Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Portables (Apple) Apple Hardware IT Your Rights Online

Apple's T2 Security Chip Has Created a Nightmare for MacBook Refurbishers (vice.com) 213

As predicted, the proprietary locking system Apple rolled out with its 2018 MacBook Pros is hurting independent repair stores, refurbishers, and electronics recyclers. A combination of secure software locks, diagnostic requirements, and Apple's new T2 security chip are making it hard to breathe new life into old MacBook Pros that have been recycled but could be easily repaired and used for years were it not for these locks. From a report: It's a problem that highlights Apple's combative attitude towards the secondhand market and the need for national right to repair legislation. "The irony is that I'd like to do the responsible thing and wipe user data from these machines, but Apple won't let me," John Bumstead, a MacBook refurbisher and owner of the RDKL INC repair store, said in a tweet with an attached picture of two "bricked" MacBook Pros. "Literally the only option is to destroy these beautiful $3,000 MacBooks and recover the $12/ea they are worth as scrap."

As Motherboard has reported previously, without official Apple diagnostic software, newer MacBooks cannot be repaired or reset. "By default you can't get to recovery mode and wipe the machine without a user password, and you can't boot to an external drive and wipe that way because it's prohibited by default," Bumstead told Motherboard in an email. "Because T2 machines have no removable hard drive, and the drive is simply chips on the board, this default setting means that a recycler (or anyone) can't wipe or reinstall a T2 machine that has default settings unless they have the user password."

This discussion has been archived. No new comments can be posted.

Apple's T2 Security Chip Has Created a Nightmare for MacBook Refurbishers

Comments Filter:
  • by DigitAl56K ( 805623 ) on Monday May 04, 2020 @07:09PM (#60022618)

    I'm very pro repair, but this type of feature is excellent for making it almost worthless to steal devices, as they have no resale value.

    I don't see why, if you obtained the device legitimately, you can't even pay the user to unlock it for resetting, considering that you will presumably then sell it on for a decent profit.

    • I'm very pro repair, but this type of feature is excellent for making it almost worthless to steal devices, as they have no resale value.

      This. It seems like his complaint is that he can't buy a stolen MB for $100 and turn it around as a $1500 refurb. FTA:

      If they do manage to get to the desktop, they will be plagued with constant ‘this machine is enrolled by XYZ school district.’ Most consumers see this and assume the machine is stolen, and rightfully so.”

      • by Anonymous Coward on Monday May 04, 2020 @07:56PM (#60022710)

        I'm very pro repair, but this type of feature is excellent for making it almost worthless to steal devices, as they have no resale value.

        This. It seems like his complaint is that he can't buy a stolen MB for $100 and turn it around as a $1500 refurb. FTA:

        If they do manage to get to the desktop, they will be plagued with constant ‘this machine is enrolled by XYZ school district.’ Most consumers see this and assume the machine is stolen, and rightfully so.”

        Make machines easy to refurb and people complain that you aren't doing enough for security and to brick stolen machines. Fix the machines so that they are secure and can't be refurbed by thieves for easy re-sale and people complain about that. This is a lose-lose situation, somebody will always piss and moan. Case in point: https://apple.slashdot.org/com... [slashdot.org]

        • Re: (Score:2, Insightful)

          Make machines easy to refurb and people complain that you aren't doing enough for security and to brick stolen machines. Fix the machines so that they are secure and can't be refurbed by thieves for easy re-sale and people complain about that. This is a lose-lose situation, somebody will always piss and moan. Case in point: https://apple.slashdot.org/com... [slashdot.org]

          Nobody is complaining about PC laptops being stolen. This is a handful of Apple users being the screaming Karen.

          Why are Apple buyers special? What makes their whining important enough to ignore the law?

          • by Cyberax ( 705495 ) on Monday May 04, 2020 @10:05PM (#60023018)

            Nobody is complaining about PC laptops being stolen.

            Quite a few people do. Ditto for stolen phones. Once the lockout chips were introduced in iPhones, their thefts plummeted.

            • Quite a few people do. Ditto for stolen phones. Once the lockout chips were introduced in iPhones, their thefts plummeted.

