¶ On Privacy and Servicing Apple Devices

Yesterday my friend Adam asked me for advice on what he should do when taking his Mac in for service at the Apple Store.

The question is simple: Should the drive be wiped for privacy reasons?

The answer is equally simple: Yes.

That said, Apple shouldn't even be making a person consider this question. The problem in this entire situation is Apple requiring the admin password in order to service a device.

And it is indeed a requirement. I've been asked for my admin password on a Mac or the device unlock code on an iPhone by Apple Store employees before. And I have tried to refuse in the past, at which point the Apple employee will promptly cease helping you.

This is wrong. Apple should not require me to write down my password on a piece of paper and then take my device into another room for hours on end. Also, they do not inform you what happens to that piece of paper containing the password when service is finished. For all I know my encrypted drive could have been cloned and the admin password is now known in order to decrypt it.

Now, I'm the type that knows this dance with servicing devices, and I make a backup and wipe the device prior to service, using a simple generic password for the device during the service period. After I receive the device back, I need to spend a great deal of time restoring the device from backup.

It's inconvenient and unnecessary.

I have a proposed solution for this and Apple could build into every device they make. Create a service partition. A service partition of the device's storage would allow Apple to boot up and test the functions of the device without having access to user data. This partition would not have admin rights to the system, but would provide only the access necessary to run tests to ensure service was successful.

I imagine this being similar to booting up a Mac into Apple Diagnostics or macOS Recovery. With a Service Partition, core functions for testing would exist, without providing access to user data. No password is needed. Privacy is maintained.

Apple should build this into macOS, iOS, watchOS, and tvOS to protect their users and make servicing devices more efficient.

The Need for Encryption

Tim Cook wrote a letter to Apple’s customers (and in my opinion, the entire world) regarding the United States government ordering Apple to weaken the encryption of iOS devices by adding a backdoor. And Apple is fighting it.

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

Please go read Tim Cook’s entire letter.

Make no mistake, this is a pivotal moment in our security and privacy in the digital age. It’s my opinion that Apple is fighting for citizens’ rights here, protecting us from the United States government. And if such a backdoor to encryption is forced upon us, criminals will find and use it to exploit each and every one of us.

And this is certainly about more than this single iPhone. Marco Arment has said it best in what I’ve read today:

As we’ve learned from national hero Edward Snowden and, well, almost every other high-profile action taken by law enforcement recently, this most likely has very little to do with the specific crime or iPhone that the FBI is citing in this case.

It’s their excuse to establish precedent and permanent backdoors for themselves so they can illegally spy on anyone’s data whenever they please. They’re shamelessly using a horrible tragedy to get themselves more power.

I believe in encryption. In this day and age, encryption is what gives us privacy in the digital world. In a previous age, privacy was as simple as closing your door and locking it. Yes, law enforcement can always obtain a warrant and circumvent your locks by breaking your door. But nowhere is it written that your locks must be weak enough to be broken. If your door is 12 inches of steel, well, that’s your privilege.

And for those of you who think Apple should stand aside and help the FBI by weakening encryption because you think you have nothing to hide, go and read Tim Cook’s letter again, but substitute Chinese government and Russian goverment wherever Tim writes U.S. government.

Do you still think encryption is worth weakening? If Apple is forced to capitulate to the FBI, other governments will come knocking on the encryption door, too.

¶ A Whole New Level

Troy Hunt on a massive data breach at VTech:

I suspect we’re all getting a little bit too conditioned to data breaches lately. They’re in the mainstream news on what seems like a daily basis to the point where this is the new normal. Certainly the Ashley Madison debacle took that to a whole new level, but when it comes to our identities being leaked all over the place, it’s just another day on the web.

Unless it’s our children’s identities, that’s a whole new level.

When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well – along with their home address – and you can link the two and emphatically say “Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)”, I start to run out of superlatives to even describe how bad that is.

Make no mistake, this is bad. Our personal information and privacy is highly sought-after by advertisers, governments, and yes, even criminals. The days of saying that no one would be interested in your data are over. Everyone wants your data. It is time to start taking the security and privacy of your information seriously.

Use unique passwords everywhere with a password manager. (You can even lie on the answers to security questions and track what lie you gave a site in a password manager).

Use a Virtual Private Network (VPN) when on public Wi-Fi.

Encrypt your devices. It's easy to do on OS X and iOS.

Be cautious of who you are giving personal information to.

And most of all, care about your data.

1Password 5.2 for iOS & 5.1 for Mac

Speaking of app updates, today we at AgileBits released a couple awesome updates for iOS and Mac today.

1Password 5.2 for iOS brought home the awesomesauce by adding a nifty Login Creator to help build Login items properly. It also added a Time-based One-Time Password (TOTP) feature for Pro owners helping strengthen up security for sites that offer. Two-step verification is a great thing and 1Password is aiming to make it easy to use and understand.

1Password 5.1 for Mac focuses on sync — both behind the scenes and on stage. A lot of code was optimized to make sync the best it has ever been (iOS benefitted from this in shared code, as well) and the Sync interface in Preferences has been completely re-done to make setting up sync as easy as selecting a vault and choosing a service from a drop down list.

Both updates are free to existing owners of 1Password 5 on the respective platforms. Everyone on the team poured a lot of effort into these releases, so if you see any of us on Twitter, be sure to send an emoji high-five.

