[HN Gopher] Apple's New Screen Repair Trap Could Change the Repa...
___________________________________________________________________
Apple's New Screen Repair Trap Could Change the Repair Industry
Forever
Author : fomine3
Score : 124 points
Date : 2021-11-06 18:16 UTC (4 hours ago)
(HTM) web link (www.ifixit.com)
(TXT) w3m dump (www.ifixit.com)
| [deleted]
| Roboprog wrote:
| I like iOS, but I won't buy their flagship hardware. It's too
| expensive for something so fragile.
|
| I have 3 iOS devices, but I won't pay a grand for a phone. I
| would rather replace my base level devices in 4 or 5 years when
| they start to age out.
| vmception wrote:
| And for the opposite perspective:
|
| I love buying their flagship hardware because _next year 's_
| flagship hardware won't be expensive after I trade mine in for
| 70-80% of the next device's cost.
|
| This 3rd party repair _fiasco_ just corrals people to
| AppleCare+ which I also enjoy.
|
| In one experience, I did not consider upgrading my iphone as
| the yearly increments are not impressive, but my current iphone
| needed some repair. At the Apple Store in person, myself and
| the specialist noticed that due to needing repair it would not
| be eligible for trade-up, _but_ was eligible for complete
| replacement capable of doing in person on the spot with full
| data transfer on the spot, and the complete replacement was
| eligible for trade-up on the spot, so I wound up with the new
| iphone. (note, I don 't remember what I had to pay if anything,
| and it is possible that I upgraded to a phone with lowered
| storage space or something which made my trade-in of a more
| premium model cover the whole cost, that year)
|
| to sum up: because I paid full price and for first party
| support, I got a free replacement device and a free next gen
| device. Maybe there was a downpayment somewhere in there I
| don't really know. In that circumstance I came out ahead.
|
| Mathematically, I don't consider myself coming out ahead
| compared to the FIRE penny pinchers and frugal people, as
| obviously even if I pay $200-$300 a year then its more than
| what the people buying 3-4 year old phones are paying once
| every 5 years. But I'm not in a contest against the luddite
| compromises they make. I am glad that I have the _convenience_
| of never needing to consider the device "too expensive and
| fragile" and that complete upgrades never have a sticker shock
| because what I would have to pay is typically 80% lower in
| cost.
| tehjoker wrote:
| For what it's worth, the face recognition unlock is probably the
| most insecure unlock there is on the phone (and unsettling to me
| when I've tried it). I'm sure they've fixed it by now, but I
| recall an early story of an asian woman giving her phone to a
| coworker and being startled by the phone unlocking. The
| fingerprint readers also creep me out (not as much as the facial
| recognition) and they're very efficient, you can use them without
| even looking or while picking up the device.
| zepto wrote:
| > _I 'm sure they've fixed it by now,_
|
| So it's not true anymore and yet you seem to be claiming it is,
|
| > but I recall an early story of an asian woman giving her
| phone to a coworker and being startled by the phone unlocking.
|
| Do you? Is there any evidence or a link to a credible source?
| Seems like a weird racist trope. Given how popular iPhones are
| in China, we'd likely know if there was anything to this.
| cpuguy83 wrote:
| You can set a mode that requires attention.
| jpalomaki wrote:
| As a consumer I would love to know if the used iPhone I'm buying
| has been repaired using unofficial components or by unofficial
| repair shops.
|
| Disabling functionality is not the right way to implement this.
| emerongi wrote:
| On my 5 year old iPhone SE, I've had the battery replaced twice
| and the power button replaced by a third party. The Apple-
| partnered shop actually said they are unable to replace the power
| button and referred me to the third party, who were surprisingly
| great (fast + guaranteed that if they wouldn't be able to fix it,
| I'd only pay a small diagnostic fee). I'm sure by Apple's
| standards I should have already bought a new phone. I expect to
| get similar repairs done on my next phone.
| [deleted]
| icu wrote:
| This anti consumer approach by Apple is why I refuse to buy
| anything from them. My last Apple purchase was the iPad Gen 1 as
| I thought it was truly remarkable device when it came out but the
| planned obsolescence was obvious after a few short years.
