[lykr0n]

I think the part of the discussion that is ignored here is the security aspect.

Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.

When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.

A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.

I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.

[userbinator]

If you look back at the history of Apple you'll find they've always been authoritarian control-freaks, ever since the original Macintosh. This is merely another step in the same direction.

The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.

As the saying goes "those who give up freedom for security..." etc.

[varenc]

The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?

That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.

[skeeter2020]

So a marginally sophisticated player motivated by say stealing someone's content can still do it relatively easy, but if my 14-yr-old breaks her screen, we're SOL. You don't actually think this would even slow down the NSA do you? It's about Apple locking out independent repair businesses.

[varenc]

Would this stop the NSA? No way. But assuming this component is critical for Face ID security, then yes I do think it would slow down the NSA. And it's probably moot since well-funded state actors have access to RCE 0-days anyway.

But raising the cost of an attack might put it out of reach for lower-level actors. For example, there's a small industry of stalkerware [0] out there where the attacker is someone close to the victim. Like with a couple going through a divorce. This measure might make it infeasible for a stalker to compromise a victim's phone by replacing the Face ID chip with a hacked one.

Is security the only reason Apple's doing this? Not a chance. But I also don't think this is 100% useless security theatre. The better way to combat this is to fight against the false dichotomy Apple presents. They act like there's no middle ground between security and user control.

Rather than say all these security measures are useless, we can acknowledge that they have some value but present an alternative solution. I'm sure there are many options but here's a simple one: Don't put the secure Face ID chip on the replaceable screen! Put it somewhere else in the phone next to all the other secure hardware chips.

[0]: https://www.nytimes.com/2021/09/29/technology/personaltech/s...

[Someone]

If I understand this correctly, this leaves the options of either keeping the existing chip that knows your face but isn’t backdoored, or replacing it with one that is backdoored but doesn’t know your face.

If so, I think it would slow down the NSA. They would have to figure out how to add a new face to an existing chip and, ideally, keep that hidden from the phone’s owner.

[sudosysgen]

But you've just owned the screen. If youre the NSA you'd be exfiltrating the screen data and inputting touches (see TEMPEST)

[andrei_says_]

Thank you, this is a very clear distinction exposing the false narrative of security.

Moving the existing chip is trivial but also an effective enough measure against easy repairs.

[dwaite]

The chip establishes an authenticated, encrypted channel for faceID sensor information.

The goal is to prevent someone from silently replacing the camera module with a new device that is no longer capturing local/live data.

Since the ability to replace the camera is audited though, I would assume that this does lock out replacements of the FaceID module by unauthorized third parties, _unless_ there is also a process to do so via a full hardware/storage reset.

[stkdump]

> Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?

It can't be, otherwise Apples techs would not be able to replace it either. Even if it was, there wouldn't even be a reason to put it on the screen's ribbon cable. It could be integrated into the Apple-designed CPU, making the parts cheaper and more modular (i.e. easier to repair, even for Apple)

[pas]

Or repairing this locks the phone and needs a backup login.

[bri3d]

Right, the happy middle ground here would be to separate the security critical hardware from the fragile part which often needs replacement. It's unclear whether Apple repeatedly choose not to do this because of lack of incentive, lack of capability, or hostility towards repair.

[adminscoffee]

i know so many inner city repair people, people of color who's business relies on fixing these phones. apple is effectively trying to dismantle these businesses by doing this type of tampering, i don't think it's right and it's effecting an already vulnerable segment of society.

[syspec]

- Adding race into the discussion that is not about race. Check

- Speaking for minorities. Check.

- Using that to try to further your own agenda. Check.

Please don't do this, it undermines the people you're think you're helping. You're putting them in a monolithic box.

[sbuk]

Wow, that’s low. Not only are you needlessly bringing race into this, your comment comes across as deeply condescending to the very people you are purporting to support.

[posnet]

Except that the 'work around' does maintain security since it preserves the original FaceID chip assembly.

"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "

[username190]

I'm not convinced by this - if you look at an iPhone 13's screen, it's entirely separate from the face ID hardware. https://i.imgur.com/D63HrIT.png (screenshot from [0])

On iPhones X through 12, if you kept the Face ID hardware and only changed the display, Face ID would continue to work. On the iPhone 13 series, if you keep the Face ID hardware and change the display, Face ID stops working.

