[varenc]

The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?

That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.

[skeeter2020]

So a marginally sophisticated player motivated by say stealing someone's content can still do it relatively easy, but if my 14-yr-old breaks her screen, we're SOL. You don't actually think this would even slow down the NSA do you? It's about Apple locking out independent repair businesses.

[varenc]

Would this stop the NSA? No way. But assuming this component is critical for Face ID security, then yes I do think it would slow down the NSA. And it's probably moot since well-funded state actors have access to RCE 0-days anyway.

But raising the cost of an attack might put it out of reach for lower-level actors. For example, there's a small industry of stalkerware [0] out there where the attacker is someone close to the victim. Like with a couple going through a divorce. This measure might make it infeasible for a stalker to compromise a victim's phone by replacing the Face ID chip with a hacked one.

Is security the only reason Apple's doing this? Not a chance. But I also don't think this is 100% useless security theatre. The better way to combat this is to fight against the false dichotomy Apple presents. They act like there's no middle ground between security and user control.

Rather than say all these security measures are useless, we can acknowledge that they have some value but present an alternative solution. I'm sure there are many options but here's a simple one: Don't put the secure Face ID chip on the replaceable screen! Put it somewhere else in the phone next to all the other secure hardware chips.

[0]: https://www.nytimes.com/2021/09/29/technology/personaltech/s...

[Someone]

If I understand this correctly, this leaves the options of either keeping the existing chip that knows your face but isn’t backdoored, or replacing it with one that is backdoored but doesn’t know your face.

If so, I think it would slow down the NSA. They would have to figure out how to add a new face to an existing chip and, ideally, keep that hidden from the phone’s owner.

[sudosysgen]

But you've just owned the screen. If youre the NSA you'd be exfiltrating the screen data and inputting touches (see TEMPEST)

[andrei_says_]

Thank you, this is a very clear distinction exposing the false narrative of security.

Moving the existing chip is trivial but also an effective enough measure against easy repairs.

[dwaite]

The chip establishes an authenticated, encrypted channel for faceID sensor information.

The goal is to prevent someone from silently replacing the camera module with a new device that is no longer capturing local/live data.

Since the ability to replace the camera is audited though, I would assume that this does lock out replacements of the FaceID module by unauthorized third parties, _unless_ there is also a process to do so via a full hardware/storage reset.

[stkdump]

> Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?

It can't be, otherwise Apples techs would not be able to replace it either. Even if it was, there wouldn't even be a reason to put it on the screen's ribbon cable. It could be integrated into the Apple-designed CPU, making the parts cheaper and more modular (i.e. easier to repair, even for Apple)

[pas]

Or repairing this locks the phone and needs a backup login.

[bri3d]

Right, the happy middle ground here would be to separate the security critical hardware from the fragile part which often needs replacement. It's unclear whether Apple repeatedly choose not to do this because of lack of incentive, lack of capability, or hostility towards repair.

[adminscoffee]

i know so many inner city repair people, people of color who's business relies on fixing these phones. apple is effectively trying to dismantle these businesses by doing this type of tampering, i don't think it's right and it's effecting an already vulnerable segment of society.

[syspec]

- Adding race into the discussion that is not about race. Check

- Speaking for minorities. Check.

- Using that to try to further your own agenda. Check.

Please don't do this, it undermines the people you're think you're helping. You're putting them in a monolithic box.

[sbuk]

Wow, that’s low. Not only are you needlessly bringing race into this, your comment comes across as deeply condescending to the very people you are purporting to support.