Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Anyone can change the password to my mac, ridiculous

tennismanclay

tennismanclay

macrumors regular
Original poster
May 11, 2007
221
1
US-Texas
Ok so yesterday my cousin (huge pc user) said he could change my admin password without him knowing it. After a laugh i let him try. I came back later and i couldn't log in. He had successfully changed my password without knowing it what so ever. He finally told me what he did, apparently he booted into single user mode and typed some of those fsck and mount -uw junk, then he simply typed passwd and my account name, and it asked for a new password.

My first questions is how do i make this so he cant do it, would enabling root or firevault or something help?

If not this is ridiculous since this is the most secure OS, right?


-Clay
 
I love single-user mode.

My mom's school locked her out of being able to administrate the four iMacs that she got with a grant (because her school refuses to buy her Macs), so I booted into single-user mode and created a new administrator account so that I could give her account on each computer administrator access.

Firmware passwords are handy. People who don't know enough to use them (the Microtards in her tech room) are very vulnerable.
 
Remember if someone has physical access to the machine, they can still defeat Open Firmware passwords by removing or adding a stick of RAM, thus allowing a PRAM reset even if an OF password is set.

This dates from 2005, but I'm pretty sure it's still valid:

Bypassing Open Firmware Security
If you forget the Open Firmware password for a computer, or if someone else sets one before you do, you can reset the Open Firmware settings to their defaults (no password and the none security mode). If other Open Firmware settings have been changed, this might reset them as well. As I said, it's a cumbersome process, so you'll want to avoid having to do it.

First, open the computer and either remove or install RAM. What you need to do is change the amount of RAM that's installed in the computer, so simply moving modules around won't do the trick. Reboot the computer with the changed amount of RAM and zap the PRAM. (Changing the installed RAM allows you to use the command-option-P-R key combination to zap the PRAM, regardless of the Open Firmware security mode, which removes the password.) Then boot into the Open Firmware prompt and use the set-defaults command. This should reset all Open Firmware configurations to the default settings.

Use the reset-all command to reboot with the new settings, after which you can set a new password and security mode (either directly through the Open Firmware prompt or using another tool). Restore the original amount of RAM in the computer.
Click to expand...
 
tennismanclay said:
Ok so yesterday my cousin (huge pc user) said he could change my admin password without him knowing it. After a laugh i let him try. I came back later and i couldn't log in. He had successfully changed my password without knowing it what so ever. He finally told me what he did, apparently he booted into single user mode and typed some of those fsck and mount -uw junk, then he simply typed passwd and my account name, and it asked for a new password.

My first questions is how do i make this so he cant do it, would enabling root or firevault or something help?

If not this is ridiculous since this is the most secure OS, right?


-Clay
Click to expand...

The problem could've been solved by:

1. Not giving him your computer.
2. Not letting him change your password.

It's not like you could go to a website in Safari catch a virus that changes your password.
 
ajthomason said:
Open Firmware was the one on PowerPC Macs, not Intel ones - it is no longer valid.
Click to expand...

From Apple:
All Intel-based Macintosh computers support firmware password protection.

The following Apple computers can use the Open Firmware Password application:

iMac (Slot Loading) and later models of G3 iMac
iMac (Flat Panel) and later models of G4 iMac
iMac G5 and later models of G5 iMac
iBook - all models, both G3- and G4-based
eMac - all models
PowerBook (FireWire)
PowerBook G4 and later models of G4 PowerBook
Power Mac G4 (AGP Graphics) and later models of G4 Power Mac
Power Mac G4 Cube - all models
Power Mac G5 and later models of G5 Power Mac
Any Intel-based Mac
Click to expand...

Unless the specific bypassing process from the 2005 article no longer holds.
 
JohnNotBeatle said:
From Apple:

Unless the specific bypassing process from the 2005 article no longer holds.
Click to expand...


From Apple:
Intel-based Macintosh computers can be protected by firmware passwords as well. The firmware in an Intel-based computer uses Extensible Firmware Interface (EFI) technology—Open Firmware is used in computers that use PowerPC processors.
Click to expand...

I'm not sure what the list was from, but that quote from http://support.apple.com/kb/HT1352 Says it all really...
 
ajthomason said:
From Apple:


I'm not sure what the list was from, but that quote from http://support.apple.com/kb/HT1352 Says it all really...
Click to expand...

I stand corrected. We quoted the same kb article. Apparently you just read more closely. ;) Notwithstanding any differences between Open and Extensible, I still wonder if the RAM change method still applies. I really don't feel like futzing with it right now...
 
also not ANYONE could change ur pasword, it would take someone with quite a bit fo experience in command line and UNIX.

Plus they have to have physical access to your computer, this kind of thing is not new and is not really a big security threat, and like others have said there is way to prevent even this minute security hole.
 
JohnNotBeatle said:
Not if the Firmware password is set -- they won't be able to boot from the DVD without it.
Click to expand...

Seems scary using the Firmware password thing if it prevents the use of starting up with the DVD. At any rate the OP doesn't have much to worry about, only a very tiny percentage of the world know how to boot into single user mode and perform the FSCK commands, I don't even know how to do it and I've been on the Macintosh for 12 years now, I just never bothered to learn.
 
JohnNotBeatle said:
Not if the Firmware password is set -- they won't be able to boot from the DVD without it.
Click to expand...

And if they have access to the hardware, they can reset the firmware password and then boot to the DVD. Or they can take the harddrive out and put it in an external enclosure and get your data.

There is no way around it, you can't protect yourself from attackers with access to your hardware.
 
The General said:
And if they have access to the hardware, they can reset the firmware password and then boot to the DVD. Or they can take the harddrive out and put it in an external enclosure and get your data.

There is no way around it, you can't protect yourself from attackers with access to your hardware.
Click to expand...

Which is what we've already established--I was only mentioning that simply having a Leopard DVD is insufficient to bypass Firmware passwords. The RAM change is probably the quickest & easiest means to defeat it. Two or three minutes and you're in.
 
The General said:
Filevault isn't that great either. :rolleyes:
Click to expand...

I'm less worried about data security with FileVault than I am totally hosing myself somehow by forgetting the password. Until there's an instant DNA authentication combined with iris scan (and a 78-bit password, to boot), we just have to take our MacBooks to the potty with us, I suppose. :D

Curious, though, is that RAM dump attack applicable to the Mac OS & Firmware?
 
Unfortunately it is normal for UNIX to allow for the master password to be changed via passwd.

You just need to disable single user mode and stop passwd from being used to change passwords. Google will give you more help, rather than me repeating what I google.
 
HLdan said:
...At any rate the OP doesn't have much to worry about, only a very tiny percentage of the world know how to boot into single user mode and perform the FSCK commands...
Click to expand...

Except that it already happened to him..

Anyhow, great thread!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back