The chip which people are removing seems to serve only to identify the display - nothing to do with the Face ID system. Apple has been using this chip for years to disable "true tone" display functionality when the screen was swapped (unless it was programmed by a proprietary tool, only available to first-party repair shops) - they're now also tying it disable Face ID.

[0] https://youtu.be/8s7NmMl_-yg?t=253

[dpkonofa]

You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.

[userbinator]

I mean the security of putting it in the screen assembly. That seemed more like it was done purely to mess with the repair shops.

[dpkonofa]

As opposed to putting it where? Where else would you put the front-facing camera?

[kanbara]

way to make a total strawman. that quote about freedom has nothing to do with digital security which enhances your privacy and the knowledge that your phone isn't compromised.

i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.

the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em

[Angostura]

You didn't actually address the position of the comment that your are replying to, though

[saagarjha]

I mean, yes, this change makes them more money. But Apple is weird, because they are actually able to convince themselves that they're doing this for a good reason, and if you follow them closely you can almost see their central argument: when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset, but if you look at it under that lens a lot of the concerns about sideloading and repairs make sense from their perspective ("we don't trust the user to do the right thing for their devices").

How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.

[someguydave]

it would be easier to stomach “apple owns the device not the loser customer” if there was a single major oem who was focused only on producing customer-owned devices

[fsflover]

https://puri.sm/products

[someguydave]

yeah man do they have data sheets and programming guides for every chip? are they gonna get interoperability with US cell providers?

[fsflover]

https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...

https://source.puri.sm/Librem5/community-wiki/-/wikis/Cellul...

[someguydave]

“ It can be debated whether the Librem 5 should be called "free hardware" or "open hardware" since most of the complexity of a smartphone lies within the individual components which are not open hardware. The Librem 5 is free/open hardware in the sense that anyone can take the schematics and legally produce their own versions of the phone, but it isn't free/open hardware in the sense that people can't access the source files for the SoC, cellular modem, WiFi/Bluetooth, GNSS, USB controller, etc., so most of the functionality is hidden.”

[dreamcompiler]

Let's examine your premise: Apple acts in the best interest of the customer. In this light FaceID is a bug, not a feature. If somebody wants to get into your phone they don't even need to beat you up; they just have to restrain you, take your phone, point it at your face, and they're in.

With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.

[saagarjha]

The premise here is that half of the users don’t set a passcode at all unless you make it easy for them to authenticate to their phone.

[Cosmin_C]

> when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset

It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.

Relevant: https://youtu.be/kkCwFkOZoOY

[salamandersauce]

The security aspect is commonly brought up for justification for moves like this.

Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?

[dmz73]

I think you got it backwards. The main reason is to exclude 3rd party repairs and extra security is a side effect that can be used as justification. Follow the money.

[hyperbovine]

IMO there is way more money, like orders of magnitude more, to be made from successfully branding the iPhone as the most secure and private smartphone, compared to the repairs market.

[coldtea]

They can already do that without harming repairs. As if replacing the hardware with physical access and giving the phone back to you to tap you is an attack people are actually afraid of... (and if they were, e.g. targeted by state actors or whatever, they could just get a specialized phone, not a mass market one).

They already have non-E2E-encrypted iCloud backups where they give access to the Feds and others.

[threeseed]

The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low. The reason is that it does happen and on a scale that's hard to quantify.

We have examples in Australia of ordinary citizens being targeted by China for promoting Hong Kong or showing support for Uyghur Muslims. And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.

So for me personally I will take security hardening any day over saving a few bucks to go to a cheap screen repairer.

[coldtea]

>The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low.

No, the chances there are statistically very big. Because a thief might get your phone, and then can exploit access to it without MFA, biometrics, etc, and stole your bank account, data, etc.

But the chances of people (a) getting your phone, (b) replacing the camera module and compromising the OS, (c) giving your phone back without you noticing, to get your data, are statistically tiny.

And we've somehow managed for 15 years of smartphones without those mitigations...

>And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.

Where they hacked in the way we're talking about here? If not, how is this relevant?

[colinmhayes]

IMO 99% of people are not worried about someone replacing parts in their phone in order to hack them.

[zepto]

That’s why they need to be protected.

[salamandersauce]

Give me a break. A screen swap in a modern smartphone is not something you can do in a bar in the time it takes somebody to go the bathroom. You need tools like a heat gun to even get the things open which greatly greatly limits the scenarios where and when something like this could occur.

[dpkonofa]

Or, you know, you could just get access to the repair facility and compromise the phone that way...

[zepto]

Who leaves their phone behind at a bar when going to the bathroom?