|
| Recently I had my XPS15 power cord plug break and while I waited
| for the spare part (that I could repair myself) I had the
| pleasure of borrowing my partner's MacBook which was an amazing
| experience compared to Windows. However, that experience is
| nothing to the cost and pain if something with the hardware goes
| wrong. Even when I forgot my Apple ID (as it had been so long) it
| took over a week before Apple deemed it okay for me to recover my
| password.
|
| I get the seduction of using a snappy beautiful machine and UX,
| but I just don't think it's worth it tying myself to Apple and
| being walled in the whole ecosystem upgrade treadmill.
| stelcodes wrote:
| If you like MacOS it might be worth checking out the
| ElementaryOS linux distribution. It kinda looks and feels like
| MacOS. Very simple.
| dpkonofa wrote:
| >This anti consumer approach by Apple is why I refuse to buy
| anything from them.
|
| What is anti-consumer about this? I am a consumer and active
| user of these products and I _want_ this posture when it comes
| to the security of my devices. I don 't want just anyone to be
| able to tamper with the hardware of my phone nor do I want
| anyone to be able to access my Apple ID or other info without
| some kind of time delay for me to take action to secure it.
| icu wrote:
| I couldn't really understand comments like yours until I read
| a comment by saagarjha above which summed it up nicely by
| saying, "The conflict occurs for the parts where people do
| feel like they can make better decisions than Apple, but they
| can't because Apple won't let them."
|
| I understand now the difference is that you're willing to
| trust that Apple knows best for you, whereas I trust myself
| to know what's best for me. I accept that you see this as
| pro-consumer from your point of view, but from my point of
| view surely you can see it's not? We just want different
| things.
|
| What helped me get it was your point about security and that
| you'll have a different attack surface and will have made
| different security trade offs to me. Thanks for sharing your
| point of view, I appreciate it.
| bengale wrote:
| Yeah the problem is the "anti-consumer" hyperbole. For some
| people it's just not for them, doesn't line up with what
| they want from a device. I'm not sure why that needs to be
| anything more than preference.
| 2OEH8eoCRo0 wrote:
| But their products are so blingy and fast! /s
|
| It's a magician trick. Distract you with one hand while
| performing the trick with the other. Watch the dazzling
| performance while they further lock down your device.
| lotsofpulp wrote:
| > Even when I forgot my Apple ID (as it had been so long) it
| took over a week before Apple deemed it okay for me to recover
| my password.
|
| I do not see what is wrong this added security. For something
| that unlocks basically everything about me, it seems reasonable
| to not let it be unlocked at a moment's notice.
| hdjjhhvvhga wrote:
| > We reached out to Apple for comment, but they did not reply.
|
| OK, they didn't reply to ifixit, but they can't keep silent about
| this forever. Some major media outlets will start asking this
| question and it would be interesting how they argue this time.
| dpkonofa wrote:
| The same way they argued it every other time this sentiment
| comes out. These choices are made for security and privacy
| reasons. A third-party can't compromise the hardware and a
| thief has no reason to steal a phone that they can't access,
| can't re-sell, and can't strip for parts.
| lykr0n wrote:
| I think the part of the discussion that is ignored here is the
| security aspect.
|
| Apple has hardened their hardware against attackers replacing
| components of the phone with compromised versions. Sure, at the
| same time it prevents 3rd party repairs, but I don't think
| Apple's only motivation for doing this was to screw over 3rd
| party repair shops.
|
| When the NSA leaks came out, there was some sections that showed
| how shipments of electronics could be intercepted and backdoored.
| I would 100% believe there are groups out there that have or are
| working on chip level attacks for iPhones and other mobile
| products. Swap Apple's Face unlock chip with a custom one that
| includes other embedded profiles that can unlock the phone
| without the owner's knowledge does not seem far fetched.
|
| A lot of the changes to the MacBooks seem to also have been done
| with device hardening in mind.
|
| I cannot tell you how much damage my iPhone 12 Pro has taken
| without the screen cracking, which makes me personally think the
| reasons these changes have been made are not just related to 3rd
| party repairs.
| dmz73 wrote:
| I think you got it backwards. The main reason is to exclude 3rd
| party repairs and extra security is a side effect that can be
| used as justification. Follow the money.
