0

Is there a way to find out if your Mac has been compromised software and hardware wise? I have a pre-unibody MacBook (2007), and it was in someone else's hands once.

I want to make sure:

  1. the person did not put any software to monitor my Mac activity (web browsing or whatever I do on the Mac, basically)

  2. they also did not physically put a tiny camera, recording device, GPS or the like in the hardware.

I am not too savvy with this stuff, but can I at least be clear of no.1 by swapping my HDD with a new one?

For no.2 I guess I have to open up everything with a little screw drivers. Which I can probably do with tutorials.

Does anyone have other ideas?

Improve this question
2

2 Answers 2

Reset to default
1

The #1 rule of information security: when physical security is compromised everything goes out of the window. Assume your computer has been modified. (This is super paranoid level and would apply to the CIA or FBI). Chances are that you and your friend are not spies, so things can be bit simpler.

The simplest option is just backup your computer with Time Machine before lending your laptop. Then restore your computer to this backup when you get your computer back. All software changes are gone as Time Machine will format the hard drive prior to restore. Now if you don't want to do that (I have no idea why), here are some other things you can try:

  1. Create a Standard User account and ask your friend to use it. A Standard User can't write to system folders so the chance of installing sneaky software is reduced.

  2. Open Console.app after you get back your computer, click All Messages and go over the log entries for the time your computer was not in your hand. Mac OS X regularly outputs informational messages for its internal workings so you can trace stuffs there.

  3. fseventsd is a background process that track all changes to the file system. Anytime anyone writes anything to the file system, fseventsd knows it. This is what Spotlight and Time Machine rely on to do their stuffs. If you are good with programming, you can write an application to listen to fseventsd (documentation here). There's also a ready-made app, but it hasn't been updated for some time.

  4. Unless your friend is a CIA spy, or FBI agent, or Mosad, he/she isn't likely be able to physically modify computer without leaving a trace. Take a pencil and scribe a faint line over the screws at the back of the computer. When you get it back, check if the lines are straight to see if the computer has been opened. It's not foolproof, but lining up these screws takes a lot of efforts. You can also open up your computer before hand and place secret markers at crucial points to make sure they are not opened.

Improve this answer
1
  • Ahhh i wish i had these notes before i lent the mac lol!! But thanks i will definitely keep these for future reference. Console app looks really detailed and good to track what went on - unfortunately when i lent mac it was a while ago and seems to no longer show in the console records but thanks for letting me know about the app!
    – Lemons
    Commented Oct 7, 2014 at 16:30
0

Next time I would be more careful about the people you want to lend your Mac to.. ;)

However:

  1. I would simply check the entire filesystem with an anti virus/spyware/malware of your choice, and I would check regularly on Task Manager if there are processes you find strange or suspicious (better if you remember what was installed on your Mac prior to lending it). In this way you will be almost completely certain that any threat that entered your pc will be gone. Please notice that swapping your hd with a new one would work only if you want to install MacOS from scratch. Copying files from an hd to another would copy any threat as well.

  2. Unless your "friend" is a professional engineer, a detective or something similar, I don't think he/she can put any kind of recording device in your computer without making it noticeable at all. I think a deep check of your Mac appearance can spot most of the potential issues.

if you still want to open your Mac, you can use iFixit (for example, since you said you MacBook was the last before Unibody ones, you can fint the related page here) guides, but be careful since there are cables and connectors that sometimes are very weak and likely to be damaged if you are not an expert.

Since you say you lent it, I presume you know the person that had your Mac in the previous days. Only you can judge if they are enough experienced to put some kind of threats (either software or hardware) in your computer.

Improve this answer
3
  • Thanks lots for the detailed explanation! :) I think I will install a clean OS on a new HD... >_< Good to know non-experts probably would alter Mac appearance if putting something hardware... So far outside looks normal. I will still open it to check just in case :/ thanks for the link - i love ifixit!!!
    – Lemons
    Commented Oct 7, 2014 at 16:17
  • You can as well format the hd that is present in your Mac, and install OS from scratch. By the way, I don't know why you are so suspicious, but i wouldn't.. 99% of basic computer users don't even know what a keylogger is :D
    – Andrea Gottardi
    Commented Oct 8, 2014 at 0:04
  • Oh ok good lol yea I didn't know what a keylogger was (or such device), either, until I saw the above link! Scary! Thanks for letting me know about formatting, I might try that :)
    – Lemons
    Commented Oct 8, 2014 at 19:36

Not the answer you're looking for? Browse other questions tagged .