[mindslight]

Apparently it wasn't enough money to avoid trashing that reputation by building a government agent into their software.

[melff]

As far as I know they didn't trash their reputation among normal end-users, as long as they don't know or care apple can pull shit like that all day while still raking in money from the "security-conscious" crowd.

[contravariant]

Also as far as the NSA is concerned, surely it'd be easier if they have a single supply chain where they are guaranteed to be able to compromise every single iPhone?

Seems a lot easier than compromising some random repair shop.

[robertoandred]

Except third parties can still conduct repairs, they just need to update the component pairing.

[KingMachiavelli]

If Apple actually cared about security & privacy they would make iCloud et al. E2E encrypted but they don't.

A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.

[dpkonofa]

You can care about security and privacy and also still care of ease of use. For 99.99% of their customers, encryption is enforced by default and being able to recover their data is more important than E2E encryption.

[superdude12]

So make it an option.

[varenc]

It is an option! https://support.apple.com/en-us/HT205220

I make encrypted iOS backups to my computer. Happens automatically when I plug in my phone. Data never touches the cloud.

Also Apple does use E2EE for some iCloud backup data like Health, and Keychain (passwords). If you lose access to all of your iDevices you can't recover that data.

I totally agree that Apple should just make all iCloud backup data E2EE. Given that users already lose some types of data from their backup when they lose the key, that doesn't seem like that much of a barrier. Supposedly the reason they're not all E2EE is because of pressure from the FBI[0]. But people like me that care can still have encrypted backups.

[0] https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

[ksec]

>I make encrypted iOS backups to my computer. Happens automatically when I plug in my phone. Data never touches the cloud.

I wish they make a iOS Time Capsule for that.

[chongli]

Making it an option results in people taking that option without fully understanding the consequences. Then those users forget their password and when Apple tells them it is impossible to recover their data they run to the local news station and Apple gets a black eye. Regular people see it on the news and stop buying iPhones.

On the other hand, by not making it an option, Apple annoys power users and others at the extreme tail of the distribution. These users write about it in the tech press and Apple gets a black eye there… But Apple has always been criticized in the tech press so it doesn’t really change anything.

[dpkonofa]

It literally is an option. You can make fully encrypted backups locally without ever touching iCloud.

[jachee]

They started making in-roads to making iCloud E2E encrypted, but the tech community lost their minds about it and they backtracked.

[josephcsible]

You seem to be implying that E2E is impossible without client-side CSAM scanning, but this is obviously false since other companies offer E2E without that.

[jachee]

Not technically impossible, but legally risky, and Apple are very risk-averse, legally-speaking.

Client-side CSAM detection would allow full client-side secrecy unless there’s a pattern of in-violation imagery destined to be sent (presumably E2E encrypted and thus undetectable) to iCloud.

[echelon]

It's easy to view every move Apple makes through the lens of money.

Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.

I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.

I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.

This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.

Everything is about money to Apple.

[dpkonofa]

>I've never been afraid of batteries compromising my system.

Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.

You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.

[donmcronald]

> Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.

It's a detriment to me. I don't need that level of security, so why should I pay extra for all my repairs which is effectively me subsidizing enterprise corporations and governments? Plus it's increasing the original development and manufacturing costs, so I'm paying a lot extra for something that doesn't benefit me at all.

If those companies and governments really need those security features, let them pay for them. I don't care if their phones cost $5k.

[echelon]

You know what affects them more?

A monopoly like Apple, hoarding and gatekeeping the tech, raising their prices. Making 3rd party apps and services more expensive because they have less margin due to Apple taxes.

That's way worse than some invented boogyman.

[dpkonofa]

Apple is not a monopoly so the rest of your statement is meaningless drivel. Also, if I recognize you from other threads, you tend to be pretty sensationalist so forgive me if I feel like you're the one selling a boogeyman.

[echelon]

> rest of your statement is meaningless drivel

To your sensibilities.

> I recognize you from other threads

Good. I keep telling folks to call their reps on Apple, Google, and the whole lot. These companies salt the earth for the rest of us.

Apple taxes 50+% of the mobile application development market with outrageous fees and prevents freedom outside of tightly set, draconian rules.

They're clearly bad for the market with their ever worsening device repairability and increasingly anti-consumer behavior.

Microsoft got handed a new one for behavior one tenth as bad.

The DOJ needs to break Apple in two.

[zepto]

Accusing a business of being motivated only by money is completely trivial and in informative.

