Spyware on Motherboard? Really?

Discussion in 'MacBook Pro' started by wondererpop, May 10, 2014.

  1. wondererpop macrumors newbie

    Joined:
    May 10, 2014
    #1
    Hi all forum members,

    I have read through search results and did not find a specific topic about that.

    So I have been targeted by some criminals ( as I suppose), to be more exact my Mac was. I did a lot of reading on the internet, including the Deepweb where I found following information :

    1) After you erase HD, spyware programs can still remain there somehow if it was rooted there properly. And apparently its not that hard, if people know how.

    2) MOST DISTURBING ONE: That if someone really wants to, they can even do manipulations with motherboard, that after you installed new hard drive it will be still possible to track you.

    Now, I am not a specialist, but I was found before to my precise location ( IP address, but since I travel a lot, it was easier to narrow down my where abouts),

    once via Skype resolver.

    And second time I am not sure how, though I changed my hard drive, did not use Skype, and ALWAYS used Strong VPN when accessing my email.

    Could there be some bugs on Gmail? And what you think about those 2 claims?

    I am still trying to figure it out somehow. I have called police, but they said if I am not hurt, they have nothing to investigate then( Eastern Europe).

    PLEASE, don't just say its bull crap, if you decide to comment please explain your statement and why you think so.

    I thank you all in advance, and take care. Stay safe
     
  2. MagicBoy macrumors 68040

    MagicBoy

    Joined:
    May 28, 2006
    Location:
    Manchester, UK
  3. dmccloud macrumors 6502a

    dmccloud

    Joined:
    Sep 7, 2009
    Location:
    Anchorage, AK
    #3
    First of all, you used the Deepweb for info - hardly a credible source. Second, while it is reported that some governments have developed such tools for monitoring "persons of interest", those were all developed for BIOS-based machines. Mac logic boards use EFI, which is a completely different system and has different tools used to update it. Going back to BIOS, it requires either direct access to the machine to update it or inclusion in the BIOS from the factory - you can't simply get a trojan from the internet that will update the BIOS without you being aware of it.

    If you fully erase a HDD/SSD, there is nothing left on the drive at all. Just like infecting a PCs BIOS, something like what you describe would require a write to the drive's firmware and wouldn't be able to run without direct user intervention.

    The IP address thing is meaningless, because all it can do is trace you to the ISP and rough area - not precise location. You can go to whatismyip.com and it will show you the external IP address (the one assigned by the ISP, not the router), because that's how the internet works. There's a lot of shady websites that use this easily available information to trick people into installing "security" software that's actually spyware/trojan/virus onto machines, but even in those cases its at the OS/software level, not BIOS level. If you're on a cellphone, they usually use a combination of IP address or GPS info and WiFi triangulation to get an accurate location (cell tower triangulation is the weakest method to determine location)

    As far as GMail is concerned, it's web-based, so it's not installing anything to your computer, let alone somehow infecting the motherboard.
     
  4. Hieveryone macrumors 68020

    Joined:
    Apr 11, 2014
    #4
    I believe you. That's extremely scary. If I was you, to be 100% honest, I would throw away my MBP in the garbage.

    Any phones, electronics, it's got to go. If criminals are looking for you they might do some horrible things to you.

    Is having a computer worth dying for? I hope they don't harm you but it's not worth the risk.

    If you get rid of your electronics it'll make it harder to track you.

    I wish you the best of luck :apple:
     
  5. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
  6. TruckdriverSean macrumors 6502a

    Joined:
    Feb 28, 2009
    Location:
    Texas, US
    #6
    Ok first off,

    How exactly was your Mac targeted? As in, did you discover spyware? Was information taken from you that exists only on your Mac?

    Or more likely, did a popup appear locking your browser and demanding money?

    More details (if possible) would be helpful.
     
  7. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #7
    You don't need to imagine shadowy characters tracking you by putting stuff in your motherboard. Every Internet interface on every network-enabled device you use has a unique Media Access Control addresses (MAC addresses, not to be confused with IP addresses or the Macintosh trade name). This is exposed to the routers you attach to. Anyone with access to the routers via admin login or a back-door can determine where you are as you move about. Certain chips in your computer including the CPU have serial numbers that can also be used for tracking purposes.

    Have a nice day.
     
  8. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #8
    I beg to differ. It's possible to infect a drive and implant the malware deep inside the drive's master boot record or GUID partition table. A standard reformat won't erase the MBR or GPT as far as I know, so in order to truly erase the drive, one has to wipe the MBR or GPT as well.
     
  9. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #9
    You and the OP should read this:

    http://guides.macrumors.com/Mac_Virus/Malware_FAQ
     
  10. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #10
    For the average user, that may be true, but it's not true for people who take security seriously from every standpoint, including the pre-OS environment (i.e. EFI or beyond the normal user-accessible sectors of the boot drive).
     
  11. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #11
    You are using "erase" and "format" pretty interchangeably in your earlier posts, if you understand the difference then you will be better prepared.