              It's quite a bit different stealing an iPhone compared to a Macbook. The reality is though stolen PCs are a very tiny subset of the second hand market.

            • by cusco ( 717999 )

              Thefts also plummeted because the market was already flooded with iToys.

          • Nobody is complaining about PC laptops being stolen. This is a handful of Apple users being the screaming Karen.

            No, it's a story by Apple ahters damning the company if it lets users who don't have the machine password reset the machine and damning them if they don't.

            If you, the legal owner of an Apple want to sell it without personal data remaining on it you can do so as easy as you could before. You just can't do that if you don't have the password.

        • by arglebargle_xiv ( 2212710 ) on Monday May 04, 2020 @08:47PM (#60022850)
          It's a cost/benefit thing. Eventually, 100% of Apple products get recycled/reused/whatever. Let's say 0.01% of Apple products get stolen (figure freely pulled out of my ass). It's not hard to see in which direction the benefit lies.
          • by DRJlaw ( 946416 ) on Monday May 04, 2020 @10:10PM (#60023026)

            It's a cost/benefit thing. Eventually, 100% of Apple products get recycled/reused/whatever.

            Recycled devices don't need the user password.
            Reused devices can be reset by the initial owner.
            "Whatever" = stolen and fenced.

            Let's say 0.01% of Apple products get stolen (figure freely pulled out of my ass). It's not hard to see in which direction the benefit lies.

            With the people who desperately want to be able to repurpose a device without the consent of or any interaction with the initial owner. The rest consider this a solved problem. Everyone who legitimately buys Apple devices knows to verify that the device has been reset, iCloud account delinked, etc. before handing over the money.

            Which way does the initial owner's benefit lie? The opposite way. Nobody asks whether the people who purchase Apple devices prefer one situation over the other. Why is that? I'm the initial owner of several Apple devices. The benefits of ownership accrue to me until I say otherwise. If you want a functioning device, you'll get it with my consent, or you won't get it at all.

            Your "benefit" comes at the expense of making my device a more attractive target for theft, and I'm not paying for that.

            • Thought experiment: read the comments and substitute "computer" for "gun". Remote locking one's property does have a freedom aspect to it, doesn't it? I wonder how people would reason differently with that comparison in mind.

            • Reused devices can be reset by the initial owner.

              That's great when the initial owner is available. They often aren't. Most reused devices just get handed in at op shops, some devices go to a recycling centre only to be determined repairable without customer contact details, hell some devices come from the dearly departed because who wouldn't try to sell my gaming rig if I got hit by a bus.

              • by Luckyo ( 1726890 ) on Tuesday May 05, 2020 @05:24AM (#60023716)

                The "dead person's private credentials in IT" are an actual nightmare right now, because they're not properly legislated in most places. Optimally there should be legislation, just like with other data, that whatever account data person x had who died is automatically granted to whoever has a legal right to inherit it.

                So that in case of legitimate transfer of credentials, there would be a legal path to force company holding access to grant said credentials to one making a request.

                • by thejam ( 655457 )

                  While I agree that the situation can be confusing given how things have changed over the past few generations (of people), I don't see that legislation is necessary. Why does the state need to decide this (other than consistency)? Can't organizations already decide to disclose (or not) the data of the deceased to next of kin? Perhaps make it clear in terms of service, or as part of the account settings, by naming a person to transfer data to after presenting proof-of-death (or no one)? That way, the per

                  • by Luckyo ( 1726890 )

                    The problem is that companies like to pretend that all of the data is their property, or at the very least "private to individual in question and shouldn't be given to their next of kin".

                    I remember a particularly nasty case somewhere in EU where facebook wouldn't give grieving family access to their relatives' facebook posts and just locked the account upon being informed that account holder died. This resulted in massive backlash, and I can't remember if there was legislation made in some countries against

                    • Sounds great, except read the TOS carefully. I imagine that is buried in there and the original owner agreed to them. Underlying problem is people have (for experimental purposes) agreed to give up their first born for free stuff. So until people are willing to read the TOS and decline the free FB account because they disagree, the problem is legally codified.
            • by cusco ( 717999 )

              Everyone who legitimately buys Apple devices knows to verify that the device has been reset

              4

              Horseshit. I wouldn't have known if I didn't read this article, and I've been working with computers since the mid-'90s. My niece's daughter wouldn't have known if she were to sell her Mac, the buyer would have gotten a non-functional computer and assumed she ripped them off. I think your definition of "everyone" needs to be revised.