| hyperbovine wrote:
| IMO there is way more money, like orders of magnitude more,
| to be made from successfully branding the iPhone as the most
| secure and private smartphone, compared to the repairs
| market.
| colinmhayes wrote:
| IMO 99% of people are not worried about someone replacing
| parts in their phone in order to hack them.
| zepto wrote:
| That's why they need to be protected.
| salamandersauce wrote:
| Give me a break. A screen swap in a modern smartphone is
| not something you can do in a bar in the time it takes
| somebody to go the bathroom. You need tools like a heat
| gun to even get the things open which greatly greatly
| limits the scenarios where and when something like this
| could occur.
| dpkonofa wrote:
| Or, you know, you could just get access to the repair
| facility and compromise the phone that way...
| mindslight wrote:
| Apparently it wasn't enough money to avoid trashing that
| reputation by building a government agent into their
| software.
| coldtea wrote:
| They can already do that without harming repairs. As if
| replacing the hardware with physical access and giving the
| phone back to you to tap you is an attack people are
| actually afraid of... (and if they were, e.g. targeted by
| state actors or whatever, they could just get a specialized
| phone, not a mass market one).
|
| They already have non-E2E-encrypted iCloud backups where
| they give access to the Feds and others.
| threeseed wrote:
| The same argument could be made for any security
| hardening. Why bother with MFA, biometrics etc when the
| chances of being compromised are statistically very low.
| The reason is that it does happen and on a scale that's
| hard to quantify.
|
| We have examples in Australia of ordinary citizens being
| targeted by China for promoting Hong Kong or showing
| support for Uyghur Muslims. And evidence has come to
| light that their phones and cloud accounts were hacked
| and friends/families targeted.
|
| So for me personally I will take security hardening any
| day over saving a few bucks to go to a cheap screen
| repairer.
| saagarjha wrote:
| I mean, yes, this change makes them more money. But Apple is
| weird, because they are actually able to convince themselves
| that they're doing this for a good reason, and if you follow
| them closely you can almost see their central argument: when it
| comes to security, they trust nobody but themselves, not even
| the user they sell the device to. It's kind of a strange
| mindset, but if you look at it under that lens a lot of the
| concerns about sideloading and repairs make sense from their
| perspective ("we don't trust the user to do the right thing for
| their devices").
|
| How does this look like from the outside? I think there are
| genuinely a lot of people who actually agree with this.
| Actually, I think almost everyone agrees with this to some
| extent: people only have a limited amount of effort they can
| spend managing different parts of their life. The conflict
| occurs for the parts where people _do_ feel like they can make
| better decisions than Apple, but they can 't because Apple
| won't let them. For most people, going to an Apple Store or
| AASP to get a repair is generally fine and saves them hassle.
| But for the people who are willing to save money to go
| elsewhere, or do their own repairs, it really sucks.
| concinds wrote:
| If Apple Stores have the ability to pair a new FaceID module
| after an "official" repair, then why wouldn't the NSA have that
| same ability? Only third-party repair shops don't have that
| ability.
| sircastor wrote:
| Presumably it would be some sort of signing solution, which
| would be a level of cryptography that not even the NSA with
| their infinite resources can defeat. Their only hope is to
| find bugs in the system that can be exploited. In this case
| such a "bug" would be replacing a module that doesn't have
| any hardware integrity checking.
| bdcravens wrote:
| If the local Apple Store has the tools, then it's probably
| far easier to compromise a person to do it for you.
| dpkonofa wrote:
| That's why this exists, though. You can't compromise the
| person if the hardware signing/check are done via
| software that's connected to a server. There's nothing a
| person can do to override that if the hardware doesn't
| send back the right key.
| donmcronald wrote:
| What? Apple will just give them a signing key or, more
| likely, build a portal for law enforcement to use. If they
| can provide those tools to authorized repair centers
| they'll have to give them to the government when compelled.
| easton wrote:
| > they'll have to give them to the government when
| compelled.
|
| Says who? The whole bruhaha in the San Bernardino case
| was that Apple would not create a custom version of iOS
| that would bypass the passcode system. If what you say is
| true, the FBI could've just compelled them to hand over
| the root CA for signing iOS builds, built a custom iOS
| iPSW that's pre-jailbroken (as was a thing in the years
| before the bootrom became more locked down), and been
| done.
