What if our Macs are intercepted and compromised while in transit?

[iBrooker]

The latest Wikileaks is concerning, but we seem to forget that our machines are manufactured in China and go through several countries before they are delivered to us.

What if some sort of snooping hardware or software changes are 'slipped in' at the actual manufacturing plant? What if the unit itself is intercepted while being shipped through one of the several countries it passes through and then compromised?

Maybe I am just being paranoid but nothing would surprise me these days. What I'd like to know is what Apple is doing to make sure this doesn't happen. (That is, if they are not complicity themselves!)

 

[jerryk]

Send a message to Tim Cook and ask. Also, remember your machine could also be intercepted in the UK, the back cover popped off and ... . Or when you take it in for service. Also, you can get hacked by plugging your phone into a USB charger at school, airport, coffee shoppe, etc.

 

[Mobster1983]

Just accept that the government and hackers read and see everything you do. That's the fun of our world today. ;-)

 

[Weaselboy]

It is certainly possible. I remember this a couple years ago when the NSA was intercepting CISCO routers destined for foreign countries and placing "beacons" in them. I recall reading this was done without CISCO's permission or cooperation. I think I read something about CISCO tried to sue the US Government because this had harmed their reputation.

So I don't see what would be stopping the government from intercepting your MacBook en-route and installing monitoring software on it.

 

[Hieveryone]

Meh...I heard about something like that in the past. I think Snowden had helped reveal something about it?

 

[ZapNZs]

It is certainly possible. I remember this a couple years ago when the NSA was intercepting CISCO routers destined for foreign countries and placing "beacons" in them. I recall reading this was done without CISCO's permission or cooperation. I think I read something about CISCO tried to sue the US Government because this had harmed their reputation.

So I don't see what would be stopping the government from intercepting your MacBook en-route and installing monitoring software on it.

The revelations that a (presumed) group affiliated with the NSA was attacking the firmware on both computers and accessories, along with many Makers' refusal to consider cryptographically signed firmware on their various devices/accessories (along with successful efforts to bypass those that do), is something I find terrifying, considering detecting such attacks seem nearly impossible and the most practical removal method may be destroying the entire device.

Given the government could be using common adapters as vectors to infect firmware, it seems like they get you just about anywhere these days!

 

[Spudlicious]

Some things you just have to take on trust, because you have no choice. What if the VPN company I rely on to ensure my privacy is actually a CIA front, and I may as well echo my screen to a huge display on the side of my house? I just don't think I'm important enough for anyone to be interested in my internet activities, I take refuge in sheer insignificance. But I assume that if a state actor targets any individual then little David has no chance against Goliath. Don't worry, be happy

 

[Samuelsan2001]

The latest Wikileaks is concerning, but we seem to forget that our machines are manufactured in China and go through several countries before they are delivered to us.

What if some sort of snooping hardware or software changes are 'slipped in' at the actual manufacturing plant? What if the unit itself is intercepted while being shipped through one of the several countries it passes through and then compromised?

Maybe I am just being paranoid but nothing would surprise me these days. What I'd like to know is what Apple is doing to make sure this doesn't happen. (That is, if they are not complicity themselves!)

What if they do?? they can snoop on you in a million different ways if they want. Hell they can just get your ISP to tell them what you do online anyway so why bother. Unless you are staging a coup or smuggling vast quantities of contraband I doubt you have much to worry about.

 

[meteoreos]

Why would they want to snoop on you anyway?

Remember that Snowden said these entities probably wouldn't check up on you unless of course you're sending worrying messages/searching dodgy stuff.

The moral of the story is that they COULD snoop in on you if they wanted, quite easily, but it's highly unlikely unless you give them a reason to do it. So why even worry about it?

 

[EnderBeta]

It is certainly possible. I remember this a couple years ago when the NSA was intercepting CISCO routers destined for foreign countries and placing "beacons" in them. I recall reading this was done without CISCO's permission or cooperation. I think I read something about CISCO tried to sue the US Government because this had harmed their reputation.

So I don't see what would be stopping the government from intercepting your MacBook en-route and installing monitoring software on it.

The simplistic solution I guess would be to look for signs of tampering on the case and wiping the drive then reinstalling the OS if it is a concern.

You could also use it for misinformation if you prefer to make a fool out of the spy.

You could also keep full records about all your trips to Las Vegas and complain about your expenses to the boss. Unwittingly becoming the FBIs way to arrest all the bosses and cause the collapse of your mafia group. Ala the Casino.

 

[willmtaylor]

Anything indeed is possible. Alas, the probability that the Chinese government (or some other state agency) is able to or interested in intercepting your laptop to spy on your Amazon shopping activity and fantasy football league trade negotiations is quite slim, I'd imagine.

 

[snaky69]

Chances are you're likely neither important nor interesting enough to warrant being snooped on.

