top | item 29133222

(no title)

lykr0n | 4 years ago

I think the part of the discussion that is ignored here is the security aspect.

Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.

When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.

A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.

I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.

discuss

userbinator|4 years ago

If you look back at the history of Apple you'll find they've always been authoritarian control-freaks, ever since the original Macintosh. This is merely another step in the same direction.

The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.

As the saying goes "those who give up freedom for security..." etc.

varenc|4 years ago

The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?

That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.

posnet|4 years ago

Except that the 'work around' does maintain security since it preserves the original FaceID chip assembly.

"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "

dpkonofa|4 years ago

You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.

kanbara|4 years ago

way to make a total strawman. that quote about freedom has nothing to do with digital security which enhances your privacy and the knowledge that your phone isn't compromised.

i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.

the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em

unknown|4 years ago

[deleted]

Angostura|4 years ago

You didn't actually address the position of the comment that your are replying to, though

saagarjha|4 years ago

I mean, yes, this change makes them more money. But Apple is weird, because they are actually able to convince themselves that they're doing this for a good reason, and if you follow them closely you can almost see their central argument: when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset, but if you look at it under that lens a lot of the concerns about sideloading and repairs make sense from their perspective ("we don't trust the user to do the right thing for their devices").

How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.

someguydave|4 years ago

it would be easier to stomach “apple owns the device not the loser customer” if there was a single major oem who was focused only on producing customer-owned devices

dreamcompiler|4 years ago

Let's examine your premise: Apple acts in the best interest of the customer. In this light FaceID is a bug, not a feature. If somebody wants to get into your phone they don't even need to beat you up; they just have to restrain you, take your phone, point it at your face, and they're in.

With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.

Cosmin_C|4 years ago

> when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset

It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.

Relevant: https://youtu.be/kkCwFkOZoOY

salamandersauce|4 years ago

The security aspect is commonly brought up for justification for moves like this.

Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?

dmz73|4 years ago

I think you got it backwards. The main reason is to exclude 3rd party repairs and extra security is a side effect that can be used as justification. Follow the money.

hyperbovine|4 years ago

IMO there is way more money, like orders of magnitude more, to be made from successfully branding the iPhone as the most secure and private smartphone, compared to the repairs market.

contravariant|4 years ago

Also as far as the NSA is concerned, surely it'd be easier if they have a single supply chain where they are guaranteed to be able to compromise every single iPhone?

Seems a lot easier than compromising some random repair shop.

robertoandred|4 years ago

Except third parties can still conduct repairs, they just need to update the component pairing.

KingMachiavelli|4 years ago

If Apple actually cared about security & privacy they would make iCloud et al. E2E encrypted but they don't.

A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.

dpkonofa|4 years ago

You can care about security and privacy and also still care of ease of use. For 99.99% of their customers, encryption is enforced by default and being able to recover their data is more important than E2E encryption.

jachee|4 years ago

They started making in-roads to making iCloud E2E encrypted, but the tech community lost their minds about it and they backtracked.

echelon|4 years ago

It's easy to view every move Apple makes through the lens of money.

Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.

I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.

I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.

This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.

Everything is about money to Apple.

dpkonofa|4 years ago

>I've never been afraid of batteries compromising my system.

Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.

You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.

zepto|4 years ago

Accusing a business of being motivated only by money is completely trivial and in informative.

For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.

Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.

Bud|4 years ago

It's easy to view a lot of things in facile, inaccurate ways.

Not very informative, but, certainly easy!

ClumsyPilot|4 years ago

"Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops."

Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?

MichaelZuo|4 years ago

You can’t buy a replacement battery through their official channels? Which country are you in?

dpkonofa|4 years ago

Yes. If you can replace the microphone jack, or any of the other hardware you mention without verifying its integrity, you can add surveillance hardware to the device. I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser.

concinds|4 years ago

If Apple Stores have the ability to pair a new FaceID module after an "official" repair, then why wouldn't the NSA have that same ability? Only third-party repair shops don't have that ability.

sircastor|4 years ago

Presumably it would be some sort of signing solution, which would be a level of cryptography that not even the NSA with their infinite resources can defeat. Their only hope is to find bugs in the system that can be exploited. In this case such a “bug” would be replacing a module that doesn’t have any hardware integrity checking.

pizza234|4 years ago

> When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.

Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.

fomine3|4 years ago

It was fair when Apple banned 3rd party home button(TouchID) replacement because it's sensor itself so it's natural that they should make tamperproof. But this case is FaceID. I'll accept they ban to replace FaceID module, but why they integrate security chip onto display module (say, most fragile part) despite it wasn't? It looks they aren't legit for me.

noasaservice|4 years ago

Oh please.