The 1Password Emergency Kit 3.0

Mike Vardy posted a really great update to his 1Password Emergency Kit today.

The 1Password Emergency Kit V3.0 is now a fillable PDF that looks and functions a lot better, and includes even more information that will come in handy if any sort of emergency arises.

Naturally, I keep a lot of my life's essential data in 1Password. Should I ever be incapacitated or pass away unexpectedly, my family can get ahold of my copy of this (which I now need to update, so don't let me forget) in order to access the things they may need.

Do yourself and your loved ones a favor and fill out your kit, too.

Cloak 2.0

The Internet can be a scary place. One thing that always makes me a little leery is public Wi-Fi. You never know what anyone else is up to on public Wi-Fi. One of the best things you can do in that situation is to use a VPN.

Unfortunately, VPNs are not something that most folks a) know about, and b) know how to use.

That's where Cloak comes in. Cloak makes using a VPN easy, as it does all the work. It even works on your iOS devices. I've been using Cloak for a year now, and today Cloak 2 was released.

The first Cloak worked fine on the Mac, but on iOS it felt very finnicky. This is where Cloak 2 really shines. Cloak 2 brings a new feature called Trusted Networks. You can tell it which networks you use that you trust, and it will disable the VPN when you are on those. Then when you venture onto an untrusted network, the VPN automagically kicks in and secures your connection.

And you only need to set this all up once, as Cloak will pass your Trusted Network settings on to all of your devices.

Cloak operates off a monthly subscription, and has a couple tiers.

I've found the mini plan to be more than adequate for my occasional afternoon working at a coffee shop, but if you are a heavy VPN user, then the unlimited plan is priced fantastically, too.

As I said, the Internet can be a scary place. Stay safe out there.

¶ A Terrifying, Nightmarish Lesson on Security

Over the past three decades, more and more of our lives have transitioned from analog to digital. First, paper and typewriters yielded to word processors. Next, music went from albums, to cassettes, to CDs, to files on an iPod. Then our photos went from film to JPGs.

It used to be, in the analog, the only ways you’d really lose something is if your home were hit by a natural disaster, or you were burgled.

Not anymore. Mat Honan found this out the hard way. He was hacked. Hard.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password (see update) and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

[…]

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.

This is horrifying. A nightmare. As I read Mat’s post this weekend, I could feel a sense of dread creeping on me. I knew I had vulnerabilities to some of my accounts, where I had traded some security for convenience. It’s no excuse. I’m a faithful user of 1Password on all my devices. I have no excuse for not having great passwords.

Except, in this case, not even the strongest password would have helped. The hacker didn’t even try to figure out the password. They had a back door.

From Mat’s follow-up piece on Wired (emphasis mine):

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

[…]

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file.

If you lost your wallet, let’s say it contained your driver’s license, your credit card, and a business card with your iCloud email address. That is all someone would need to destroy your digital life.

Thankfully, Apple and Amazon have, for now, closed the loophole while they tighten security.

Here’s the thing: what happened to Mat has been going on for a while. These loopholes have existed for quite a while. Mat was just the first person to get hit that had a significant audience.

Unfortunately, that’s usually how these things are discovered.

I’d love to see Apple take Marco Arment’s advice on how to make password resets a better:

And ideally, before resetting a password by phone, they’d send a forced “Find My”-style push alert to all registered devices on the account saying something like, “Apple Customer Service has received a request to reset your iCloud password. Please call 1-800-WHATEVER within 24 hours if this is unauthorized.”

Then make the person call back the next day. If you forget your password and the answers to your security questions, it’s not unreasonable to expect a bit of inconvenience.

Marco is right. If you forget how to access your account, a little inconvenience of waiting a day to get back in is okay.


I am largely sympathetic to Mat. What he went through sucks. But I can’t get past his one blunder. He didn’t have a backup of his Mac.

How does a technology writer not keep backups? Heck, he uses a Mac. OS X has had backup built-in for 5 years. Here’s a free tip, folks: go learn about Time Machine and then use it.

For even better backup practices, go read Shawn Blanc’s backup tips.

Macworld’s Dan Moren & Lex Friedman have some security tips, as well.

As for me, I’ve disabled Find My Mac on iCloud. The Find service is more practical for devices like the iPhone and iPad, but the idea of someone being able to remote wipe my Mac gives me the willies. I keep backups, but the whole idea just doesn’t sit right with me right now. Anything on my iPhone or iPad already exists on my Mac, so I’m not worried about those devices ever being wiped.

I’ve lost some trust in Apple and Amazon. It was ridiculous how easy Amazon let someone into the account.

And Apple? Well, they deservedly bear the brunt of mistrust. Why? Because they have been asking us to trust them more and more over the years.

I created an Apple ID for the iTunes Store in 2003. Back then, it was only for music. But over the years, it has grown to house music, movies, apps, and now my email, contacts, calendars, notes, reminders, my location, and the keys to wipe my devices.

I’ve realized many of us have a lot of our eggs in one basket. A basket we trust not to tip over.

My advice? Use the basket, but don’t trust it entirely. Keep backups. Use really good passwords (and go buy 1Password for all your devices). And, since 1Password can help you fill in credit card info on a site in a couple clicks, consider not storing credit card info on the web.