to reflash it, plus special hardware — because when a firmware password is set, a Mac requires the password to choose a different boot disk.
with this feature, Apple HQ can give a service center the ability to clear a particular firmware password without giving them a universal backdoor (hardware or software).
> As far as I know, you’ll need to take the machine apart to reflash it, plus special hardware
This doesn't take very long. Maybe 5 minutes to disassemble the machine.
As for hardware, you can flash SPI chips using a Teensy and a clip chip. [1] The total cost of parts is under $30.
Incidentally, I highly recommend investing in one of these if you're doing firmware development for routers. It's so much easier to flash a backup than muck around with TFTP.
> because when a firmware password is set, a Mac requires the password to choose a different boot disk.
This is hardly unique to Apple. Most PC laptop manufacturers also disable changing the boot device or choosing a temporary boot device when a setup password is enabled.
> with this feature, Apple HQ can give a service center the ability to clear a particular firmware password without giving them a universal backdoor (hardware or software).
Um, this is how it works for PC firmware passwords as well. Unless there is a keygen available, most modern implementations use a hashed value from the serial number or hard drive as the master unlock password. It's unique to the laptop being unlocked.
The bypass algorithms have largely remained unchanged when the industry moved to EFI. Most vendors (Lenovo, Dell, Acer, Asus, Toshiba, Fujitsu, ...) simply wrapped their bypass algorithms into some DXE driver and called it a day.
I wonder what PCs would be like if Intel bought Compaq in 1991 with people like Rod Canion and Jim Harris staying on. I think they were there when Compaq reverse engineered the IBM PC BIOS for example.
These could be insiders working at Apple support centers or even Apple itself.
It makes me somewhat happy in a weird way to think that, even in notoriously locked-down and secretive companies like Apple, there are individuals who don't believe in and subvert the company's attempts to have sole control of its products. We have these individuals to thank for schematics, parts, and a lot of other material that feeds the third-party repair industry.
they're most likely allowing stolen computers to be used
Also those which have been recycled, or which someone has locked out accidentally, or deliberately to scam someone ( https://news.ycombinator.com/item?id=7993435 ), etc. Used computers from companies often have BIOS passwords that no one bothered to clear before sending them off. Not every computer with a password its current owner doesn't know is a stolen one. That's why I think this is a good thing --- I believe in the fact that if you physically own something, regardless of how you came to own it, you should truly "own" it.
If there are people inside Apple selling these SCBO files, I don't think they're doing so because they believe in subverting the control Apple has over their products, they're almost certainly just doing it because it's a simple way to make some extra money.
The various iPhone unlock services are a big example of this. As far as I understand it, they all ultimately end up working with insiders who (mis)use the official unlock facility, for a price.
This article is the kind that makes me sit down with a cup of coffee and read it top to bottom, even though I don't understand all of the low-level assembler details (but it's understandable without that). Security is important for everyone, not just security researchers.
Apple can create a file to reset the flash password (it does not require tampering with the physical flash chip). This password reset file is RSA signed, so third parties can't create one from scratch unless they have stolen Apple's private key (unlikely), or have contacts inside Apple willing to make the file for them (more likely—all it takes is one unscrupulous employee with access to the reset file generation program).
Apple has a backdoor for resetting firmware passwords via a special unlock file that must be cryptographically signed using Apple's private key(s).
In theory only Apple employees can sign the unlock files. How many employees have access to sign these unlock files? 10? 100? Every low-level employee? There may be some "bad apple" employees selling the signing of unlock files, some social engineering to trick Apple into providing signed files they shouldn't be, or a vulnerability the researcher has not found that allows attackers to bypass the public-key crypto implementation.
Since it's likely that every apple care center can perform this unlock there is a very good chance that there is a machine in virtually everyone of them that also has a service lab that makes these files.
The number of people that can unlock it is probably quite high, this isn't that different than removing an apple id from the device you need to go to the apple store with the device and proof of purchase and they do it for you.
Last I heard, service centers have to request these files from Apple on a case-by-case basis, so that only a small number of people need the ability to generate them. All of the complexity (writing a nonce to flash when the firmware password is changed, etc.) exists to make it easy for a service provider to apply an unlock when authorized.
I’d make a large bet that the same is true for removing Apple ID activation locks from devices.
I haven't removed an EFI password but I've removed an Apple ID from 2 devices and it was done in <30min at the Apple Store in Westfield (SB) London.
While It's likely that Apple has probably has some audit trail on these requests just the sheer amount of devices that are likely to need to undergo such procedure make it unlikely that there is some room in Apple HQ where 5 highly trusted engineers issue those files.
Even if you don't count all the end users that lock their devices and can't unlock them all the devices that are returned to apple, go in for a hardware replacement/fix or recycling need to undergo a similar procedure.
So If I would be asked to wager on how this process is done it would be that it's an automated process with an audit trail just like what many organizations use to reset account details, passwords and other things.
Even if the employees capable of directly signing the files make up a very small group, they would probably be authorizing over the phone or a similar indirect route. This opens the door to social engineering by anyone, employee or not, who knows what number to dial and what information to provide. The tech would be authorizing the file without seeing the customer's device and proof of purchase themselves.
To foolproof the system, you would need less than a dozen people trusted with the ability to sign the files, and require the device and proof of purchase to be shipped to them rather than allowing unlocks to be authorized remotely.
It's unfortunate that the last line of defense against a stolen machine, the firmware password, has a backdoor. I'd have expected a firmware password on a MacBook to be just as difficult to bypass as an iPhone's passcode. Apple refuses to unlock phones, but will gladly remove a firmware password on a real machine. Disappointing.
The OS X equivalent of an iOS passcode is FileVault. Its current incarnation (v2) uses full disk encryption and doesn't have a (known) backdoor. (v1 used per-user encryption but didn't protect the rest of the disk, and v3 might use AFS to encrypt the whole disk in a way that users can only decrypt their own data and shared areas of the filesystem, not other users' data.)
Firmware passwords are more like Activation Lock for iOS. They make it harder to reuse a stolen computer and stop some less-invasive tampering, but don't offer any guarantees about protecting your data.
Or the money-for-SCBO thing is a scam and you don't actually get a working SCBO. The YouTube video could easily be a fake by the scammer to trick people into thinking that they will work.
Edit: I guess this is the slightly better answer than simply yes or no:
"If you lost your firmware password you can now reset it yourself as long the SPI flash chip is not the new BGA type (newer Macs are using them but there is a sneaky debug port that can be used for this same purpose!). You just need a device to dump the flash chip, remove the variable and reflash the modified version, or directly remove the variable (I always prefer to full dump and reflash).
Of course this information can be used by thieves selling stolen Macs, but given
that there are already defeat devices being sold all over the web, this post does not reveal any previously-unknown secrets."
[1] https://dogber1.blogspot.com/2009/05/table-of-reverse-engine...