[HN Gopher] Parts Pairing Kills Independent Repair
___________________________________________________________________
Parts Pairing Kills Independent Repair
Author : colinprince
Score : 28 points
Date : 2023-01-29 18:40 UTC (4 hours ago)
(HTM) web link (www.ifixit.com)
(TXT) w3m dump (www.ifixit.com)
| vlovich123 wrote:
| > After a scanner swap your device is still perfectly capable of
| verifying that you are in fact the owner and unlocking via the
| back-up methods, so once that back-up code has been entered why
| not allow access to the necessary software to pair the scanner to
| the device and restore function?
|
| Because I can install modified hardware that performs more
| complicated attacks like sending the PIN for your phone or your
| iTunes password over the network? And since it's a hardware
| modification, it's persistent forever and nearly impossible to
| find. Malicious hardware is not part of the threat model that
| phone manufacturers design around and it's cheaper/simpler to
| pair components to fight against that attack vector than to come
| up with protection mechanisms (eg restrict the memory that the
| component has access to and various Hw measures to make sure you
| can't fuck around in the analog domain - it's really really
| complex to get right and a flaw means your entire run is
| vulnerable until you fix it if you even can without doing major
| redesign work).
| candiodari wrote:
| None of this applies to the battery, yet this is exactly where
| Apple is using it ... Also, the connection with the display is
| ridiculous. The complexity that custom hardware would need to
| have to attack using the display is almost absurd.
|
| I mean your argument is not wrong, it just doesn't really apply
| to parts pairing. Clearly, this means it isn't Apple's only
| concern to secure devices.
| Zetobal wrote:
| Did they make a new update? When I switched batteries last
| year the only thing that was restricted was fast charging and
| that's more of a way to keep you safe when usi g cheap
| cells...
| spicymaki wrote:
| I was told at an Apple store this year that Apple will no longer
| repair broken iPads. Seems they just replace them if you have
| Apple care. I wonder if this is a way to get around right to
| repair. I guess if you don't repair things you don't need to
| provide parts for them (no spare parts are available). If parts
| have to be paired for supply chain security, you can't use them
| even if you have one on hand. From an ecological point of view
| Apple can claim that it is best to just return the item to them
| for recycling (full circle). Diabolical!
| olliej wrote:
| I get it, I fixit is in a business where being able to pull
| pieces out of one dead device to use in another is/would be
| profitable. However parts pair can actually serve real purpose -
| there are plenty of "separate" devices like this finger print
| scanners, facial recognition, etc that are necessarily physically
| separate from the SoC or what have you, but are functionally a
| single component with the SEP inside that SoC. If someone can
| arbitrarily replace those sensors then that becomes an attack
| vector.
|
| Things become problematic/stupid when non security sensitive
| parts are peered. Things like the battery - while there's an
| argument for reporting possible tampering, it seems to me that it
| should be possible to dismiss this one with a "yeah I know" -
| from the article it least it isn't aggressively bricking the
| device, but still
| SOLAR_FIELDS wrote:
| FWIW I have a third party display on my iPhone 11 Pro and
| FaceID is understandably disabled on it. In the previous iOS I
| used to get nagged about it all the time but in this most
| recent one I seem to have been able to quash the error message
| and I don't get notified about it anymore (though obviously
| FaceID still doesn't work). If I go into Settings > General >
| About it has a warning under Display and FaceID but before it
| was an annoying red dot notification like the kind you get when
| you have a pending software update on your iPhone.
| Veliladon wrote:
| Security parts better be paired on a device. I want the FaceID
| camera stack and TouchID parts at a minimum to be paired. I'm
| also kind of ok with the display stack being paired because of
| the digitizer and it's next to impossible to separate the
| digitizer from the rest of the display stack in modern device
| form factors.
| vlovich123 wrote:
| I agree for that. The battery example though... that one is
| hard to justify and either the repair is invalid or Apple dun
| goofed.
|
| Another thing OEMs are trying to control from is slippage in
| their supply chain being used to steal components for "cheap"
| repairs or to subsidize other OEMs which is not a trivial
| problem and does happen regularly.
| alanfranz wrote:
| Parts pairing reduces theft risk.
|
| But then I think Apple should be forced to re-pair (ideally for
| free) if sb provides receipt of legit acquisition, and maybe
| after checking a "stolen items" database.
|
| Otherwise we just increase e-waste.
| PaulBGD_ wrote:
| Or tie re-pairing to the iCloud account on the device, seems
| like that'd be sufficient for anti theft.
___________________________________________________________________
(page generated 2023-01-29 23:02 UTC)