If you have a pre-M1 mac and care about security, throw your computer in the trash right now. Here is why…
If you physically have someones locked macbook air/pro and five minutes alone, you can change the admin password and have access to all of their data (while they are now locked out)
Instructions here but i will summarize:
Change the password in single user mode
- Hold ⌘+S on startup
mount -uw /(
fsck -fyis not needed)
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist(or
dscl . passwd /Users/username(without a trailing slash) and enter a new password. You can ignore the error about
You can then attach your iPhones ‘findmy’ app to the macbook you stole and lock them out or track their location FOREVER.
The best part? They can never remove your presence, even with the help of apple. So the only way to get out of this is to smash it with a hammer and buy a new mac.
Now I have hacked a few windows and linux machines in the past but never was it this easy or permanent. Apple gives you the tools to permanently ruin their ability to enjoy their device and not even apple support can see their entire email.
In my case, the guy who got me was an airbnb guest who had 45 minutes alone with my machine. His name is Matthew Tebbens and his email is firstname.lastname@example.org according to apple. He also has warrants out for stealing a $7,000 camera and 200k in fraud but in a mental episode, he came clean and admitted to hacking my mac. I knew his system worked because I used the same (above) system to regain access but I cannot remove his findmy presence so I must throw away the machine.
Fortunately, the M1 Chips are not hackable in this way, however I am sure Apple will find another way to make them suck or become prematurely un-useable.
So hence, if you care about not letting someone change your admin password by pressing 4 buttons, you should only buy an M1 mac and disable findmy.