        • There's a relatively simple solution that occurs to me for Apple devices, given how closely they tend to be tied to Apple accounts: Put a "submit a request to claim ownership" button on the lock-out screen. Push the button, and the owner of the Apple account the device is connected to gets an email asking them to log into their Apple account to surrender ownership so that device can be reset and used as something other than scrap. Presumably, if it was donated rather than stolen, most people would agree.

          A

      • by ShanghaiBill ( 739463 ) on Monday May 04, 2020 @08:36PM (#60022806)

        An obvious solution is to require a private key to reset the T2 chip. To get the key from Apple, you need to show that you are a legitimate owner of the device.

        • Re: (Score:3, Interesting)

          by Cmdln Daco ( 1183119 )

          And to take it a step further, the only criterion by which one can be deemed an illegitimate owner is if a positive record of a device having been stolen is on file. So discards and abandoned devices cannot be bricked.

          Apple won't want that, though.

          • by DRJlaw ( 946416 ) on Monday May 04, 2020 @09:30PM (#60022966)

            And to take it a step further, the only criterion by which one can be deemed an illegitimate owner is if a positive record of a device having been stolen is on file. So discards and abandoned devices cannot be bricked.

            Wait, so the device can only be preventing from completing a reset if a theft report is filed and provided to Apple? So it's a race between resetting the device and getting the police to write a report and provide it to you or Apple. Hmm, I wonder who'll win that race.

            Of course, you could be arguing that a device has to periodically check in with Apple for permission to operate. For good measure it can provide geolocation information to Apple whether the person currently in possession wants it to or not. Because that will go over so well with the Slashdot audience.

            • by AmiMoJo ( 196126 )

              Just have a 7 day wait period to get the unlock code. No big deal for recyclers.

          • Who decides what's a discarded or abandoned machine? You?

            And if a machine is stolen and reset before I get to make a police report, will you be be responsible for buying me an equivalent machine to replace it?

            I can't believe you'd even propose such a stupid process.

        • by Corbets ( 169101 )

          So your proposed model is a centralized backdoor in the hands of Apple?

          Because they’re pretty strongly philosophically opposed to that, and I support them.

        • you need to show that you are a legitimate owner of the device.

          How? That is fundamentally the problem. Most users are too dumb to remember to wipe their device. Most of the second hand market is anonymous, I don't fill out forms when I drop things at op shops. Some of the second hand market is from the death or legal proceedings where the original users is unable or unwilling to present the private key, and no one is going to go through the legal system to force the release of a private key on a scrap laptop unless it's got some damn bitcoins on it.

      • If the machine is faulty, the user might not be able to unlock it... And it's unlikely that the user would have direct and continued contact with whoever does the repair, there is likely a middleman (ie the user trades the faulty unit in, the shop sells the faulty unit on to someone specialising in repair etc).

        • My thought exactly.

          Before: smashed screen, user decides to replace. The old machine gets a new screen from the refurbisher and a new life.

          Now: smashed screen, user decides to replace. "Just unlock it so it can be reset." Nope.

      • This. It seems like his complaint is that he can't buy a stolen MB for $100 and turn it around as a $1500 refurb. FTA:

        The old "every device on the second hand market must be stolen cliche". Some devices are, some devices aren't. But ultimately the end result is the same. The stolen device still got stolen, and rather than being refurbished gets scrapped.

        • Umm...why would someone steal an expensive device knowing they could only sell it as scrap? There's much lower-risk crimes that could be committed to get $12.

    • but the high end mac should not be locked to storage.
      That is not raid, ON THE DMI BUS, and is needed to boot from an pci-e ssd / pci-e storage card / etc.

    • by vux984 ( 928602 ) on Monday May 04, 2020 @08:08PM (#60022732)

      "I don't see why, if you obtained the device legitimately,..."

      How about:
      1 - businesses dumping older equipment off for recycling

      2 - units obtained via police auctions, unpaid storage locker auctions, bankruptcy auctions, estate auctions (good luck getting the password from the deceased!)

