Find My Mac without possibility of remote wipe
| Originator: | creasepattern | ||
| Number: | rdar://16680431 | Date Originated: | April 21, 2014 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.9 |
| Classification: | Security | Reproducible: | Always |
Lucas Garron21-Apr-2014 03:56 PM Summary: Find My Mac automatically enables remote wipe, without fine-grained choices. I am unwilling to enable this feature because: - It allows anyone with access to my Apple account to initiate a remote wipe. I may have external backups, but I do not want anyone to be able to lock me out of my main device. It would be a major inconvenience Right now, I see someone hacking my Apple account as more likely than losing my computer, and FDE (FileVault) means the data on disk is useless to them in the latter case unless it’s a very targeted attack. The Matt Honan case shows that hackers are plenty eager to wipe your device in order to lock you out of your stuff, though. That's exactly when I *don't* want remote wipe to be possible. Steps to Reproduce: 1. Enable Back to My Mac (in iCloud settings on OS X). Expected Results: An option to remove the remote wipe feature while allowing "Find My Mac", especially if FileVault is enabled. Alternatively, I'd be alright with remote wipe depending on (regular Apple ID access in addition to) a security code that I can write down and store in a safe place at home. This could be similar/related to the FileVault key, although making them the same would be undesirable security-wise. Actual Results: The confirmation dialogue includes "...or erase a lost Mac." Version: Mavericks (10.9.2) Notes: Configuration: Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!