What is the likelihood of a brand new iMac having been compromised in China?

[KaliYoni]

This is one of those threads I browse through, the put on "ignore".
Which is what I'm doing as soon as I put this reply up...

I think the OP is a secondary user name used by a MR member who has a long history of posting paranoid questions, bizarre assertions, conspiracy theories, and attacks on anybody who attempts to contribute a rational reply.

----------
ETA

Can anyone explain, please .....

Welcome to Groundhog Day, MacRumors edition. https://forums.macrumors.com/threads/conundrum.2310100/ https://forums.macrumors.com/threads/apple-id-query.2295668/?post=29874744#post-29874744 https://forums.macrumors.com/threads/how-does-one-contact-the-administrator.2157489/

forums.macrumors.com

 

[ifxf]

I would be more concerned that one or more of the ICs were compromised with additional circuits.

 

[CaryB]

Hello

Have there been any reports of this happening?

Indeed, how would the average purchaser know that a brand new machine HAD been compromised?!!

A fiend of mine had a brand new 27 inch iMac delivered earlier this year. It didn't have the up-to-date operating system installed and it failed to behave quite as we had expected. The outcome was that it was returned to Apple for a full refund.

Just wondering if there have been other cases mentioned anywhere. Anyone?

Why do you say China?

It could have been "compromised" in Russia or the US, but no, you've chosen to say it is China.
All their fault is it?

 

[tothemoonsands]

I would be more concerned that one or more of the ICs were compromised with additional circuits.

Exactly. That is how they would do it. Not by software. You make a purposeful hardware vulnerability that can then be dialed up later. It's unrecognizable to both consumers and even Apple themselves until the time comes for the given targets. My assumption is that the vulnerability would strictly be exploited for the highest-priority targets, lest it becomes discovered and patched. It certainly wouldn't be easy to infiltrate the supply chain, but in the realm of possibility and greater than 0% chance? Absolutely! One has to ask the inverse question: If the capability exists, then why wouldn't they do this?

P.S. I should add: The U.S. military (and other organizations) are well aware of these risks, and that's why many critical machines and equipment are "air-gapped" (i.e. offline with all networking capabilities removed at a hardware level). And guess what, even with that, there have been demonstrations where exploits can make their way onto the target device in the most obscure ways.

 

[Brawdy14]

Why do you say China?

It could have been "compromised" in Russia or the US, but no, you've chosen to say it is China.
All their fault is it?

China is where the Apple iMac is manufactured.

Are Macs manufactured in China?

Answer (1 of 5): Q: Are Macs manufactured in China? A: Yes and no. * MacBooks, MacBook Pros, MacBook Air, Mac Minis and iMacs have final assembly in China from components that are made all over the world, including the US * Mac Pros are made by hand in the United States

www.quora.com

 

[jchurchill]

Saying there is 0% chance is naive. It's only impossible until someone manages to do it. Remember, the US NSA has intercepted and altered US-made, internationally-destined routers and servers going back 20 years.

Your appropriate level of paranoia is depends on who your enemies are. Grandma browsing Facebook and commenting on election conspiracies? 0. Chinese dissident journalist? 10.

 

[GrumpyCoder]

Saying there is 0% chance is naive. It's only impossible until someone manages to do it.

Chances that all world leaders are replaced with alien clones that have an alien snake in their head to control them are also >0%. And yet, it's not something we have to worry about. It's the equivalent of the infinite monkey theorem.

 

[Unregistered 4U]

Chances that all world leaders are replaced with alien clones that have an alien snake in their head to control them are also >0%. And yet, it's not something we have to worry about. It's the equivalent of the infinite monkey theorem.

Well, of COURSE they are. How else would you explain how all cars in the world don’t have the steering wheels on the same side?!? Only the naïve can’t clearly see it.

 

[Danfango]

Considering the entire software chain is signed from boot to desktop it would take compromising several companies and entire lines of validation for this to be possible. If it did happen, something would be breaking loudly somewhere and obviously. So the answer is extremely unlikely.

 

[Joe C]

Hello

Have there been any reports of this happening?

Indeed, how would the average purchaser know that a brand new machine HAD been compromised?!!

A fiend of mine had a brand new 27 inch iMac delivered earlier this year. It didn't have the up-to-date operating system installed and it failed to behave quite as we had expected. The outcome was that it was returned to Apple for a full refund.

Just wondering if there have been other cases mentioned anywhere. Anyone?

