Unbricking my MacBook took an email to Tim Cook

I previously wrote about how my lost MacBook was returned to me with an Activation Lock on it, and how Apple refused to unlock it for me. Well, I did manage to finally get it unlocked. All it took was an email to Tim Cook. I don’t know how repeatable this process is, but here’s what happened.

After publishing the article, it somehow reached the top of Hacker News. I’d hoped that would trigger someone from Apple to reach out to me, but no one did.

I also shared it with a much smaller audience: a Discord server that I run for English speaking software developers in Japan. Our moderator pointed out that he’d had success in the past by emailing [email protected], as he’d done so in the past and had his assistants escalate things to people who could resolve them for him.

Having exhausted other avenues, I gave it a shot:

Subject: Activation Lock support requests denied

My lost MacBook was returned to me with Activation Lock on. Despite providing my receipt from the Apple Store, my request to remove the lock has been denied. I wrote an article about my experience that got to the top of the popular social media site “Hacker News”. I’d love to have a happy ending to this frustrating story.

Four business days later I got a response from one of Tim’s executive assistants in Japan. From there, we exchanged emails and phone calls over the next two weeks, where the assistant was able to get to the bottom of things.

They explained to me that the MacBook was wiped in the middle of August (after I had lost it) and then reported lost by a newly created iCloud account with an email address starting with “p”. My requests to have it unlocked were being rejected as per their policy of not unlocking devices reported as lost, even if an original proof of purchase is provided. However, because of the documentation I was able to provide, they were convinced that it was my MacBook, and thus unlocked it.

Would this have worked had I not been able to reference the article’s performance on Hacker News? I’m not sure, but it seems likely that was at least a contributing factor. After all, I didn’t actually provide the assistant with any more proof than I had submitted with the activation unlock request. That being said, if you have an issue that can’t be resolved via normal channels, emailing Tim Cook is worth a shot.

What really happened to my MacBook

By this time, I’d already purchased a replacement machine, and so getting the MacBook unlocked was as much about the principle of things as anything else. However, I also wanted my curiosity sated as to what had actually happened.

Apple had provided me with “how” it got locked: the computer was wiped, locked to a new iCloud account, then reported as lost. They didn’t give me the “why” though. Though my original article mentioned it as a theoretical possibility, I saw no incentive for the person who returned my MacBook to do this. So I emailed the person about it reseting the laptop, and after a couple of emails back and forth, I found out more or less what happened.

While the person didn’t reset it themselves, they did take it to a shop, and asked them to unlock it. The shop didn’t unlock it, however, they did reset it. This wasn’t obvious to the person, but they reported that while my login profile information was visible before they gave it to the shop, it wasn’t afterwards, presumably as the Activation Lock was on.

Despite the shop not having unlocked it for the person, they reported that the shop asked to be paid. When pressed on why the shop asked to be paid despite the shop not unlocking it, the person stopped responding.

My theory is that the shop reset the MacBook and reported it as lost with a new Apple ID in order to extort the person.

Perhaps the person didn’t want to admit it, but they actually paid money to the shop, who initially gave it back to them “unlocked”. Later the shop could lock it again by reporting it as lost, as a way to ask for more money from the person again.

Or maybe the shop wanted to ensure they’d be the only one able to unlock it, and so returned the MacBook, telling the person that they found a way to unlock it, but only if the person paid a higher fee than they were willing to pay.

This would explain why the iCloud address started with “p”. The shop saw my name was “Paul McMahon” from the login screen, and so they created an email address that sounded like it could be mine to give them plausible deniability when the person saw the lock screen.

Apple doesn’t consider this to be a security vulnerability, but maybe it should

When first activating a MacBook, Apple makes it easy to skip setting up FindMy. But given the severe consequences for not doing so, I think they either need to revise the setup workflow to make this downside abundantly clear, or revisit their unlock policy altogether.

While I was an edge case, having my MacBook taken to an unscrupulous shop by someone who didn’t own it, similarly unscrupulous shops could do the same thing to others. After all, I even wondered about the possibility that I had set up an iCloud email in the past, and had somehow activated the computer with it.

I reported this to Apple Security Research, but it was dismissed with “We’re unable to identify a security issue in your report.” I suppose I could have asked my contact at Apple to flag it for further review, but at this point, I’m ready to let it go.