| dillondoyle wrote:
| Or if an employee of a store can do this, just pay or get
| an employee hired. I haven't heard of this seems
| concerning to me. I use a long passcode only on both
| phone and laptop.
| pizza234 wrote:
| > When the NSA leaks came out, there was some sections that
| showed how shipments of electronics could be intercepted and
| backdoored. I would 100% believe there are groups out there
| that have or are working on chip level attacks for iPhones and
| other mobile products. Swap Apple's Face unlock chip with a
| custom one that includes other embedded profiles that can
| unlock the phone without the owner's knowledge does not seem
| far fetched.
|
| Which class of attackers are those hardenings supposed to
| deter? For three letter agencies, or groups with the resources
| to produce chip level attacks, this is child's play.
| echelon wrote:
| It's easy to view every move Apple makes through the lens of
| money.
|
| Their platform is locked down so that nobody can carve out
| their own turf. No custom browsers with modern web features. No
| runtimes. Apple's rules and taxes, or you're banned.
|
| I've never been afraid of batteries compromising my system. Or
| new screens. Apple wants the extremely lucrative device repair
| market, and this is how they get it. Screens are the most
| common and expensive part to replace.
|
| I am, however, afraid of my device reporting files that the
| government doesn't like. The Russian FSB is salivating at
| Apple's new device spying "CSAM" capabilities. Apple built this
| system to satisfy totalitarian regimes so they could still sell
| their devices. It turns their entire platform into a dragnet so
| that intelligence knows exactly who to target. The FBI probably
| put pressure on the DOJ for these same capabilities too. Apple
| is deathly afraid of antitrust breaking up their gravy train
| and would bow to pressure.
|
| This is about money. Apple wants it all. They need extreme
| growth to justify their stock price and future outlook.
|
| Everything is about money to Apple.
| zepto wrote:
| Accusing a business of being motivated only by money is
| completely trivial and in informative.
|
| For example iFixit clearly cares absolutely nothing for user
| security and is only motivated by money. They simply don't
| care if devices are secure as long as they can sell repair
| kits.
|
| Also it is clearly in ifixit's interest to have unreliable
| devices that break often and need more repairs. This is true
| of the entire repair business - all they care about is money.
| commoner wrote:
| iFixit's business incentives are more aligned with the
| interests of consumers than the incentives of manufacturers
| like Apple who obstruct the repair of the devices they
| sell. The negligible security difference that Apple is
| using as an excuse to enforce high repair charges plays a
| minimal role in an informed user's decision to use a third-
| party part.
| zepto wrote:
| > iFixit's business incentives are more aligned with the
| interests of consumers
|
| A device that breaks and needs repair is the last thing
| consumers want.
|
| The best thing for consumers would be for ifixit's
| business to become irrelevant.
| dpkonofa wrote:
| >interests of consumers
|
| Clearly this isn't the case. It seems that the majority
| of consumers prefer the higher security posture of the
| iPhone as opposed to the low repairability. You claim
| it's a negligible security difference yet government
| organizations and enterprise customers choose iPhones a
| majority of the time for exactly the security posture
| used by the iPhone.
| commoner wrote:
| Someone who purchases an iPhone does not automatically
| endorse every single aspect of the iPhone. Many people
| choose iPhones because they are fashionable, and not for
| any security consideration.
|
| Governments and enterprises contract with original
| equipment manufacturers for repairs because it is more
| convenient at that scale. Most phone users are not
| government or enterprise users, and have lower budgets.
| The cost difference between an Apple repair and a third-
| party repair is negligible for an enterprise, but much
| more significant for the average user.
| dpkonofa wrote:
| >I've never been afraid of batteries compromising my system.
|
| Another case of "this doesn't affect me so there's no way
| anyone else would need it" that has recently plagued this
| site. This doesn't affect you but it does affect the millions
| of users that depend on the security of the phone - any
| enterprise level corporation with employees, government
| organizations, companies that deal with sensitive data,
| hospitals and other parts of the medical industry.
|
| _You 're_ not afraid of batteries compromising your system
| but you're not the only person using these devices. Offering
| a more secure solution benefits _everyone_ using these
| devices, even if you don 't personally recognize a benefit
| from it.
