Michael Tsai on Twitter: "@grynspan OK, so the workaround is to shutdown when you’re not physically at the computer."

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
3424486444	Vodafone
» See SMS short codes for other countries

Michael Tsai ‏@mjtsai 5 Aug 2012

@grynspan Wow.
Jonathan Grynspan ‏@grynspan 5 Aug 2012

@mjtsai Sarcastic wow?
Michael Tsai ‏@mjtsai 5 Aug 2012

@grynspan Surprised wow. If it just says “A recovery key has been set” hopefully that means I didn’t share it with Apple…
Jonathan Grynspan ‏@grynspan 5 Aug 2012

@mjtsai It says that in the FV2 prefs, of course. But during login there's still the option to reset your PW with an Apple ID. Which is bad.
Michael Tsai ‏@mjtsai 5 Aug 2012

@grynspan So the only way to check whether Apple has your recovery key is to fail a login and see whether it offers to reset for you?
Jonathan Grynspan ‏@grynspan 5 Aug 2012

@mjtsai I can confirm I was able to log into an account on an FV2-protected disk with a password I didn't know using the Apple ID password.
Michael Tsai ‏@mjtsai 5 Aug 2012

@grynspan Is there anywhere in the UI that shows, after setup, whether your login password can be changed via Apple ID?
Jonathan Grynspan ‏@grynspan 5 Aug 2012

@mjtsai Physical access screws with a lot of security, but this defeats the purpose of FV2: prevent data access if physical access occurs.
Michael Tsai ‏@mjtsai 5 Aug 2012

@grynspan This sounds like the worst Mac security bug I’ve ever heard of. You’re basically basically that Apple has a backdoor to FileVault.
Jonathan Grynspan ‏@grynspan 5 Aug 2012

@mjtsai It's worth noting that the machine must have already been booted past the grey FV2 login screen. But once it's running, hole ahoy!

‏@mjtsai

@grynspan OK, so the workaround is to shutdown when you’re not physically at the computer.

11:39 AM - 5 Aug 2012

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

Michael TsaiVerified account

@mjtsai

Loading seems to be taking a while.

false

Saved searches

Michael TsaiVerified account

@mjtsai

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

Welcome home!

Tweets not working for you?

Say a lot with a little

Spread the word

Join the conversation

Learn the latest

Get more of what you love

Find what's happening

Never miss a Moment

Loading seems to be taking a while.

Promoted Tweet

false