top | item 45163725

(no title)

Nathan2055 | 5 months ago

Okay so here's the argument I've heard: if arbitrary replacements of the lid sensor were possible, it would be feasible to create a tampered sensor that failed to detect the MacBook closing, thus preventing it from entering sleep mode.

This could then be combined with some software on the machine to turn a MacBook into a difficult to detect recording device, bypassing protections such as the microphone and camera privacy alerts, since the MacBook would be closed but not sleeping.

Additionally, since the auto-locking is also tied to triggering sleep mode, it would be possible to gain access to a powered off device, switch the sensors, wait for the user to attempt to sleep mode the device, and then steal it back, completely unlocked with full access to the drive.

Are these absolutely ridiculous, James Bond-tier threat assessments? Yes, absolutely. But they're both totally feasible (and not too far off from exploits I've heard about in real life), and both are completely negated by simply serializing the lid sensor.

Should Apple include an option, buried in recoveryOS behind authentication and disk unlock steps like the option to allow downgrades and allow kernel extensions, that enables arbitrary and "unauthorized" hardware replacements like this? Yes, they really should. If implemented correctly, it would not harm the security profile of the system while still preventing the aforementioned exploits.

There are good security reasons for a lot of what Apple does. They just tend to push a little too far beyond mitigating those security issues into doing things which start to qualify as vendor lock-in.

I really wish people would start to recognize where the line should be drawn, rather than organizing into "security of the walled garden" versus "freedom of choice" groups whenever these things get brought up. You can have both! The dichotomy itself is a fiction perpetuated to defend the status quo.

discuss

ryandrake|5 months ago

The line should be drawn by the owner of the device.

As the user and owner of the product, I should be the sole decider about my own security posture, not some company who doesn’t know my use case or needs.

It’s crazy how we’ve managed to normalize the manufacturer making these kinds of blanket decisions on our behalf.

clickety_clack|5 months ago

Yes it’s wild. Imagine if we decided that people can’t be relied on to install good locks for their doors, so we gave the government responsibility for locking and unlocking your door every time you wanted to leave your house.

A lid sensor is just so peripheral. Where do the vendor lock-ins end?

tpmoney|5 months ago

> As the user and owner of the product, I should be the sole decider about my own security posture, not some company who doesn’t know my use case or needs.

It's not so cut and dry though. The "user" and the "owner" of a product are not always the same person, but hardware security impacts the "user" more than the "owner".

vlovich123|5 months ago

How does Apple know the owner of the product has authorized the HW change?

There’s a secondary argument you could make here whereby because the replacements must be valid Apple parts that have uniform behavior and tolerances, the strength of the secondary market is stronger and Apple products have a stronger resale value as a result, because you’re not going to encounter a MacBook with an arbitrary part replaced that you as the second-hand buyer know nothing about (this is why the secondary market for cars doesn’t work without the ability to lookup the car history by VIN).

amrocha|5 months ago

Does your grandma decide her own “security posture”? Does she even know what that means?

jbs789|5 months ago

You do get to decide (buy another product with a different value proposition).

isaacremuant|5 months ago

It's not that crazy when people seem to cheer for a nanny state at every turn. Specially if said nanny state bombards them with propaganda about all the dangers they'll face if they just don't "comply".

1984 references may have seen farfetched but after the suppression of rights using covid as an excuse people have little to no recourse to claim control back. Apple was always famous for their walled garden and tight control, but we have Google becoming like apple (can't install things in your device unless you go to them with your private details), ID to track your movements because "protect the children" (effectively blocking news even), chat control (very similar to installing a camera in your home and recording all your conversations).

Corps and governments are relying on each other to strengthen their control and it's not a surprise.

bri3d|5 months ago

Keeping a victim device unlocked when the lock state is responsible for encryption key state is a totally legitimate risk.

With that being said, I don’t think Apple see this specific part as a security critical component, because the calibration is not cryptographic and just sets some end point data. Apple are usually pretty good about using cryptography where they see real security boundaries.

echelon|5 months ago

Don't invent reasons for Apple to continue to have a stranglehold over their monopoly of critical computing infrastructure.

Companies as big as Apple and Google that provide such immensely important platforms and devices should have their hands tied by every major government's regulatory bodies to keep the hardware open for innovation without taxation and control.

We've gone from open computing to serfdom in the last 20 years, and it's only getting worse as these companies pile on trillions after trillions of nation state equivalent market cap.

arcticbull|5 months ago

It doesn't need to be encrypted if it's one-time programmable. The calibration data is likely written into efuses which are physically burned and cannot be reset.

KurSix|5 months ago

A properly gated, user-authorized override in recoveryOS or similar would give advanced users and third-party repair shops a legitimate path without blowing up the security model

raxxorraxor|5 months ago

Then Apply tying the angle sensor to microphone status is a security issue. I would read that as a cheap excuse to be honest.

hayleox|5 months ago

If repair shops can buy the $130 calibration machine, presumably the super spy in this story (who for some reason couldn't steal the data while they were replacing the lid sensor, nor can they steal the data when the laptop's in use, but somehow can steal the data when it's idle with the lid down) can also get a calibration machine, and then deliberately set the zero point incorrectly.

naikrovek|5 months ago

Yes.

“Sure, you can borrow my laptop. It’s fine. Take it home. I promise not to spy on you while the lid is closed. I promise not to record aaaaaany audio or anything! And I definitely won’t hear any conversation that contains information that I’ll use to stalk you later!”

There are a million ways that some nefarious person could spy on another, but at least this isn’t one of them.

And I am a very suspicious person, thanks to some eye opening experiences that I’ve had. When someone says that they want to do something that not a lot of people want to do, I immediately wonder how they will use that against myself or someone else. Because that has happened multiple times to me.