| jefftk wrote:
| Since you can bypass it with a microscope and soldering, moving
| a chip from the old screen to the new screen, this doesn't seem
| like much added difficulty for someone who is already
| implementing a hardware-based attack?
| owlbite wrote:
| I'd guess the aim is to be secure on all components (most of
| these things have their own processor(s)). If you can
| compromise one component you can move from there to
| compromise another one, until you get to something
| worthwhile.
|
| I don't think my main concern would be three letter agencies
| (they're going to find a way in to your average consumer one
| way or another). Probably more likely some organized crime
| gang backdooring cheap replacement screens and using that to
| perform an attack on financial data or similar. Attacker
| doesn't have physical access to the device, just manipulated
| the supply chain.
| [deleted]
| TaylorAlexander wrote:
| We don't really have to assume that Apple is intentionally
| harming 3rd party repair, but even if we believe they are
| operating in good faith they seem to be ignoring third party
| repair. Which means they don't really care about saving their
| customers time and money or reducing waste.
| emerongi wrote:
| Show a warning to the user then? Would be a much better way to
| handle this.
| donmcronald wrote:
| Yeah. This should be what regulations enforce. I'm fine with
| parts serialization to help identify genuine, certified
| parts, but as the user I should be able to bypass it if I
| want to use compatible parts.
| mindslight wrote:
| It shouldn't be a mere "bypass" as in "press OK to forgo
| cryptographic security", but rather should include the
| ability to replace or augment the root of trust with
| additional keys.
| salamandersauce wrote:
| The security aspect is commonly brought up for justification
| for moves like this.
|
| Would something like this even remotely stop an actor with the
| resources like the NSA? Does this even remotely benefit people
| that are not being targeted by intelligence services? I'd guess
| no. Security benefits for most people don't outweigh the
| downsides. If they are so security conscious why even have
| FaceID at all? It's already been shown to be not that secure
| why not instead require users to enter a 15 digit password and
| use 2FA to unlock their phone instead? Is it that they value
| convienence over security in that case but not where it
| potentially loses them money?
| KingMachiavelli wrote:
| If Apple actually cared about security & privacy they would
| make iCloud et al. E2E encrypted but they don't.
|
| A sophisticated hardware attack is probably going to be
| government sponsored anyway in which case that government can
| just request data from Apple directly.
| dpkonofa wrote:
| You can care about security and privacy and also still care
| of ease of use. For 99.99% of their customers, encryption is
| enforced by default and being able to recover their data is
| more important than E2E encryption.
| 908B64B197 wrote:
| > Apple has hardened their hardware against attackers replacing
| components of the phone with compromised versions.
|
| It also hurts phone thieves.
|
| Once the device is locked up remotely it's impossible to sell,
| and you can't even sell the thing for parts since they won't
| work.
| MichaelZuo wrote:
| This. Every iPhone owner gains some tangible value from every
| disappointed thief. And this will rise as more and more of
| the userbase converts to totally locked down phones.
|
| Cumulatively over every user, that seems to be a huge value
| add.
| userbinator wrote:
| If you look back at the history of Apple you'll find they've
| always been authoritarian control-freaks, ever since the
| original Macintosh. This is merely another step in the same
| direction.
|
| The article even says that the repair shops have already found
| ways around it, so whatever element of "security" it provides
| is clearly extremely low. It only exists as a (low) bar against
| third-party repair, with "security" as an excuse.
|
| As the saying goes "those who give up freedom for security..."
| etc.
| dpkonofa wrote:
| You're wrong to say that the element of security it provides
| is low because, even with this workaround, you still don't
| have access to the data on the device. All this "workaround"
| does is keep the chain of trust from the original device.
| You'd still need to be able to unlock the device in order to
| get anything from it. It doesn't reset the FaceID information
| or bypass it in any way.
| posnet wrote:
| Except that the 'work around' does maintain security since it
| preserves the original FaceID chip assembly.
|
| "The most sophisticated repair shops have found a workaround,
| but it's not a quick, clever hack--it's physically moving a
| soldered chip from the original screen onto the replacement.
| "
| varenc wrote:
| The workaround requires physically moving the original chip
| to new phone screen. Assuming that chip is where the
| important Face ID stuff happens, this ensures the important
| component hasn't been tampered with and would thwart the NSA
| hardware intercept attacks op mentioned. Can anyone confirm
| this chip is also where the Face ID profiles are
| stored/enforced?
