Are company trade secrets safe on refurbished MacBook Pros?

[Hieveryone]

Last night I ordered a 2016 ntMBP from the refurbished Apple site.

Is it safe given it's been owned by someone else? What if there's malware on it?

I'll mainly use for the device for playing music on YouTube, but at times I might use it for more important things.

Is it safe to have company trade secrets on it?

 

[Mike Boreham]

Refurbished from Apple is as good as a new mac. Possibly better because it is more likely to have had any faults exposed and fixed.

There is absolutely no question of anyones data existing on it.

However I am very, very surprised there are any 2016 MBPs on the Apple Refurbished site.

Are you absolutely sure you are on the Apple Refurb site...

EDIT....Take it back ....I see there are!

 

[casperes1996]

Last night I ordered a 2016 ntMBP from the refurbished Apple site.

Is it safe given it's been owned by someone else? What if there's malware on it?

I'll mainly use for the device for playing music on YouTube, but at times I might use it for more important things.

Is it safe to have company trade secrets on it?

There's no malware on it... It's been refurbished, you're not just buying it from the previous owner. It's been wiped clean. If you don't trust it, wipe it again. Simple as that.

 

[Hieveryone]

Refurbished from Apple is as good as a new mac. Possibly better because it is more likely to have had any faults exposed and fixed.

There is absolutely no question of anyones data existing on it.

However I am very, very surprised there are any 2016 MBPs on the Apple Refurbished site.

Are you absolutely sure you are on the Apple Refurb site...

EDIT....Take it back ....I see there are!

Yeah I saw a bunch last night. Might be sold out now not sure haven't checked.
[doublepost=1490308519][/doublepost]

There's no malware on it... It's been refurbished, you're not just buying it from the previous owner. It's been wiped clean. If you don't trust it, wipe it again. Simple as that.

Ok just making sure there can't be under the radar tracking or something.

 

[casperes1996]

Ok just making sure there can't be under the radar tracking or something.

Definitely not. Literally everything that was on it from the previous owner is gone. Don't know how much you know about how data is stored on digital devices, but the whole drive gets blasted with 0's and then a new disk image gets installed.

Imagine what kind of **** Apple would be in if you could access the previous owner's files or if anyone could access yours because it's a refurb. It's still sold from Apple, so that'd be their responsibility.

 

[Hieveryone]

Definitely not. Literally everything that was on it from the previous owner is gone. Don't know how much you know about how data is stored on digital devices, but the whole drive gets blasted with 0's and then a new disk image gets installed.

Imagine what kind of **** Apple would be in if you could access the previous owner's files or if anyone could access yours because it's a refurb. It's still sold from Apple, so that'd be their responsibility.

Right I agree. It would be a huge problem.

My concern just stems from hearing about Snowden and all the crazy stuff hackers can do.

Like maybe there's some bug that's so under the radar that no matter what Apple does the previous owner can see and read everything you do.

Normally I wouldn't care I mean all I do is surf social media, YouTube, email, nothing important that'd I'd give a crap if someone saw.

But I mean company trade secrets are a whole different ball game.

 

[casperes1996]

Like maybe there's some bug that's so under the radar that no matter what Apple does the previous owner can see and read everything you do.

If it's that under the radar, you'd be damn unlucky if your previous owner knows about it, and your company wouldn't be able to blame you for that.
But again, the drive is wiped, so the previous owner has no way of getting anything to stay on the computer - aside from perhaps flashing the pre-boot environment that bootstraps the hard drive. But realistically speaking there's no way for the previous owner to have anything stay on the computer after it gets wiped. So any bug that may allow hackers access, is there whether it's a refurb or not. All data present on the machine will be identical to a new one.

If you need to really, really keep something secret, there's encryption. Then even if someone does have the capability of getting a hold of your files, they still can't read them.
You can either turn on File Vault for whole disk encryption, or you can manually encrypt with the built in OpenSSL

To Encrypt:

openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data

To Decrypt:

openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data


or get gpg and do this

To Encrypt:

gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data

To Decrypt:

gpg --output un_encrypted.data --decrypt encrypted.data

Though with regards to a previous owner, you have nothing to fear. You're as secure as a new Mac.

 

[Hieveryone]

If it's that under the radar, you'd be damn unlucky if your previous owner knows about it, and your company wouldn't be able to blame you for that.
But again, the drive is wiped, so the previous owner has no way of getting anything to stay on the computer - aside from perhaps flashing the pre-boot environment that bootstraps the hard drive. But realistically speaking there's no way for the previous owner to have anything stay on the computer after it gets wiped. So any bug that may allow hackers access, is there whether it's a refurb or not. All data present on the machine will be identical to a new one.