    When you format a drive the GUID (or MBR) is re-written to its default. Now there are techniques around that in a Windows environment but none that are effective in an OSX environment that I am aware of.

    Erasing drive data is another thing entirely, in a windows environment there are techniques for getting an un-erased executable to run on a machine post-formatting but again, no way I am aware of to replicate that "functionality" in an OSX environment.

    Yes you could write to the EFI - but then you have to have an executable and getting it to run - again highly unlikely under OSX without active user participation.
     
  12. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #12
    The NSA can just break through anything and install spyware even without active user participation.
     
  13. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #13
    My mistake, as you can tell that is what the OP was asking about you can assure him that his worry is pointless as the NSA is the root of all eveil and can break into his machine anyway, therefore any knowledge or measures to take against routine fraud/theft are pointless.....
     
  14. wondererpop thread starter macrumors newbie

    Joined:
    May 10, 2014
    #14
    Thank you all for your insights.

    I did erase and format my HD. I even changed it, as well.

    How do the MAC addresses work? What they are about? And how i can avoid being tracked by CPU serial number?

    My MacBook was accessible by others ( I used to leave it at work, and did not have any passwords back then), but after that time I already changed my HD.

    Indeed Deepweb might not the very credible source, but I found there hackers forum where they talk about security of Macs vs PCs. I don't see why they would just randomly even discuss it if doesn't even exist.
     
  15. c1phr macrumors 6502

    Joined:
    Jan 8, 2011
    #15
    A MAC address is a "unique" identifier to a piece of networking hardware. This is assigned to a device at the factory and should never change (let's forget, for a minute, that it is possible to change this. You should never, ever do that). MAC addresses are what make networking work at a local level, this is how your local router knows your computer is unique and can properly assign you an IP address inside of your local subnet (these relations between IP and MAC address are stored in an ARP table). This information is stripped out of packets that your router forwards out to the internet.

    Because your concern seems to be with being identified by your MAC address, I'll address that rather than go further into networking details. In theory, your network hardware manufacturer knows the MAC address that they've assigned to that piece of hardware that exists in your device. They have no idea who you are, that information really isn't important to them. Furthermore, as I've mentioned, your MAC address isn't used outside of your local subnet. Your router knows your MAC address, as well as the MAC address of some close (1st hop) routers that are outside of your local network. Those 1st hop routers know the MAC address of your router. If they didn't have this information, there would be no way for you to ever get information from the internet, yet it doesn't carry any real identification information. Simple as that.
     
  16. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #16
    Worth noting that even a modem/router designed for home use will have possibly 4 mac addresses as they are unique per interface so your simple modem may have one on the xDSL, WAN ethernet, LAN ethernet and WiFi interfaces...so 4 in total.
     
  17. Fishrrman macrumors G3

    Joined:
    Feb 20, 2009
    #17
    dmccloud writes above:
    [[ If you fully erase a HDD/SSD, there is nothing left on the drive at all. Just like infecting a PCs BIOS, something like what you describe would require a write to the drive's firmware and wouldn't be able to run without direct user intervention. ]]

    Just wondering...
    How does one "fully erase" an SSD?

    I don't believe ordinary disk management software (such as Disk Utility) can do this. Yes, you can run a "secure erase", but even then, I believe that on SSD's, there is -some- data in previously used memory that remains.

    How does one completely "wipe" an SSD and restore it to the equivalence of "just bought from the store" condition ??
     
  18. lewdvig macrumors 65816

    Joined:
    Jan 1, 2002
    Location:
    South Pole
    #18
    I think the bigger question is what kind of stuff are you keeping on your PC or writing in your emails that a government would be interested in.

    NSA can read all of my stuff if they want. :cool:
     
  19. MCAsan macrumors 601

    MCAsan

    Joined:
    Jul 9, 2012
    Location:
    Atlanta
    #19
    Just because you are paranoid does not mean folks aren't out to get you.
     
  20. mr.bee macrumors 6502a

    mr.bee

    Joined:
    May 24, 2007
    Location:
    Brussels, belgium
    #20
    I heard that the bugs in gmail infected your power adapter and that's how they follow you.

    Jokes aside, there are some very valid answers here, your worrying is not needed. On the contrary don't install any shady 'security software' :)
     
  21. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #21
    A proper security erase actually writes several sequences of data (all "0"s then all "1"s).

    However if you want absolute security in that regard then physical destruction of the disk platters (sandblasting), media is the only way with an HDD. I would suggest the same will apply with SSDs.
     
  22. 7itanium macrumors member

    Joined:
    Apr 20, 2013
    #22
    I guess my only question is what are you doing that would make some average joe hacker want to track you to that extent? lol

    any hacker that is interested in getting your credit cards, ID etc like 99.999% of hackers are is never going to even attempt going to this extent. The programming (especially on a mac) would be ridiculously extensive.

    The FBI could probably do such if they really wished... but a hacker trying to steal your info? definately not......
     
  23. jedblanks macrumors newbie

    Joined:
    Sep 27, 2012
    #23
    You need to re-focus your paranoia on Zombies. That's where its at.
     

Share This Page