For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.

Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.

[commoner]

iFixit's business incentives are more aligned with the interests of consumers than the incentives of manufacturers like Apple who obstruct the repair of the devices they sell. The negligible security difference that Apple is using as an excuse to enforce high repair charges plays a minimal role in an informed user's decision to use a third-party part.

[dpkonofa]

>interests of consumers

Clearly this isn't the case. It seems that the majority of consumers prefer the higher security posture of the iPhone as opposed to the low repairability. You claim it's a negligible security difference yet government organizations and enterprise customers choose iPhones a majority of the time for exactly the security posture used by the iPhone.

[commoner]

Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone. Many people choose iPhones because they are fashionable, and not for any security consideration.

Governments and enterprises contract with original equipment manufacturers for repairs because it is more convenient at that scale. Most phone users are not government or enterprise users, and have lower budgets. The cost difference between an Apple repair and a third-party repair is negligible for an enterprise, but much more significant for the average user.

[zepto]

A lot of people who have iPhones indeed have lower budgets. They got their phones as hand-me-downs or secondhand.

This is only possible because of the durability of iPhones.

It is in apple’s interests to extend the life of iPhones and not to make money on repairs, because it translates into more users for their services.

[dpkonofa]

>Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone.

While this is true, it does point out that that's not an important enough factor for them to not buy the phone, though. All these claims that this is in the interest of consumers is meaningless when people aren't buying the other phones but are buying iPhones. It seems Apple is nailing the "interests of consumers" pretty well, if that's the case.

[Bud]

This would be more convincing if you were not, you know, just making it up out of whole cloth in a completely lazy and unsupported way.

"Negligible security difference"? "Excuse"? Come back when you have a real argument that isn't just obvious spewing of biases.

[zepto]

> iFixit's business incentives are more aligned with the interests of consumers

A device that breaks and needs repair is the last thing consumers want.

The best thing for consumers would be for ifixit’s business to become irrelevant.

[commoner]

Until phones and other electronics become indestructible, iFixit and independent repair shops continue to serve a consumer need by offering more cost-effective repair options than Apple and other manufacturers do.

[zepto]

Sure - but of course ifixit profits from devices that break easily, whereas Apple benefits from making devices more and more indestructible, which is why they keep working on that.

[Bud]

It's easy to view a lot of things in facile, inaccurate ways.

Not very informative, but, certainly easy!

[ClumsyPilot]

"Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops."

Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?

[MichaelZuo]

You can’t buy a replacement battery through their official channels? Which country are you in?

[ClumsyPilot]

You can pay for battery replacement, but you cannot buy a battery and replace it yourself. They literally refuse to sell you any parts

[mrunkel]

He wants to buy the battery from Apple’s suppliers. Not from Apple or an authorized reseller.

[sudosysgen]

You cannot buy the battery from Apple or an authorized reseller. You can pay for them to replace it themselves, but they won't sell you the part.

[dpkonofa]

Yes. If you can replace the microphone jack, or any of the other hardware you mention without verifying its integrity, you can add surveillance hardware to the device. I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser.

[ClumsyPilot]

"I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser."

How is this miracle microphone going to send you anything exactly, telepathically?

[sudosysgen]

And if it could, you could just glue it to the computer or other personal belongings anyways

[dpkonofa]

You don't think that would be more noticeable than something that's inside the computer?

[dpkonofa]

Yes, because we definitely don't have the capability to connect hardware to some kind of wireless, global communications network...

You people are ridiculous.

[concinds]

If Apple Stores have the ability to pair a new FaceID module after an "official" repair, then why wouldn't the NSA have that same ability? Only third-party repair shops don't have that ability.

[sircastor]

Presumably it would be some sort of signing solution, which would be a level of cryptography that not even the NSA with their infinite resources can defeat. Their only hope is to find bugs in the system that can be exploited. In this case such a “bug” would be replacing a module that doesn’t have any hardware integrity checking.

[donmcronald]

What? Apple will just give them a signing key or, more likely, build a portal for law enforcement to use. If they can provide those tools to authorized repair centers they’ll have to give them to the government when compelled.

[easton]

> they’ll have to give them to the government when compelled.

Says who? The whole bruhaha in the San Bernardino case was that Apple would not create a custom version of iOS that would bypass the passcode system. If what you say is true, the FBI could've just compelled them to hand over the root CA for signing iOS builds, built a custom iOS iPSW that's pre-jailbroken (as was a thing in the years before the bootrom became more locked down), and been done.