If you need to really, really keep something secret, there's encryption. Then even if someone does have the capability of getting a hold of your files, they still can't read them.
You can either turn on File Vault for whole disk encryption, or you can manually encrypt with the built in OpenSSL

To Encrypt:

openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data

To Decrypt:

openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data


or get gpg and do this

To Encrypt:

gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data

To Decrypt:

gpg --output un_encrypted.data --decrypt encrypted.data

Though with regards to a previous owner, you have nothing to fear. You're as secure as a new Mac.

Great thanks. Seems like the only way is if the previous owner took out the SSD and bugged it so that no matter what software, it's physically built into the SSD itself so no working around it.

But I mean I'm just getting into hypotheticals now. Obviously I don't think the previous owner would do that.

 

[casperes1996]

Great thanks. Seems like the only way is if the previous owner took out the SSD and bugged it so that no matter what software, it's physically built into the SSD itself so no working around it.

Doesn't exactly work like that either. There'd be nothing special you can do when you remove it from the machine - least not in this context. With the knowhow, you could flash a different firmware on the drive, which'd kinda be what you're talking about - i.e. altering the operation of the drive no matter what runs on it, but there are limits to what you can do on that front and so forth and it isn't exactly trivial. And even then, you can only change how the microcontroller on the SSD itself handles data, and you'd have no access to the rest of the system, so even if you manipulated the SSD to buffer up all data on it in an unencrypted state or something, you wouldn't be able to use the networking or the CPU to send the data anywhere or anything. Let's say it this way - if you're going to try and hack someone, there are waaaaay easier ways. And for all intents and purposes, this method would be impossible.

 

[Hieveryone]

Doesn't exactly work like that either. There'd be nothing special you can do when you remove it from the machine - least not in this context. With the knowhow, you could flash a different firmware on the drive, which'd kinda be what you're talking about - i.e. altering the operation of the drive no matter what runs on it, but there are limits to what you can do on that front and so forth and it isn't exactly trivial. And even then, you can only change how the microcontroller on the SSD itself handles data, and you'd have no access to the rest of the system, so even if you manipulated the SSD to buffer up all data on it in an unencrypted state or something, you wouldn't be able to use the networking or the CPU to send the data anywhere or anything. Let's say it this way - if you're going to try and hack someone, there are waaaaay easier ways. And for all intents and purposes, this method would be impossible.

gotcha. also, it's not like they would know who's getting the refurbished computer. so it wouldn't be worth their time bc it could go to some college kid who does nothing more than write papers and watch netflix

 

[ZMacintosh]

Apple will generally replace and refurbish all parts within the device, its like if you took your Mac into a Genius Bar or AASP and needed a logic board, top case and display assembly replaced, its all new firmware/cpu/ssd/display etc. they use repair parts to refurbish units. There is nothing tied to the original owner. You're fine.

 

[maflynn]

However I am very, very surprised there are any 2016 MBPs on the Apple Refurbished site.

Yes, the 2016 models are now in the refurb section of the apple store.

I don't think that's unusual, though my knee jerk reaction would be due to high returns

Is it safe to have company trade secrets on it?

As safe as any other computer

 

[AppleMacFinder]

My concern just stems from hearing about Snowden and all the crazy stuff hackers can do

Many people forget that there is a huge number of firmwares in any modern computer. Even if you replace a logic board and SSD, there are still a lot of peripheral devices - like webcam and touchpad ; even a keyboard sometimes has a tiny firmware! So there is a possibility for the professional hackers to create a powerful malware (some kind of BadBIOS - https://arstechnica.com/security/20...erious-mac-and-pc-malware-that-jumps-airgaps/ ) , which will be able to hide not just in EFI/BIOS firmware storage chip but also at the firmwares of peripheral devices - so that, in case someone will replace a logic board or reflash EFI/BIOS by an external hardware programmer, this malware could emerge from its' hiding place and re-infect the computer at the next or after a few reboots...

But I mean company trade secrets are a whole different ball game.

This kind of attack is not easy to perform - and even if a prior owner of that refurbished MBP is a hacker which already has this malware in possession, he will think twice before infecting it and returning to Apple - because, if this malware would be discovered, this will link it to a previous owner. However, a rogue Apple employee could also try to do that

its all new firmware/cpu/ssd/display etc.