I live in the U.S. I ordered my 2021 24-inch M1 Mac from the Apple Store Online. It was delivered by FedEx a few weeks later. It arrived with ClamXAV anti-virus and a related disk cleaner on the desktop. Needless to say, performance with ClamXAV installed was terrible; the machine crashed every 15 minutes. A strip-and-reinstall of the OS and s/ware appears to have cured the problem. Apple Support says it is impossible for a new Mac to have been shipped from the warehouse with ClamXAV or any other unauthorised third-party s/ware on the machine.

So, might an Apple device be subject to tampering in the factory in China? If you have an answer, please provide a reference to supporting evidence. It seems to me it is possible, but my "evidence" is circumstantial and one instance only. If there are other, similar instances, perhaps we might might come to find a pattern.

Joe C .

 

[Brawdy14]

I live in the U.S. I ordered my 2021 24-inch M1 Mac from the Apple Store Online. It was delivered by FedEx a few weeks later. It arrived with ClamXAV anti-virus and a related disk cleaner on the desktop. Needless to say, performance with ClamXAV installed was terrible; the machine crashed every 15 minutes. A strip-and-reinstall of the OS and s/ware appears to have cured the problem. Apple Support says it is impossible for a new Mac to have been shipped from the warehouse with ClamXAV or any other unauthorised third-party s/ware on the machine.

So, might an Apple device be subject to tampering in the factory in China? If you have an answer, please provide a reference to supporting evidence. It seems to me it is possible, but my "evidence" is circumstantial and one instance only. If there are other, similar instances, perhaps we might might come to find a pattern.

Joe C .

Hello Joe

Are you the same fellow as the one who posted here? https://www.mac-forums.com/threads/...le-store-get-on-my-brand-new-2021-mac.369271/

If so, did you manage to persuade Apple to provide you with a brand new replacement iMac?

Most folk here think will think you are 'spinning a line'!

 

[AZhappyjack]

Hello

Have there been any reports of this happening?

Indeed, how would the average purchaser know that a brand new machine HAD been compromised?!!

A fiend of mine had a brand new 27 inch iMac delivered earlier this year. It didn't have the up-to-date operating system installed and it failed to behave quite as we had expected. The outcome was that it was returned to Apple for a full refund.

Just wondering if there have been other cases mentioned anywhere. Anyone?

Anything is possible if one is paranoid enough...

 

[Joe C]

Hello, B. Yes, I am the same Joe C. who posted to the MacForum several months ago about the same episode. Apple Support worked with me for several weeks, first benumbed by my report and what they found via remote monitoring of my Mac in use, then manually deleting a bunch of ClamXAV files (which helped a bit temporarily), finally by remotely stripping my 500GB Flashdrive and doing a full reinstall of the OS and my apps. I managed retrieval of my datafiles from iCloud storage, reformatted my G-Drive Time Machine backup drive and started it over from zero.

That seems to have done the job. My Mac has been fast and flawless since -- possibly until last week, when it started again to take upwards of a minute to boot from switch on to PW screen (normally a 20 second wait) and, at the PW screen, failed to recognize its Magic Keyboard. This has happened several times in the past week, although not consistently. A hard reboot was required, which cleared the problem, typically (but not always) on the first try.

This is exactly how the problem first manifest itself with ClamXAV installed; it then quickly progressed to near unusability.

This time around, I am monitoring the state of charge in both the Magic Keyboard and the Magic Trackpad more carefully than I did the first time. It may be that a charge state below 80% precipitates the problem. Both peripherals are fully charged; if the problem recurs before either falls to 80% charge (particularly the KB), I will contact Apple Customer Relations and request a replacement Mac. I'll let you know how it goes.

No, I am not "spinning a line." (That means "pulling the wool over your eyes," right? Two great countries separated by a common language....-)

 

[Brawdy14]

Anything is possible if one is paranoid enough...

Hello, B. Yes, I am the same Joe C. who posted to the MacForum several months ago about the same episode. Apple Support worked with me for several weeks, first benumbed by my report and what they found via remote monitoring of my Mac in use, then manually deleting a bunch of ClamXAV files (which helped a bit temporarily), finally by remotely stripping my 500GB Flashdrive and doing a full reinstall of the OS and my apps. I managed retrieval of my datafiles from iCloud storage, reformatted my G-Drive Time Machine backup drive and started it over from zero.