      Lots of ways to acquire hardware legitimately, often in decent quantities, where the previous owner is not available to answer your questions.

      • Re: (Score:2, Informative)

        by DRJlaw ( 946416 )

        How about:
        1 - businesses dumping older equipment off for recycling

        If the business intended for the machine to be reused rather than recycled, then they could prepare it for that by entering recovery mode and running "xartutil --erase-all" .

        2 - units obtained via police auctions, unpaid storage locker auctions, bankruptcy auctions, estate auctions (good luck getting the password from the deceased!)

        From the perspective of the owner, see above, see above, see above, and would have included their password(s) in

        • Re: (Score:2, Informative)

          by Cmdln Daco ( 1183119 )

          By default, unless a device is specifically registered as a stolen device , the default state should be that posession means the ownership is legitimate. Apple is a premium esteemed brand and certainly should be capanle of maintaining a blacklist of specific devices that are reported as stolen. Any and all other equipment by default should be unlockable with a method that wipes all user data for privacy purposes.

          • Re: (Score:2, Informative)

            by DRJlaw ( 946416 )

            By default, unless a device is specifically registered as a stolen device , the default state should be that posession means the ownership is legitimate.

            Nope. Possession is not 9/10ths of the law. Having the login information is the better indicator that ownership is legitimate.

            Also, your mechanism simply turns into a race between resetting the device and reporting the device as stolen to Apple. These aren't cell phones where an internet connection can be required for operation, people will tolerate havi

        • by vux984 ( 928602 )

          "Especially in the case number 2, you act as if a legal transfer of ownership of the physical item, without the initial owner's consent, should give someone else a fully useful item"

          Why precisely shouldn't it?

          "Great. How do you ensure a legal transfer of ownership?"

          The court orders authorizing it to be auctioned off.

          "Because any mechanism that you create to enable that sort functionality without the cooperation of the initial owner will leak outside of whatever control group you create (Apple, Apple-authori

          • by DRJlaw ( 946416 )

            "Great. How do you ensure a legal transfer of ownership?"

            The court orders authorizing it to be auctioned off.

            You're cute. You think that there are court orders mentioning specific property backing all of those mechanisms. There are not.

            So what? You are basically suggesting the default position of should be that if you can't prove you own it that its stolen. That's the opposite of the "presumption of innocence".

            And now you've gone off the rails. The "presumption of innocence" applies to criminal proceedin

        • by Bert64 ( 520050 )

          If the business intended for the machine to be reused rather than recycled, then they could prepare it for that by entering recovery mode and running "xartutil --erase-all" .

          If they're discarding the machines then they're not going to put any effort beyond the bare minimum into them... And that's assuming they're even aware of this issue, most businesses just bulk ship their used equipment to a disposal company, it would make the process far more difficult if they had to follow different recovery processes for every brand of hardware.

          Also if the machine is faulty this isn't possible, by the time the machine reaches someone who can repair it contact with the original owner may h

          • by DRJlaw ( 946416 )

            If they're discarding the machines then they're not going to put any effort beyond the bare minimum into them...

            Like erasing the non-removable storage? Which is most easily and quickly done by erasing the secure enclave of the T2 chip using that command?

            And that's assuming they're even aware of this issue, most businesses just bulk ship their used equipment to a disposal company...

            Citation needed. Also, anyone who does this deserves immediate termination.

            Also if the machine is faulty this isn't possible,

          • by shilly ( 142940 )

            Companies don't simply "discard" Macs they bought in 2018. Those Macs have significant residual value. They will *sell* them. And the investment of effort to wipe the devices properly is worth their while to realise that value.

      • by PPH ( 736903 )

        good luck getting the password from the deceased!

        So, no need to put instructions in my will that, in the event of my death, my browser history should be deleted. IMO, this is a good thing.

        • by vux984 ( 928602 )

          No one is arguing that they should get your data.

          They just don't think the whole computer needs to be tossed in trash.

      • good luck getting the password from the deceased!