Unless they give you a completely new MBP (in which case it wouldnt be refurbished) there will be at least 1 programmable chip remaining from a previous owner, where the malware could reside

<MBP> is as safe as any other computer

I would not say that, because Apple is collaborating with NSA and they lied about patching the security holes, while they haven't been patched --- (spotted by WikiLeaks) . If Apple leaves the backdoors for NSA, any other hacker could discover them and use as well

There are computers which are more safe than MBP - I am talking about those rare desktops/laptops which are supported by coreboot project and have open source BIOS which you can personally verify that it doesn't contain any backdoors and rebuild by yourself. Also install a completely open source operating system like Trisquel Linux (no closed source drivers!) and spend a sh!tload of time to constantly harden its' security (all kind of encryptions, hardened software settings, manual patching against the exploits, etc.) . But for a person who even thought that MBP are safe for top secret info, this seems like an impossible quest...

 

[maflynn]

I would not say that, because Apple is collaborating with NSA and they lied about patching the security holes, while they haven't been patched --- (spotted by WikiLeaks) . If Apple leaves the backdoors for NSA, any other hacker could discover them and use as well

I disagree, I think once you have your disk encrypted with filevault your data is as safe any other computer

 

[AppleMacFinder]

I disagree, I think once you have your disk encrypted with filevault your data is as safe any other computer

Are you sure that Filevault does not contain any Apple's backdoors? (or the "front doors" as our government likes to call them) Those people who are involved at the illegal activities or are dealing with the truly top secrets ---> do not trust the Filevault or BitLocker, they are using the more professional tools like Truecrypt 7.1a (but not 7.2 because it has been compromised!) and some kind of a Linux
(not OS X or Windows, - the closed source software could contain the hidden backdoors and cannot be trusted)

 

[maflynn]

Are you sure that Filevault does not contain any backdoors? Those people who are involved at the illegal activities or are dealing with the truly top secrets ---> do not trust the Filevault or BitLocker, they are using the more professional tools like Truecrypt 7.1a (but not 7.2 because it has been compromised!)

Yes, I'm sure

 

[AppleMacFinder]

Yes, I'm sure

I respect your point of view, but after all those WikiLeaks revelations I wouldn't be so sure at your place

 

[maflynn]

I respect your point of view, but after all those WikiLeaks revelations I wouldn't be so sure at your place

Apple already stated the vulnerabilities have been patched and so if you keep your system up to date, you should be fine.

No computer is 100% protected, but I like Apple's stance on privacy and protecting your privacy, so I have no reason to doubt that my data is quite safe on my Mac.

You also need to assess the risk, will a common thief go to extraordinary efforts to crack FileVault? No, and so I think that also means my data is no more at risk because its on a Mac.

 

[ZMacintosh]

Unless they give you a completely new MBP (in which case it wouldnt be refurbished) there will be at least 1 programmable chip remaining from a previous owner, where the malware could reside

They build parts specifically for refurbishing and repair processes and most are completely new, rebuilt with new chipsets & components, but they cannot be sold as new since their produced for refurbishing

 

[therealseebs]

My confidence dropped significantly when I found out that there are apparently firmware-level malware installs that can target Macs and which cannot be wiped out by anything you can do with reloading or resetting. And the firmware-level stuff may have been patched, or may not, but I don't know what happens to machines where the firmware was already compromised.

 

[Hieveryone]

Apple will generally replace and refurbish all parts within the device, its like if you took your Mac into a Genius Bar or AASP and needed a logic board, top case and display assembly replaced, its all new firmware/cpu/ssd/display etc. they use repair parts to refurbish units. There is nothing tied to the original owner. You're fine.

Great thanks a lot!

 

[Hieveryone]

I think it many ways one just has to be smart about these things. It's hard to explain but like keep your MacBook safe. Don't lose it. I think it getting stolen can be a bigger risk than hacked. Someone would have to know you have info on that device that could help their company then figure out how to hack.

 

[casperes1996]

I think it many ways one just has to be smart about these things. It's hard to explain but like keep your MacBook safe. Don't lose it. I think it getting stolen can be a bigger risk than hacked. Someone would have to know you have info on that device that could help their company then figure out how to hack.

And company trade secrets may be sensitive, but it isn't exactly launch codes for nukes... There's always a level of reasonable risk, and if it were the launch codes for nukes, as someone mentioned I wouldn't trust a Mac with them. Not that I don't trust a Mac, but I'd rather use fully custom silicon that nobody except for a small set of people even knew about and then have it entirely locked away without access to any for of internet or wireless communication, with several layers of both physical and virtual protection systems.

Anyway, anything that connects to the internet has a level of risk associated with it, be it Mac, Windows or Linux - of course to varying degrees - Windows 95 is obviously less secure than Windows 10 or macOS Sierra or Kali Linux. But there's also an element of "Is it likely that anyone interested in this data knows who to hack and how to?". It's not only about whether or not it's possible to get hacked. It's also about who might hack you, what they'll actually get access to if they do "getting only your browsing history for instance, or a list of hashed data that's scrambled may not be useful" and so forth.

I'd say you're secure enough