That seems to have done the job. My Mac has been fast and flawless since -- possibly until last week, when it started again to take upwards of a minute to boot from switch on to PW screen (normally a 20 second wait) and, at the PW screen, failed to recognize its Magic Keyboard. This has happened several times in the past week, although not consistently. A hard reboot was required, which cleared the problem, typically (but not always) on the first try.

This is exactly how the problem first manifest itself with ClamXAV installed; it then quickly progressed to near unusability.

This time around, I am monitoring the state of charge in both the Magic Keyboard and the Magic Trackpad more carefully than I did the first time. It may be that a charge state below 80% precipitates the problem. Both peripherals are fully charged; if the problem recurs before either falls to 80% charge (particularly the KB), I will contact Apple Customer Relations and request a replacement Mac. I'll let you know how it goes.

No, I am not "spinning a line." (That means "pulling the wool over your eyes," right? Two great countries separated by a common language....-)

Nearly right! ? Some might call it trolling .........! Good luck with keeping your iMac functioning.

 

[Unregistered 4U]

Anything is possible if one is paranoid enough...

Yeah, like I’m quite sure that I’m the only human on MacRumors. Everyone else must be Apple bots created to make it look like there’s a lot of people that want to talk about Apple products when it’s really not very many people at all. I have to say, some of these bots are almost good enough for me to think they might be humans, but I’m not falling for it.

Just enjoying the machine learning artificial intelligence on display! Fascinating.

 

[rumorguy]

Taiwan Semiconductor Manufacturing Co. (TSMC) makes the M1 chip. They are suspects too. Not just
China.

 

[FNH15]

So if the OS is not the most up to date version and your experience does not match your expectations your logical conclusion is: It must be compromised in China.

More obvious reasons could be:
- Almost never an OS is fully up to date on a brand new machine, because the machine spends time in storage and in transit. This goes for all brand new Windows and Apple computers I have bought in my lifetime regardless from the country they where coming from.
- Your expectations where too high, too low or just different compared to reality.

Ever heard of Occam's Razor?

Exactly. Even my pre-ordered M1 Pro had to be updated from macOS 12.0 -> 12.0.1. Ditto the original M1 Macs as well; they shipped with 11.0 but Big Sur was released to the public as 11.0.1. This is quite common on the iOS side going back at least to the iPhone 4S, if not earlier.

 

[AMacisforlife]

Nearly right! ? Some might call it trolling .........! Good luck with keeping your iMac functioning.

Joe C is not the troll here. His topic on the other forum was closed down I suspect to stop someone spreading more conspiracy theories about ClamXav. Certain posts concerning that appear to have been removed. It is unfortunate that the topic was closed before Joe C had the opportunity to input his interactions with Apple Support but the moderators probably thought the topic was being hijacked and had no choice.

 

[SpotOnT]

Hello, B. Yes, I am the same Joe C. who posted to the MacForum several months ago about the same episode. Apple Support worked with me for several weeks, first benumbed by my report and what they found via remote monitoring of my Mac in use, then manually deleting a bunch of ClamXAV files (which helped a bit temporarily), finally by remotely stripping my 500GB Flashdrive and doing a full reinstall of the OS and my apps. I managed retrieval of my datafiles from iCloud storage, reformatted my G-Drive Time Machine backup drive and started it over from zero.

That seems to have done the job. My Mac has been fast and flawless since -- possibly until last week, when it started again to take upwards of a minute to boot from switch on to PW screen (normally a 20 second wait) and, at the PW screen, failed to recognize its Magic Keyboard. This has happened several times in the past week, although not consistently. A hard reboot was required, which cleared the problem, typically (but not always) on the first try.

This is exactly how the problem first manifest itself with ClamXAV installed; it then quickly progressed to near unusability.

This time around, I am monitoring the state of charge in both the Magic Keyboard and the Magic Trackpad more carefully than I did the first time. It may be that a charge state below 80% precipitates the problem. Both peripherals are fully charged; if the problem recurs before either falls to 80% charge (particularly the KB), I will contact Apple Customer Relations and request a replacement Mac. I'll let you know how it goes.

No, I am not "spinning a line." (That means "pulling the wool over your eyes," right? Two great countries separated by a common language....-)

Geeezzzz that is nuts! I absolutely would have returned that computer within the 14 day return period if I had found some third party software on there!

