[Flashback] MacBook stolen long time ago, but iCloud lock is still pending?

[SmOgER]

I'am wondering, how can it be possible for someone to completely remove my iCloud account from MacBook without knowing my password or anything? I mean, it shows up as an offline device in findMyiPhone, was stolen more than a year ago, surely by now it should have been online at least once, but iCloud lock and erase are still pending "..will take effect once the Mac connects to the internet"... How come?

 

[keysofanxiety]

I'am wondering, how can it be possible for someone to completely remove my iCloud account from MacBook without knowing my password or anything? I mean, it shows up as an offline device in findMyiPhone, was stolen more than a year ago, surely by now it should have been online at least once, but iCloud lock and erase are still pending "..will take effect once the Mac connects to the internet"... How come?

FindMyMac wasn't exactly great on the earlier iterations. Basically if the HDD was wiped, it'll stop working (I believe it's still the same). Unless you had a firmware password it's extremely likely that the thief wiped the hard-drive -- and even if you had an OS password they could have quickly removed that through the Recovery partition.

Apple are going around this these days by prompting to set up HDD encryption with each El Cap update -- this means that there's no way the drive can be unlocked and wiped unless they know the password. Previously it was just a quick command through Terminal in the recovery OS.

Hope this clears things up.

 

[SmOgER]

Oh. I assumed during a fresh install (or the first time it comes online with wiped drive) Apple servers would check if the device with the same serial number isn't tied to another iCloud account. I see no reasons NOT to do this. I mean, Apple clearly knows the location and serial number of that Mac as well as what Apple IDs / iCloud accounts were used on it and if the lock was ever requested on that serial number, so it's just the matter of basic programming more or less..

 

[aajeevlin]

FindMyMac wasn't exactly great on the earlier iterations. Basically if the HDD was wiped, it'll stop working (I believe it's still the same). Unless you had a firmware password it's extremely likely that the thief wiped the hard-drive -- and even if you had an OS password they could have quickly removed that through the Recovery partition.

Apple are going around this these days by prompting to set up HDD encryption with each El Cap update -- this means that there's no way the drive can be unlocked and wiped unless they know the password. Previously it was just a quick command through Terminal in the recovery OS.

Hope this clears things up.

Do you assume those that can't be removed or easily access (e.g., the new retina with the new SSD form factor)? Other wise I believe as long as I have access to a harddrive and I can connect to it I can always wipe it. Maybe I'm missing something?

Oh. I assumed during a fresh install (or the first time it comes online with wiped drive) Apple servers would check if the device with the same serial number isn't tied to another iCloud account. I see no reasons NOT to do this. I mean, Apple clearly knows the location and serial number of that Mac as well as what Apple IDs / iCloud accounts were used on it and if the lock was ever requested on that serial number, so it's just the matter of basic programming more or less..

That was my assumption as well all along. I always figured if the theft was smart enough they would simply wipe the drive. After that, what's the point of the icloud?