|
| That said, I'm still doubtful this is entirely for security.
| What's frustrating with Apple is that their moves to secure
| their hardware at every level also have the effect of
| tightening their stranglehold on the ecosystem. Unclear what
| the core motivation is.
| skeeter2020 wrote:
| So a marginally sophisticated player motivated by say
| stealing someone's content can still do it relatively easy,
| but if my 14-yr-old breaks her screen, we're SOL. You don't
| actually think this would even slow down the NSA do you?
| It's about Apple locking out independent repair businesses.
| andrei_says_ wrote:
| Thank you, this is a very clear distinction exposing the
| false narrative of security.
|
| Moving the existing chip is trivial but also an effective
| enough measure against easy repairs.
| 2OEH8eoCRo0 wrote:
| So, we worry so much that the NSA will conduct a supply chain
| attack against an adversary (domestic surveillance does not
| fall under the NSA) that we further lock down our own devices?
| ClumsyPilot wrote:
| "Sure, at the same time it prevents 3rd party repairs, but I
| don't think Apple's only motivation for doing this was to screw
| over 3rd party repair shops."
|
| Is that why they don't let you replace the microphone jack on a
| macbook and prevent their suppliers from selling me a
| replacement battery, keyboard or display?
| dpkonofa wrote:
| Yes. If you can replace the microphone jack, or any of the
| other hardware you mention without verifying its integrity,
| you can add surveillance hardware to the device. I could
| replace your microphone with one that records everything and
| sends it to me and you'd be none the wiser.
| MichaelZuo wrote:
| You can't buy a replacement battery through their official
| channels? Which country are you in?
| zamadatix wrote:
| I'm not against blocking government level physical security
| attacks on personal devices but I am against the idea such a
| thing warrants or truly requires every user to be blocked from
| all but first party repairs.
|
| If whatever infallible repair process and repair techs Apple is
| using internally can truly not be open to 3rd parties without
| compromising against such nation level attacks then at the very
| least protections against such attacks should be an option you
| enable which tells the security processor to never accept new
| hardware, not a forced default for all consumers which just
| happen to need repairs over time and are given only one place
| to get them.
| donmcronald wrote:
| So they have all these restriction for security and privacy,
| but they're all worthless if Apple decides they're going to
| provide surveillance for the government, right?
|
| IMO this is a win win for Apple. They get to pretend the anti-
| repair shenanigans are for your protection, but they also have
| the option of turning around and selling access to you and your
| device to whoever they want.
|
| The NSA spying isn't comparable either. That was mass
| surveillance. Swapping a piece of hardware, which requires
| hands on the device, doesn't scale to the point of being a
| threat like that IMO.
|
| For me, the negatives of non-repairability outweigh the pros of
| the security provided. I'm not worried about the government
| swapping my screen to gain access to my device.
| secondaryacct wrote:
| Or you know, we could click a radio button on the shop
| website and be able to choose: reparable vs secure.
|
| But they didnt think about that one...
| zepto wrote:
| They did, and they have written about that kind of choice.
|
| It's a false choice. If you give it to people, they will be
| manipulated into choosing 'repairable'.
| commoner wrote:
| Users who choose to repair the products they own with the
| parts they want at the price they're willing to pay are
| not being "manipulated" into anything.
| noasaservice wrote:
| Oh please.
|
| Scary high-end governmental supply chain backdooring with chips
| the size of a grain of rice are for fiction rags like
| Bloomberg:
|
| https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
|
| Techniques like this; tying hardware together and not allowing
| legitimate owners pair them to work is purely anti-competitive
| garbage. We've seen this with coffee pods, automated cat
| litterbox cleaners, dish washers, inkjet printers, and more.
|
| Apple finally wanted the market for themselves. And since they
| control the hardware, well, yeah.
| dpkonofa wrote:
| What a straw man! Coffee pods, automated litterboxes, dish
| washers, and all the rest don't carry an individual's entire
| digital life on them. You're literally comparing devices that
| really don't need any kind of security (other than, at worst,
| network security) to devices that demand privacy and
| security.