Scary high-end governmental supply chain backdooring with chips the size of a grain of rice are for fiction rags like Bloomberg:

https://www.bloomberg.com/news/features/2018-10-04/the-big-h...

Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.

Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.

aurizon|4 years ago

You are wrong. With a state actor in the room, it is quite possible to place a complex die with static ram on a thin substrate inside a multilayer board, using the +5 and ground and a number of traces that lead to I/O ports etc, https://hackaday.com/2019/01/18/oreo-construction-hiding-you... Remember these are all from 15 down to 10 nanometer parts and at that size circuit complexity takes little space and since they live beneath other chips, they are hard to find with x-rays if there is a +5 and ground plane that hides them. Remember are 16 billion gates in an Apple M1 CPU, https://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%.... A million gate parts is as small as a poppy seed and would need to have a fan out - perhaps they could have an optical I/O and live within the corporate data stream, only waking up when special complex command sequences occur and they read their RAM and do their job - back to waiting...

dpkonofa|4 years ago

What a straw man! Coffee pods, automated litterboxes, dish washers, and all the rest don't carry an individual's entire digital life on them. You're literally comparing devices that really don't need any kind of security (other than, at worst, network security) to devices that demand privacy and security.

This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.

zamadatix|4 years ago

I'm not against blocking government level physical security attacks on personal devices but I am against the idea such a thing warrants or truly requires every user to be blocked from all but first party repairs.

If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.

emerongi|4 years ago

Show a warning to the user then? Would be a much better way to handle this.

donmcronald|4 years ago

Yeah. This should be what regulations enforce. I’m fine with parts serialization to help identify genuine, certified parts, but as the user I should be able to bypass it if I want to use compatible parts.

TaylorAlexander|4 years ago

We don’t really have to assume that Apple is intentionally harming 3rd party repair, but even if we believe they are operating in good faith they seem to be ignoring third party repair. Which means they don’t really care about saving their customers time and money or reducing waste.

jefftk|4 years ago

Since you can bypass it with a microscope and soldering, moving a chip from the old screen to the new screen, this doesn't seem like much added difficulty for someone who is already implementing a hardware-based attack?

owlbite|4 years ago

I'd guess the aim is to be secure on all components (most of these things have their own processor(s)). If you can compromise one component you can move from there to compromise another one, until you get to something worthwhile.

I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.

unknown|4 years ago

[deleted]

donmcronald|4 years ago

So they have all these restriction for security and privacy, but they’re all worthless if Apple decides they’re going to provide surveillance for the government, right?

IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.

The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.

For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.

secondaryacct|4 years ago

Or you know, we could click a radio button on the shop website and be able to choose: reparable vs secure.

But they didnt think about that one...

908B64B197|4 years ago

> Apple has hardened their hardware against attackers replacing components of the phone with compromised versions.

It also hurts phone thieves.

Once the device is locked up remotely it's impossible to sell, and you can't even sell the thing for parts since they won't work.

MichaelZuo|4 years ago

This. Every iPhone owner gains some tangible value from every disappointed thief. And this will rise as more and more of the userbase converts to totally locked down phones.

Cumulatively over every user, that seems to be a huge value add.

Ansil849|4 years ago

> Apple has hardened their hardware against attackers replacing components of the phone with compromised versions.

What specifically is being guarded against by not allowing users to replace a screen, as in this case?

2OEH8eoCRo0|4 years ago

So, we worry so much that the NSA will conduct a supply chain attack against an adversary (domestic surveillance does not fall under the NSA) that we further lock down our own devices?

xet7|4 years ago

Apple makes fixing even harder for authorized repair shops, than unauthorized repair shops:

https://www.youtube.com/watch?v=v6025_yK02U

If Apple laptops internal harddrive gets broken, currently they can not boot from external harddrive:

https://news.ycombinator.com/item?id=29083633

unknown|4 years ago

[deleted]

dreamcompiler|4 years ago

Everything Apple does in the name of security or privacy is about enforcing Apple's control over what you do with their hardware after you buy it. They give not one thin damn about your privacy: They want to know everything you're doing with your Apple hardware. Put a sniffer on your Mac and count the daemons phoning home to Apple. Your jaw will drop.

As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.

hdjjhhvvhga|4 years ago

This is the most ridiculous thing I read this year - and I've read a lot of mad stuff. Let's assume your justification is true and Apple cares so much about the privacy that they implemented this feature just to protect them and that they don't care about the money from repairs.

So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.