 

[jerryk]

This is not a new issue. People have done data fishing for decades. There was a scam were people left USB drives lying around colleges and when installed they loaded programs that created vectors for the intruders.

 

[wackymacky]

What if, what if.... You can't really do anything about it. As stated above above Cisco routers were intercepted by NSA. WE know that some Huawei phones had Chinese government spying firmware. Internet Exchange hardware has been interfered with. Boxes along oceanic cables have been inserted to listen to traffic.

Could there be something nasty sitting inside my shiny new mac book. Perhaps.

Yes I am wary about my electronic communications, however there is a limit to the number of layers of foil I can wrap around my head, before it becomes to impracticable and difficult to go about my day to day life.

 

[Badrottie]

The latest Wikileaks is concerning, but we seem to forget that our machines are manufactured in China and go through several countries before they are delivered to us.

What if some sort of snooping hardware or software changes are 'slipped in' at the actual manufacturing plant? What if the unit itself is intercepted while being shipped through one of the several countries it passes through and then compromised?

Maybe I am just being paranoid but nothing would surprise me these days. What I'd like to know is what Apple is doing to make sure this doesn't happen. (That is, if they are not complicity themselves!)

Please don't make me 100% paranoid! I want a peace with my trusty rMBP!

 

[boss.king]

Even if your stuff is being intercepted, 99.9% of the population has nothing of value to anyone. This isn't a movie, your lives aren't that interesting.

 

[Ray Brady]

What I find difficult to believe in this scenario is that this kind of snooping could go unnoticed for long. There are small armies of tech enthusiasts who spend the bulk of their day monitoring what's going on in their systems, and looking for unexpected activity. I don't doubt that a foreign agent could plant spyware in a large number of random machines, but I'm skeptical that this would be undetectable. Sooner or later, some white hat somewhere is going to notice what's going on. The repercussions of this kind of breach of trust would likely not be worth the benefit.

 

[iBrooker]

This is the route it has taken so far - not due until Tuesday...

 

[mfram]

The only people who "they" might be interested getting information from are the same set of people who would not want to publicize they are being tracked. You're being paranoid.

 

[willmtaylor]

This is the route it has taken so far - not due until Tuesday...

View attachment 691798

Almaty, KZ? Really? Interesting. I've been there.

 

[iBrooker]

What I find interesting is that the first three MBPs only showed The Netherlands as the dispatch location - so from there straight to the UK. I get the feeling they went there to be inspected. Not sure why the route would change otherwise.

For those saying we shouldn't care, that we're not important enough, etc. That's besides the point - our private stuff is our private stuff and I'd like to know what Apple is doing to make sure our computers are not compromised on route to us... such as what happened with those Cisqo routers that @wackymacky mentioned above.

 

[Spink10]

What I find interesting is that the first three MBPs only showed The Netherlands as the dispatch location - so from there straight to the UK. I get the feeling they went there to be inspected. Not sure why the route would change otherwise.

For those saying we shouldn't care, that we're not important enough, etc. That's besides the point - our private stuff is our private stuff and I'd like to know what Apple is doing to make sure our computers are not compromised on route to us... such as what happened with those Cisqo routers that @wackymacky mentioned above.

Post #2 seems the best option for you.

 

[ZapNZs]

What I find difficult to believe in this scenario is that this kind of snooping could go unnoticed for long. There are small armies of tech enthusiasts who spend the bulk of their day monitoring what's going on in their systems, and looking for unexpected activity. I don't doubt that a foreign agent could plant spyware in a large number of random machines, but I'm skeptical that this would be undetectable. Sooner or later, some white hat somewhere is going to notice what's going on. The repercussions of this kind of breach of trust would likely not be worth the benefit.

What about an attack like Thunderstrike2? It would presumably be almost impossible to detect (even for Apple), OS X reinstall, attempted firmware updates, and even tossing the hard drive would fail to do a thing to remove the infection. It seems unlikely this scenario would play out, but I think it would be a disaster if it did. Imagine the crapstorm of dongles infecting Macs, and infected Macs infecting dongles!

 

[MrGuder]

Well I heard that the clicking, popping and sticky keys we are hearing from on the 2016 MBP is really Morse code being transmitted back to the bad guys.

 

[Calby]

What I find interesting is that the first three MBPs only showed The Netherlands as the dispatch location - so from there straight to the UK. I get the feeling they went there to be inspected. Not sure why the route would change otherwise.

For those saying we shouldn't care, that we're not important enough, etc. That's besides the point - our private stuff is our private stuff and I'd like to know what Apple is doing to make sure our computers are not compromised on route to us... such as what happened with those Cisqo routers that @wackymacky mentioned above.

Thats because Apple have a storage in the Netherlands and they did maybe have your device in stock there, if it ships from china it's brand new and shipped directly from the factory (almost).