        There is no need. You ask the grandchild who setup the computer for the password. :-)

    • by hazem ( 472289 )

      I don't see why, if you obtained the device legitimately, you can't even pay the user to unlock it for resetting,

      Why? Maybe the user's dead. My partner's father died, so he's unable to unlock the Apple device he left behind.

    • Yeah when my 2017 macbook was stolen from my house, the cop asked if I had a password. Told him I did, on bootup. He said the good news was that renders the laptop worthless to thiefs as theres no known way to bypass that on modern macbooks. The bad news is, It'll never turn up on find-my-iphone as a result.

      Whoops. But also kind of reassuring as well. Still that was an expensive burglary :(

    • I don't see why, if you obtained the device legitimately, you can't even pay the user to unlock it for resetting

      Many reasons: 1) Because users aren't that smart. People drop things in at second hand places all the time without even thinking of passwords or locks. Detailed information isn't kept and users can't be traced.
      2) Because the user may not be able to. The device may have been broken and therefore sold on the second hand repair market. Think putting your fist through the monitor. In the past this would result in simply replacing the monitor, wiping the device and reselling it. Now not possible (see aforementio

    • by AmiMoJo ( 196126 )

      Back when I used to work in that field one of the most common issues users had was forgetting their password.

      In fact my wife has an iPad where she forgot the password. Or rather a family member set it up for her originally and he forgot the password. It's now in a weird state where some stuff is on his account and can be accessed but not updated, and other stuff is on her account which all works fine. Best of all his password reset goes to a phone number they don't have any more.

      When the time comes I'm hopi

    • Or make a 'do nothing' T2 security chip. I'm pretty sure that a little bit of digging will end up with a way to bypass the thing and load another OS on it.
    • If it has been recycled, the user is probably unknown.
  • to let someone change a battery?
  • by MrNJ ( 955045 ) on Monday May 04, 2020 @07:13PM (#60022628)
    So I don't buy the products that have it. Problem solved.
    • by AmiMoJo ( 196126 )

      Unfortunately few people even realize they are buying a T2 chip. It's not like the box says "difficult to recycle" or there is a warning sticker on the demo machines in the Apple Store.

  • Mental Note... (Score:5, Insightful)

    by mssymrvn ( 15684 ) on Monday May 04, 2020 @07:13PM (#60022630)

    When my MBP is ready for retirement: blow away the SSD contents and leave a default password on a post-it on the computer for refurbishers. Or a school. Or somebody who might get more use out of it.

    Got it.

  • FCUK Apple (Score:5, Interesting)

    by sit1963nz ( 934837 ) on Monday May 04, 2020 @07:15PM (#60022634)
    Ok, let me get this out there, I am a Mac user, I own 6 Macs + iPhone + Apple TV, etc etc, so call me a fanboy if you choose.

    My Current laptop that I had to buy in a rush (my last one fried the GPU) is the first Apple computer I have not been able to upgrade in any way.
    I have Always added m ore RAM and bigger hard drives as money allowed (and lets face it, 3rd party stuff was a shit load cheaper too)

    Now I have a collection of old 1970-1980 computers. I can open them, I have actual service manuals for them, I can repair them and keep them going for decades more. This is the gold standard for the environment , these machines running for 40+ years and often repaired with the replacement of one or two components.

    Apples current stance is "green washing", NONE of their products will last anywhere close to this now. They are difficult to on sell, impossible to upgrade, impossible to repair and you are forced yo throw them after as little as 4 years because Apple has made them too costly to repair.

    This is complete BULLSHIT.

    My "next Mac" will be a hackintosh
    • My current laptop is a mid 2012 MacBook Pro. That is 8 years old and still going.

      My current desktop is a 2014 Mac Mini. That is 6 years old and still going.

      So much for you 4 years nonsense.

      • In case you haven't noticed, Apple doesn't build computers like they did in 2012. The 2020 Macbook in 2028 is more than likely going to be a paperweight. Heck, if you even bothered to read the article there's two 2018 Macbook books that cost $3000 new, and two years later are now worth only $12 as scrap.

      • Comment removed based on user account deletion
      • Apple dropped support for it. Its GPU died, which is a common defect with this model.

        My MacBook Pro 17" 2009 lasted longer than my 2012 model, but even if hadn't died, Apple also dropped support for it.