The only thing that makes sense to me, is somehow, somewhere a returned device got incorrectly added to new stock. But even that doesn't make very much sense, since how could the software be on there if you were creating a brand new user account. It almost sounds like the old days, where you would have an infected router that would try to install trash software on your computer, but with modern macOS, it isn't exactly easy to install third party software without clicking through a bunch of notifications. The whole situation is so completely odd.

 

[AMacisforlife]

Geeezzzz that is nuts! I absolutely would have returned that computer within the 14 day return period if I had found some third party software on there!

The only thing that makes sense to me, is somehow, somewhere a returned device got incorrectly added to new stock. But even that doesn't make very much sense, since how could the software be on there if you were creating a brand new user account. It almost sounds like the old days, where you would have an infected router that would try to install trash software on your computer, but with modern macOS, it isn't exactly easy to install third party software without clicking through a bunch of notifications. The whole situation is so completely odd.

An EtreCheck report done on receipt of the machine from Apple might have been illuminating. Too late now.

 

[T'hain Esh Kelch]

The fact that there’s no reports of this happening is JUST the kind of thing I’d expect if the people doing the compromising were really good. I’d also expect that the average purchaser would have no way to know if it had been compromised. Given those two thoughts, I can’t help but come to the conclusion they’re all compromised in a very clever way that no one will ever be able to prove.

By that logic there are unicorns everywhere and they are just very good at hiding.

 

[Brawdy14]

An EtreCheck report done on receipt of the machine from Apple might have been illuminating. Too late now.

As you have followed this through for so long, 'AMacisforlife' (from northern England) I'd like to suggest that you, or, indeed, anyone else reading here, contact Mark Allan at Canimaan Software Ltd. and ask him if HE has any clue as to how his ClamXav software could have been loaded onto a brand new Apple iMac.

There is a handy contact form right here:- https://www.clamxav.com/support/contact-us/

Perhaps if YOU won't, Joe will do so himself. He may, of course, have already done so, but he has never mentioned it.

 

[AMacisforlife]

As you have followed this through for so long, 'AMacisforlife' (from northern England) I'd like to suggest that you, or, indeed, anyone else reading here, contact Mark Allan at Canimaan Software Ltd. and ask him if HE has any clue as to how his ClamXav software could have been loaded onto a brand new Apple iMac.

There is a handy contact form right here:- https://www.clamxav.com/support/contact-us/

Perhaps if YOU won't, Joe will do so himself. He may, of course, have already done so, but he has never mentioned it.

I’m not your scivvy so why don’t you ask him yourself. Also Canimaan Software will have a listed phone number you can call.

The most likely cause of this issue is that a partly refurbished machine got placed into the new machine supply line by mistake. The original owner installed ClamXav but it never got removed by Apple on its return. It’s possible the ClamXav configuration (plus that of other apps) got screwed up during the partial refurb which could well explain the behaviour Jon C saw. What is your view?

P.S. So you mention I live in Northern England. What is the significance of that remark?

 

[matdotcx]

I'm surprised it's taken this long for anyone to mention it, but, it's trivial to put a third party application onto a brand new Mac, out of the box, without user intervention.

All it takes is one reseller to mistype a serial number into Apple Business Manager and the machine will, on first boot, connect to someone's MDM service, pull down a configuration profile, and do its thing.

In the past, we've deployed systems have have been mistakenly attributed to other organisations' DEP instances, and our employees have been greeted by internal tools on the desktop for a company they don't work for. It's not unheard of, but it's certainly a lot more likely than a refurb system ending up in a new machine's box, or someone doing a interception of your friend's machine.

Sadly as the machine is now gone, there's no way to tell if that was the case, but I'd bet a dollar that was the cause.

 

[AMacisforlife]

I'm surprised it's taken this long for anyone to mention it, but, it's trivial to put a third party application onto a brand new Mac, out of the box, without user intervention.

All it takes is one reseller to mistype a serial number into Apple Business Manager and the machine will, on first boot, connect to someone's MDM service, pull down a configuration profile, and do its thing.

In the past, we've deployed systems have have been mistakenly attributed to other organisations' DEP instances, and our employees have been greeted by internal tools on the desktop for a company they don't work for. It's not unheard of, but it's certainly a lot more likely than a refurb system ending up in a new machine's box, or someone doing a interception of your friend's machine.

Sadly as the machine is now gone, there's no way to tell if that was the case, but I'd bet a dollar that was the cause.

Yes that seems a very plausible explanation. I’m not a developer or distributor of software so hadn’t considered that possibility ? I really don’t think there’s some kind of conspiracy involved with this issue.