I also hate that I am suspicious of people who want to at least have the opportunity to fully own their devices; something that is perfectly reasonable to want, but I am. What would that additional ability do for them? What will they be capable of doing that they can’t do now? How and when will they use it to get what they want out of someone? Or out of me?

If you don’t think like this, I really envy you. For the longest time, every teacher, every supervisor, every commander, every non-familial authority figure I had until I was probably 35, used and manipulated me for the purpose of advancing themselves. Every single one. The ones in the military didn’t even attempt to hide it.

I’m so scarred because of people convincing me to help them screw me over that I no longer trust anyone who is concerned about things like laptop lid angle sensors. Because who are you trying to screw over and why does that angle sensor stand in your way?

AnonHP|5 months ago

> When someone says that they want to do something that not a lot of people want to do, I immediately wonder how they will use that against myself or someone else. Because that has happened multiple times to me.

I’m intrigued. Would you be comfortable sharing some of these real experiences here (with sensitive details fudged/removed)?

KurSix|5 months ago

I think it's possible to advocate for device ownership and repair rights without having malicious intent

commandersaki|5 months ago

I mean nobody expected pager bombs, but here we are.

saurik|5 months ago

If you have access to my laptop long and deep enough to replace the hinge sensor with a fake one that prevents the lid from closing as a way to turn it into a recording device -- which of course would also require installing software on it -- instead of just putting a tiny microphone into it (or my bag), you are simultaneously a genius and dumb. And if you really are going to that level of effort, hoping that I don't notice my laptop failing to go to sleep when I close it so you might be able to steal it is crazy when you can 100% just modify the hardware in the keyboard to log my password.

Hell: what you really should do is swap my entire laptop with a fake one that merely shows me my login screen (which you can trivially clone off of mine as it happily shows it to you when you open it ;P) and asks for my password, at which point you use a cellular modem to ship it back to you. That would be infinitely easier to pull off and is effectively game over for me because, when the laptop unlocks and I don't have any of my data (bonus points if I am left staring at a gif of Nedry laughing, though if you showed an Apple logo of death you'd buy yourself multiple days of me assuming it simply broke), it will be too late: you'll have my password and can unlock my laptop legitimately.

> There are good security reasons for a lot of what Apple does.

So, no: these are clearly just excuses, sometimes used to ply users externally (such as yourself) and sometimes used to ply their own engineers internally (such as wherever you heard this), but these mitigations are simply so ridiculously besides the point of what they are supposedly actually securing that you simply can't take them seriously if you put more than a few minutes of thought into how they work... either the people peddling them are incompetent or malicious, and, even if you choose to believe the former over the latter, it doesn't make the shitty end result for the owner feel any better.

moshib|5 months ago

I can imagine a different attack vector: A malicious actor doing laptop repairs can absolutely replace the hinge sensor and install software on it. They could draw in people by offering cheaper prices, then steal their info or use it to setup more complex scams.

The counterpoint to this is that car body shops can also plant recording devices in your car. This is true, but the signal-to-noise ratio in terms of stealing valuable data is much lower. I don't have data to back this up, but I assume way more people use their laptops for online purchases and accessing their bank account than doing the same with phone calls in the car.

Shorel|5 months ago

Your laptop can be compromised during a trip to a foreign state, by state actors.

Travelling back you would notice a microphone, and would notice nothing on the laptop.

knowaveragejoe|5 months ago

> This could then be combined with some software on the machine to turn a MacBook into a difficult to detect recording device, bypassing protections such as the microphone and camera privacy alerts, since the MacBook would be closed but not sleeping.

Isn't this already possible if the MB is connected to a power source like a portable battery?

throwaway314155|5 months ago

Isn't there software that does exactly this? Called caffeine, I believe?

classichasclass|5 months ago

ITYM "caffeinate"

  DESCRIPTION
     caffeinate creates assertions to alter system sleep behavior.  If no
     assertion flags are specified, caffeinate creates an assertion to prevent
     idle sleep.  If a utility is specified, caffeinate creates the assertions
     on the utility's behalf, and those assertions will persist for the
     duration of the utility's execution. Otherwise, caffeinate creates the
     assertions directly, and those assertions will persist until caffeinate
     exits.

vlovich123|5 months ago

Installing software generally requires user permission. Replacing Hw can be done surreptitiously. At least that’s the strongman variant of the security argument.

nicman23|5 months ago

those are over-complicated bollocks. there are easier and less detectable software only ways to do all that.

arcticbull|5 months ago

If you were to come up with one, I suspect you'd have a solid bug bounty waiting for you.

Spooky23|5 months ago

How you can characterize this type of threat as a “James Bond” fantasy in 2025 is breathtaking.

The Federal government is forensically collecting phones during routine border crossings to see if you reposted Fat JD Vance memes. That’s publicly disclosed and well know.

I have no trouble believing that potential enemies of the state like the governor of California and his cabinet are bugged. If I were a person like that, I’d try to take supply chain countermeasures.

Lammy|5 months ago

If we're talking Bond-tier assessments then Apple already sell a covert microphone: AirTags. They “have no microphone” according to product specs, but they do have a huge speaker, and a speaker and microphone are the same thing like a generator and motor are the same thing: https://in.bgu.ac.il/en/Pages/news/eaves_dropping.aspx

Kirby64|5 months ago

Just because a speaker can technically operate as a microphone doesn’t mean that AirTags would be capable of this. The speaker driver definitely doesn’t have any recording capability. The only reason the 3.5mm jack mentioned in your article is capable of this is because the jack has functionality to allow analog recording for mic/line in cases. No dedicated speaker driver would have this because it would be worthless and costly.

ungreased0675|5 months ago

There’s a fairly large jump between having a microphone and being able to be used as a surveillance device.