|
| This is either a disingenuous attempt to downplay the
| important of hardware security or an extremely ignorant
| analysis of the situation being described.
| noasaservice wrote:
| > This is either a disingenuous attempt to downplay the
| important of hardware security or an extremely ignorant
| analysis of the situation being described.
|
| All of those examples have to do with one primary concept:
| DRM.
|
| DRM doesn't serve the end user. Nor does the coffee pods
| with Keurig, all the stupid stuff around inkjet cartridges,
| cat litterbox cleaner, and more. They ALL do have to do
| with customer capture and profit enforcement.
| dpkonofa wrote:
| The parent comment wasn't talking about simple DRM. They
| were making a specific point that Apple's motivation for
| hardening the hardware security of phones had nothing to
| do with actual security but was "anti-competitive
| garbage" and then compared it to devices that don't need
| security. It's not the same thing.
|
| I agree that all those things have needless DRM but that
| doesn't support or prove the parent's point at all.
| noasaservice wrote:
| It is not my responsibility to _disprove_ that replacing
| the screen is some sort of anti-nation-state thing. It 's
| their job to prove that.
|
| The obvious and most direct answer is this is being used
| to _prevent_ repair by all the phone repair companies
| that have popped up. They now want a cut, and have
| enforced a serial-number-on-a-chip that kills a whole
| industry.
| aurizon wrote:
| You are wrong. With a state actor in the room, it is quite
| possible to place a complex die with static ram on a thin
| substrate inside a multilayer board, using the +5 and ground
| and a number of traces that lead to I/O ports etc,
| https://hackaday.com/2019/01/18/oreo-construction-hiding-
| you... Remember these are all from 15 down to 10 nanometer
| parts and at that size circuit complexity takes little space
| and since they live beneath other chips, they are hard to
| find with x-rays if there is a +5 and ground plane that hides
| them. Remember are 16 billion gates in an Apple M1 CPU, https
| ://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%.... A
| million gate parts is as small as a poppy seed and would need
| to have a fan out - perhaps they could have an optical I/O
| and live within the corporate data stream, only waking up
| when special complex command sequences occur and they read
| their RAM and do their job - back to waiting...
| hdjjhhvvhga wrote:
| This is the most ridiculous thing I read this year - and I've
| read a lot of mad stuff. Let's assume your justification is
| true and Apple cares so much about the privacy that they
| implemented this feature just to protect them and that they
| don't care about the money from repairs.
|
| So, in your scenario, someone would have to steal my phone,
| disassemble it, and replace the face unlock recognition chip
| with a custom version. Let's assume this is easy technically,
| i.e. you could actually do it in the iPhone 12 and the phone
| would happily accept the modified version (not a small feat if
| you ask me). Now, while I don't think it's absolutely
| impossible, the means to accomplish this are usually available
| to nation-state actors, and in cases like this one the xkcd 538
| comes to mind.
| aenis wrote:
| This has nothing to do with security. Real life security works
| like this: you leave your device unattended for an hour or two -
| it can get compromised. Period. If you are serious about opsec -
| just take this into account.
|
| My personal devices were hacked in Russia a few years ago. 2
| hours out of the hotel room to have dinner. They broke through -
| what I thought was - decent security of a linux os used properly.
| I only learned since the device had a 3g modem that would send a
| ping to my phone on every login. Since then, I assume any
| hardware is easily compromisable and dont mind the security
| theather vendors rely on to get sales.
| dpkonofa wrote:
| You're literally responding to an article that shows that the
| situation you're describing would be impossible with this
| device. How does this have nothing to do with security?
| smoldesu wrote:
| > The most sophisticated repair shops have found a
| workaround, but it's not a quick, clever hack--it's
| physically moving a soldered chip from the original screen
| onto the replacement.
|
| Sounds like that's not a problem for sophisticated
| adversaries, such as, say, the United States Government.
| GeekyBear wrote:
| >This has nothing to do with security.
|
| You can argue that the biometric sensor shouldn't be integrated
| into the screen, but you can't argue that the biometric sensor
| that is integrated into the screen has nothing to do with
| security.
| deadmutex wrote:
| What do you think made you a target?
| JakeAl wrote:
| Samsung has been doing the same thing.
___________________________________________________________________
(page generated 2021-11-06 23:01 UTC)