My MacBook was stolen: can the thief access my files without my account password?

macbook-pro security

Solution 1:

I'm sorry your MacBook was stolen. That really sucks.

Sadly, there are numerous ways to read the data ranging from removing the drive or placing the Mac in target mode. Your password only protects things when the mac is booted into your unmodified OS.

To answer your question, Physical access is total access.

It would be trivial for someone to boot using a Linux LiveCD and mount your drive, thus accessing your files. All they'd have to do to get past your sleep/password would be to hard power down the system.

Additionally, from the link above:

Mac OS X: Single User Mode

To boot a Mac into “Single User mode”, simply boot the computer and press Apple + S when blue first shows up on the screen. Next, mount the harddrive, and either dump the password and crack it with a tool like John the Ripper, or simply overwrite the root password:

# /sbin/mount -wu /
# /sbin/SystemStarter
To dump the existing root password:
# nidump passwd
To create a new root password:
# passwd root

Solution 2:

As Kalamane's answer points out, unfortunately the thief can access your data very easily, as it sits on your disk unencrypted. It is unfortunately trivial to bypass OS X passwords by booting into single user mode.

It won't help now, but for the future, here are two tips that can help in case of laptop theft.

First of all, if you're like me and carry your laptop almost everywhere (so the likelihood of it getting stolen/lost is relatively high), seriously consider Apple's FileVault 2. FileVault 2 encrypts your entire hard-drive, seamlessly. This means that you can still use your computer as normal (you won't even notice that FileVault is on), but in case it gets stolen, the attacker won't be able to read anything from the hard-drive without knowing your password.

Secondly, enable the "Find My Mac" feature available in OS X Lion (go to Preferences - iCloud - Find My Mac). In case your laptop gets stolen, you will then be able to login to icloud.com from any computer, and see the last location where your MacBook has been on a map. You will also get the following interface, which you can use to remotely display a message on your Mac, wipe the Mac completely, or lock it:

enter image description here

Related

Can I install Linux and Windows on a Mac to triple boot the hardware?
Mail search not finding messages but Spotlight does
How to remove the ‘VPN is not configured’ icon from the menu bar on macOS?
Page down in terminal
How do I run the iPad simulator to test a website on my mac
Cron script not executing on Mavericks
Quick Look sometimes shows blank panel in Mavericks [duplicate]
Quickly changing Windows permissions for a huge directory tree?
What network loads require NIC polling vs interrupts?
Out of nowhere, ssh_exchange_identification: Connection closed by remote host
Which AWS features are EBS backed?
What is stored in %Windir%\System32\LogFiles\WMI\RtBackup?