CompuBC Information Technology Services Ltd. Managed Services for Residential & Small Business. PC & Mac.
  • CompuBC Services
    • Residential
    • Business
    • Managed IT Services
    • Cloud Computing
    • Canadian Based File Sharing & Syncing
    • Online Backup
    • Business continuity & disaster recovery >
      • Axcient BCDR
      • Datto BCDR
    • Data Recovery
    • Network Wiring - VoIP Phone System - Video Conference
    • Computer recycle service
    • Laptop Rental
    • Office IT Relocation
    • Service Cost
  • Service Request
  • Self Service area
  • Blog
  • Terms and Conditions

How I sold an old Mac and unknowingly had access to its location for over 3 years

2/25/2018

1 Comment

 
By: Brenden Mulligan
So this crazy thing happened recently with an old Mac I sold on Craigslist a few years ago. I noticed it was still showing up in my Find My iPhone app. Well, at first I didn’t realize it was that particular Mac. I just happened to notice there was a computer I didn’t recognize in Find My iPhone called “Michael’s iMac”.
Picture
I clicked in and saw a computer that wasn’t mine showing up on a map about 100 miles north of my house.
Picture
I vaguely remembered selling an iMac on Craigslist 3 years ago, and figured that was this one. Then I realized that meant for over 3 years, I had access to this person’s exact location. That’s insane to me.
How the hell did that happen?
Before selling, I erased the computer and re-installed a fresh OS X
I did a hard erase of the computer and reinstalled OS X factory fresh. The mistake I made was that before erasing the computer, I didn’t sign out of iCloud / Find My Mac. I figured erasing the computer would do that. It didn’t.

I sold the computer and the user didn’t log into iCloud
For whatever reason, this person didn’t need to sign into iCloud. So this meant that Apple still associated the computer hardware with my iCloud account. The computer wasn’t logged into my iCloud account, but was still associated with my account, so I still could track the computer’s location in real time.

For me (the seller), this isn’t much of a security risk
The buyer won’t see or have access to any private iCloud data; the hardware is just associated with it. But the seller can’t disassociate it without the buyer’s help (and I didn’t have any way to contact them), so it’s a pain.
No, logging all devices out of iCloud doesn’t work. And no, this has nothing to do with if the computer is in your Support Profile.
The only options I had were Play Sound, Lock, and Erase.

Picture
For the buyer, there are massive privacy concerns.
The biggest privacy issue is for the buyer. If they don’t turn on Find My Mac with their own iCloud account, they leave a lot of power in the previous owner’s hands.

The previous owner can track the buyer’s location.
At any time in the past 3 years I could have tracked this computer’s exact location. Not a huge deal with an iMac, but if this was a laptop, I’d basically know where this person was at all times. Terrifying.

The previous owner can erase everything remotely.
With two clicks, at any point, I could shut down this user’s computer and completely wipe it clean. They couldn’t stop it and would have no control. They’d lose everything.
Picture
The previous owner can lock the buyer out.
This is what I ended up doing. It was the only way I could get in touch with the owner. So I remotely locked the computer and in the lock message, put my phone number.
Picture
The new owner texted and we got it resolved. As mentioned, it wasn’t that they were still logged into my iCloud account, it was that they never signed into their own iCloud account.

Resolving it showed one last nugget of privacy ugh.
When Michael finally logged into his own iCloud account and turned on Find My Mac, the computer was nice enough to tell him my full name.
Picture
Not a huge deal, but for people who want to remain anonymous when selling a computer, this sucks.

Overall, this seems like a massive privacy / security flaw. Maybe Apple has patched this in a more recent OS X update. Again, I sold this computer 3 years ago. But just in case, if you sell a computer, turn off Find My Mac BEFORE wiping it. And if you buy a computer, immediately sign into iCloud so there’s no chance the seller can track you.
1 Comment
Camila link
1/6/2021 03:13:15 pm

Good bblog post

Reply



Leave a Reply.

    Archives

    January 2021
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    May 2020
    March 2020
    November 2019
    August 2019
    July 2019
    June 2019
    May 2019
    March 2019
    November 2018
    July 2018
    June 2018
    May 2018
    April 2018
    February 2018
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017

Picture
Manage Security

Address:
2951 Britannia crescent
Port Coquitlam, V3B 4V5

​Phone: 
1-888-999-4950
​1-778-776-6222

​Hours of operation:
Week Days:   9 AM - 7 PM

Saturday:
11 AM - 5 PM By appointment


Sunday: Closed
​
​
Please schedule an appointment.

Business Number 778569517BC0001
© Copyright CompuBC, All Rights Reserved.
Picture
Picture
CompuBC Facebook
Picture
Click for the BBB Business Review of this Computer Business Services in Port Coquitlam BC

Picture
Picture
Picture
Picture
Picture
Icons for this website are made by Freepik, xnimrodx, Smashicons, itim2101, photo3idea_studio, and prettycons from Flat Icons.
  • CompuBC Services
    • Residential
    • Business
    • Managed IT Services
    • Cloud Computing
    • Canadian Based File Sharing & Syncing
    • Online Backup
    • Business continuity & disaster recovery >
      • Axcient BCDR
      • Datto BCDR
    • Data Recovery
    • Network Wiring - VoIP Phone System - Video Conference
    • Computer recycle service
    • Laptop Rental
    • Office IT Relocation
    • Service Cost
  • Service Request
  • Self Service area
  • Blog
  • Terms and Conditions