User profile for user: MartinR
MartinR Author
User level: Level 7
24,336 points

What can survive a secure erase and reinstall? Something did ... how is that possible?

I have encountered something completely puzzling to me.


I recently purchased a used iMac from a reputable vendor who did a fresh install of Catalina. They must have used or tested the unit on their own WIFI network before shipping, because it appeared in the list of WIFI networks in System Preferences > Network > WIFI > Advanced > WIFI Preferred Networks. I deleted the network from the list of Preferred Networks and then clicked Apply. The network was gone and should have been gone for good at that point.


After that, as part of my overall process of setting up a newly-acquired used Mac, I booted into Recovery Mode and did a 2-pass secure erase of the entire HDD and then reinstalled Catalina. The erase and reinstall were both successful.


After the installation finished and I got through all the initial Apple setup screens, I went back to System Preferences to check various settings ... and in WIFI Preferred Networks, the vendor's WIFI network showed up again!


How could this be? I deleted the network from Preferred Networks ... and then did a 2-pass secure erase of the entire disk and reinstalled Catalina. How could this entry in Preferred Networks survive all that?


I can delete the network entry again ... but how is it even possible that it survived a secure wipe & reinstall? ... and it raises the question of what else could be lurking in a way that could survive a wipe & reinstall?


ps. If it's helpful to know, it's a 27" iMac 17,1 MK462LL/A with an HDD - no SSD or Fusion drive.

iMac Line (2012 and Later)

Posted on Apr 21, 2020 9:22 AM

Reply
Question marked as Top-ranking reply
User profile for user: Phil0124
Phil0124
User level: Level 10
217,322 points

Posted on Apr 21, 2020 9:44 AM

How exactly did you perform the re-install? If you used the recovery partition, it is very likely the vendor has an image that already has their Wifi network setup so they don't have to do it everytime they set up a machine for resale.


If that is the case, the recovery partition would use that image to restore the computer and would have the wifi network setup.


If you boot into Internet recovery, and install a clean version of macOS from the internet, that Wifi network should not appear.


About macOS Recovery - Apple Support

View in context

Similar questions

19 replies
User profile for user: MartinR
MartinR Author
User level: Level 7
24,336 points

Apr 21, 2020 9:58 AM in response to Phil0124

I was in Recovery Mode (startup with CMD-R) for both the secure erase and the reinstall.


But if the vendor imaged the HDD, wouldn't that image have been wiped by the secure erase? There is a recovery volume inside the APFS container, but the secure erase should have wiped the entire container.


Officially, recovery is loaded "from a special disk partition holding a recovery image and copy of the macOS installer" but I don't see such a partition when I do diskutil list.


I can try Internet Recovery next to see what that does.

Reply
User profile for user: MartinR
MartinR Author
User level: Level 7
24,336 points

Apr 21, 2020 11:27 AM in response to Tesserax

Well, yes, the Catalina container is now 250GB. After wiping the HDD and reinstalling Catalina, I reduced the Catalina container to 250GB and created the second partition (750GB) and formatted it as Mac OS Extended Journaled. iMac27c Data is a legitimate partition that I created for data storage.


The vendor's network was showing in the Preferred Networks list even before I created the iMac27c Data partition.

Reply
User profile for user: MartinR
MartinR Author
User level: Level 7
24,336 points

Apr 21, 2020 5:12 PM in response to MartinR

Well, the vendor's WIFI network is still there. I have a suspicion that Internet Recovery didn't actually download a new copy of Catalina. There was no waiting time after I started the reinstallation of macOS. I think it just restored from the base image that was already on my Mac.


I'm going to call the vendor tomorrow about this.


I'm not overly concerned about the WIFI entry itself - I can get rid of that in Network preferences. I'm concerned that its continuing presence is evidence of the potential for spyware or malware to be tucked into a Catalina base image in a way that prevents you from getting rid of it.


Is there a way to erase the macOS Base System image that's on my iMac? And if it's possible to erase it, how would you re-create a fresh, clean image since it appears the Mac and/or macOS require it?

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

What can survive a secure erase and reinstall? Something did ... how is that possible?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up