[aembleton]

The government can just open an authorised repair centre.

[dillondoyle]

Or if an employee of a store can do this, just pay or get an employee hired. I haven't heard of this seems concerning to me. I use a long passcode only on both phone and laptop.

[Bilal_io]

Or the NSA could open a fake repair shop become an authorized shop through Apple.

[bdcravens]

If the local Apple Store has the tools, then it's probably far easier to compromise a person to do it for you.

[dpkonofa]

That's why this exists, though. You can't compromise the person if the hardware signing/check are done via software that's connected to a server. There's nothing a person can do to override that if the hardware doesn't send back the right key.

[pizza234]

> When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.

Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.

[fomine3]

It was fair when Apple banned 3rd party home button(TouchID) replacement because it's sensor itself so it's natural that they should make tamperproof. But this case is FaceID. I'll accept they ban to replace FaceID module, but why they integrate security chip onto display module (say, most fragile part) despite it wasn't? It looks they aren't legit for me.

[noasaservice]

Oh please.

Scary high-end governmental supply chain backdooring with chips the size of a grain of rice are for fiction rags like Bloomberg:

https://www.bloomberg.com/news/features/2018-10-04/the-big-h...

Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.

Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.

[aurizon]

You are wrong. With a state actor in the room, it is quite possible to place a complex die with static ram on a thin substrate inside a multilayer board, using the +5 and ground and a number of traces that lead to I/O ports etc, https://hackaday.com/2019/01/18/oreo-construction-hiding-you... Remember these are all from 15 down to 10 nanometer parts and at that size circuit complexity takes little space and since they live beneath other chips, they are hard to find with x-rays if there is a +5 and ground plane that hides them. Remember are 16 billion gates in an Apple M1 CPU, https://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%.... A million gate parts is as small as a poppy seed and would need to have a fan out - perhaps they could have an optical I/O and live within the corporate data stream, only waking up when special complex command sequences occur and they read their RAM and do their job - back to waiting...

[dpkonofa]

What a straw man! Coffee pods, automated litterboxes, dish washers, and all the rest don't carry an individual's entire digital life on them. You're literally comparing devices that really don't need any kind of security (other than, at worst, network security) to devices that demand privacy and security.

This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.

[noasaservice]

> This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.

All of those examples have to do with one primary concept: DRM.

DRM doesn't serve the end user. Nor does the coffee pods with Keurig, all the stupid stuff around inkjet cartridges, cat litterbox cleaner, and more. They ALL do have to do with customer capture and profit enforcement.

[dpkonofa]

The parent comment wasn't talking about simple DRM. They were making a specific point that Apple's motivation for hardening the hardware security of phones had nothing to do with actual security but was "anti-competitive garbage" and then compared it to devices that don't need security. It's not the same thing.

I agree that all those things have needless DRM but that doesn't support or prove the parent's point at all.

[noasaservice]

It is not my responsibility to disprove that replacing the screen is some sort of anti-nation-state thing. It's their job to prove that.

The obvious and most direct answer is this is being used to prevent repair by all the phone repair companies that have popped up. They now want a cut, and have enforced a serial-number-on-a-chip that kills a whole industry.

[dpkonofa]

That's not how it works. You're the one making the claim, you have to show the evidence to support that claim. They have only claimed that their intention in doing this is to improve security on these devices and they've literally published white papers showing how this does that. There's an entire white paper dedicated to the Secure Enclave and another dedicated just to FaceID.

There's no obvious and direct answer here because you haven't challenged their claim or their evidence that doing this makes these devices more secure because it does. It may have the additional side-effect of making repairs more difficult but if you want to make the claim that their motivation is not what they say it is then you have to provide the evidence for that.

[zamadatix]

I'm not against blocking government level physical security attacks on personal devices but I am against the idea such a thing warrants or truly requires every user to be blocked from all but first party repairs.

If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.

[emerongi]

Show a warning to the user then? Would be a much better way to handle this.

[donmcronald]

Yeah. This should be what regulations enforce. I’m fine with parts serialization to help identify genuine, certified parts, but as the user I should be able to bypass it if I want to use compatible parts.

[mindslight]

It shouldn't be a mere "bypass" as in "press OK to forgo cryptographic security", but rather should include the ability to replace or augment the root of trust with additional keys.

[dann0]

But how would you know someone hasn’t accepted the additional keys for you? You’re making the system weaker while making it appear stronger - that’s the worst possible outcome.