        My Mac Mini is from 2012. I bought it because Apple still supports it -- barely, and I have no care to ever give them any more money. I would have bought a newer model, if their memory/storage wasn't soldered to the board -- LAME. Then they make matters worse and add this disgusting T2 chip.

        Apple i
    • by waspleg ( 316038 )

      You enable their shitty anti-consumer business practices by continuing to buy their products.

      It reminds me of my father who is on disability and social security but has voted a straight republican ticket his entire life voting directly against his own interests for at least 20 years.

      • It is directly in my interest to reduce the likelihood of my laptop being stolen or being valuable in the stolen laptop market.

    • by vlad30 ( 44644 )
      Which of those 1970-1980 computers are actually doing real work. As someone who maintains industrial machines built 40-50 years ago even those have had the computers that run them upgraded over time (originally msdos 3 systems) and when they were unsupported upgraded. I do Note i still find and old machine that just didn't break over that time frame but inevitably it is getting harder to find parts like ST506 Hard drives so you might be able to keep an old machine going but the cost often is greater than an
      • For my work I still repair stuff from the lates 60's and I even still have a drawer of new valves though we probably don't have anything left which uses them.

        I have a Kaypro 10 that I think uses the ST506 (10MB ?). Have not booked it for a few years. My Osbourne 1 still boots as does my TRS-80 M1.
        I am building interface cards for all of these (eventually as time and money allow) to boot off SD cards.

        The 8080 development board still runs.
        As I have gutted old equipment at work because it is no longer ne
    • by AmiMoJo ( 196126 )

      The big killer that usually goes unmentioned is batteries. Apple started the current trend of non-replacable batteries in battery powered devices with the iPod but even long before that many machines had batteries that were not user replacable. I mean desktop computers, not portable devices. Usually soldered to the motherboard, sometimes able to leak and destroy it, sometimes just a pain to replace. Often the machine won't boot or work right without the battery too.

      Going back to the original IBM PCs this wa

  • by p51d007 ( 656414 ) on Monday May 04, 2020 @08:03PM (#60022718)
    Equipment, NOT repaired/refurbished by them. Apple has this "Cadillac" expectation and doesn't want 3rd party, doing the referb, then selling it, and it ends up having a problem, which might reflect badly on (cr)Apple. Plus, if Apple does the referb, they can obviously charge a MUCH HIGHER price, because less competition.
    • by sjames ( 1099 )

      Ironically, it's reasonably easy for a third party to repair or refurbish an actual Cadillac and sell it. I'd say your second point is the REAL reason Apple is taking this approach.

  • Drop PPLW and bUy hardware that comes with Linux preinstalled: https://linuxpreloaded.com/ [linuxpreloaded.com] A new Linux OEM not in that list is KFocus.org. If you like paying a lot for excellent hardware that site is in the same league as System76 and the others. Or, buy a Win10 box and dual boot with Linux. Kubuntu 20.04 is a good choice.
  • by bill_mcgonigle ( 4333 ) * on Monday May 04, 2020 @08:57PM (#60022884) Homepage Journal

    This is a feature, not a bug.

    If you can't afford to buy new Apple gear then you shouldn't be using Apple gear. They want their stores to look like they have the upscale clientele they deserve. Beautiful thin machines, beautiful thin people - got it?

    Go repair your Ubuntu notebook with your crazy ZFS and your crazy "repairability", and your so-called "stable kernel" and your "timely patches".

    You knuckle-draggers probably even think you can choose your own software wisely. Enjoy your absolutely deplorable hardware that weighs several ounces more than anything a decent person would be seen in public with.

  • The only thing the T2 'security' chip is securing, is revenue for Apple.

  • This entire thread is full of people defending disgusting business practices that any other company would be utterly decimated for.

    Apple fans are truly some of the worst blinders on zealots on the entire internet.

  • Buy replacement SSD chips and use a bga extractor to heat the solder and remove the existing chip. Use the same machine to replace it. Test and then done
  • Choose one. The notebooks will eventually be recycled anyway so a few years less use for some notebooks that are for whatever reason not unlocked by the original owner is a trifle, not a tragedy.
    If you prefer something less security-focused then buy that instead.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...