[mindslight]

Adding additional keys should wipe the whole device, require a significant amount of time (a few days tethered in a debug mode), and the boot screen should display the trust root.

[dann0]

I don’t want that. It would have to be a persistent warning of the person that compromised my phone could dismiss the warning.

But most of these anti-Apple comments can be overcome by buying a different device. They have different trade offs.

[donmcronald]

Would it be that bad if it were a persistent check that happened on boot? All you'd need to do to validate the hardware in your phone is reboot it and it would barely have any impact during normal operation.

[dann0]

When was the last time you rebooted your phone?

[donmcronald]

I don't know. Maybe a few weeks ago. The point of doing it on boot is that if you're so important that your threat model includes avoiding non-certified parts, you have an on-demand check to validate the entire chain of hardware in your device.

So if you take your phone in for a repair, reboot it afterwards to make sure the parts are all certified. After that you don't need to do it again unless you leave your phone unattended or have a reason to suspect someone swapped parts on you. There could even be an option to toggle on super persistent warnings if needed.

The point is, you don't need persistent warnings to give a normal user the tools they need to check if they have all genuine parts. Reboot your phone after a repair to ensure you received genuine parts is a pretty simple concept to teach people.

[TaylorAlexander]

We don’t really have to assume that Apple is intentionally harming 3rd party repair, but even if we believe they are operating in good faith they seem to be ignoring third party repair. Which means they don’t really care about saving their customers time and money or reducing waste.

[jefftk]

Since you can bypass it with a microscope and soldering, moving a chip from the old screen to the new screen, this doesn't seem like much added difficulty for someone who is already implementing a hardware-based attack?

[owlbite]

I'd guess the aim is to be secure on all components (most of these things have their own processor(s)). If you can compromise one component you can move from there to compromise another one, until you get to something worthwhile.

I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.

[donmcronald]

So they have all these restriction for security and privacy, but they’re all worthless if Apple decides they’re going to provide surveillance for the government, right?

IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.

The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.

For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.

[secondaryacct]

Or you know, we could click a radio button on the shop website and be able to choose: reparable vs secure.

But they didnt think about that one...

[zepto]

They did, and they have written about that kind of choice.

It’s a false choice. If you give it to people, they will be manipulated into choosing ‘repairable’.

[donmcronald]

Do you mean they did and people overwhelmingly chose repairable, so they invented a narrative to support the answer they wanted?

I don't know anyone that would forgo having a repairable phone for the tiny bit of extra security it gets them.

[zepto]

Right, because people overestimate the need for repairs, and underestimate the value of security.

You can’t seriously think that most people do a good job of assessing cybersecurity risks accurately.

[commoner]

Users who choose to repair the products they own with the parts they want at the price they're willing to pay are not being "manipulated" into anything.

[zepto]

They are if it is at the expense of security.

[908B64B197]

> Apple has hardened their hardware against attackers replacing components of the phone with compromised versions.

It also hurts phone thieves.

Once the device is locked up remotely it's impossible to sell, and you can't even sell the thing for parts since they won't work.

[MichaelZuo]

This. Every iPhone owner gains some tangible value from every disappointed thief. And this will rise as more and more of the userbase converts to totally locked down phones.

Cumulatively over every user, that seems to be a huge value add.

[Ansil849]

> Apple has hardened their hardware against attackers replacing components of the phone with compromised versions.

What specifically is being guarded against by not allowing users to replace a screen, as in this case?

[2OEH8eoCRo0]

So, we worry so much that the NSA will conduct a supply chain attack against an adversary (domestic surveillance does not fall under the NSA) that we further lock down our own devices?

[xet7]

Apple makes fixing even harder for authorized repair shops, than unauthorized repair shops:

https://www.youtube.com/watch?v=v6025_yK02U

If Apple laptops internal harddrive gets broken, currently they can not boot from external harddrive:

https://news.ycombinator.com/item?id=29083633

[dreamcompiler]

Everything Apple does in the name of security or privacy is about enforcing Apple's control over what you do with their hardware after you buy it. They give not one thin damn about your privacy: They want to know everything you're doing with your Apple hardware. Put a sniffer on your Mac and count the daemons phoning home to Apple. Your jaw will drop.

As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.

[hdjjhhvvhga]

This is the most ridiculous thing I read this year - and I've read a lot of mad stuff. Let's assume your justification is true and Apple cares so much about the privacy that they implemented this feature just to protect them and that they don't care about the money from repairs.

So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.