[millzlane]

This makes it easier for my technicians when customers lie by omission when they have had their device repaired someplace else and they bring it back to us for repair. It's not until we get into the repair and find out someone has stripped screws that can't be removed without extraction tools and replaced LSI's.

It's also nice for consumers who get their devices stolen strictly for parts. Preventing someone from basically chop shopping phones. I don't use iphone's but it's a nice feature. If the parts are serialized they could prevent your stolen iphone's camera from working in someone else's stolen iphone. Essentially locking the parts to a iphone that locked by an appleid.

[Veliladon]

The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components. Like when you take it into a repair shop, how do you know that the replacement part isn't compromised?

If I was replacing the front facing FaceID complex I sure as hell would want verifiable Apple gear and it to be paired to the phone. Why would I want some random person to be able to put something in my phone's biometric authentication path?

[buildbot]

This exactly. To have a more secure device this is one of the trade offs. Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

[candiddevmike]

AFAIK face ID generates a key used to decrypt the data. Swapping the system wouldn't let you unlock it, unless it was performing a MitM against the user of the phone. Honestly most of the TPM and trusted enclave stuff Apple does is mostly to prevent that kind of MitM situation. For most users, I don't see it as a threat to worry about.

[neilalexander]

It’s even more impressive than that — the infrared dot pattern of every Face ID sensor is also physically unique. You can’t swap out Face ID sensors and keep the same enrolment data as a result because the replacement sensor will produce a slightly different pattern.

[1] https://www.apple.com/business-docs/FaceID_Security_Guide.pd...

[sennight]

> Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

Yes, the articles would go something like this: "WTF is wrong with Apple, did they intentionally implement 'security' in the worst possible way, by leaving the phone unencrypted and just using faceID as a lock screen?!"

That is what they'd have to do for your statement to make any sense, they'd have to leave the data unencrypted and just use a removable component as a pass or fail doorman. So the system would have always been unsecure, it would just be more obvious in this scenario.

[jorvi]

I mean.. they could just show a pop-up after required passcode unlock: ‘your iPhone recently had its FaceID/brightness/battery/whatever swapped - do you wish to fully enable the replacement part for this iPhone?’

[dylan604]

because the $badGuy doing the swap could just okay that request

[tjoff]

If you give your phone to an adversary with large amounts of resources it is game over.

If you have to worry about that I most certainly would hope that you wouldn't leave your phone to a repair-shop.

[Spivak]

Everyone keeps parroting this like it's 1995 but infinite resources doesn't really help you. In the US FBI case they happened to chain a few now patched exploits in the lightning port that did nothing except allow them the ability to brute force the password. Had the password been strong it would have been game over.

Regular, run of the mill encryption you can download at every corner store can withstand attacks from nation states.

[solardev]

Zero-days are a thing, as well as companies that find them specifically to sell to governments

[chasd00]

well, depending on the adversary, the resources required could be trivial.

https://imgs.xkcd.com/comics/security.png

[mechanical_bear]

Or leave your MacBook at a repair shop with texts and emails to various VIPs, etc on it… oh wait.

[sosull]

It’s a very fair point, but stranger things have happened. Case in point: https://en.wikipedia.org/wiki/Hunter_Biden_laptop_controvers...

[_V_]

How does disabling TrueTone/autobrightness help your security? Or vibration motor? Or battery? Or rear facing camera?

I can answer for you: these are completely unrelated to security. It is just a middle finger from Apple to anyone wanting to repair their device.

edit: typo

[baybal2]

> The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components.

Reflashing serial numbers of common i2c chips is routine, and not "harder."

It basically only deters self-taught repair shop owners, without electronics background.

[lofaszvanitt]

Do you actually believe that nation states with shitton level funding can't waltz in and out of an original iPhone?

[jonny_eh]

Maybe? But shouldn't we (and Apple) at least try to make things more secure?

[shuntress]

You are conflating separate concerns.

Tracking serial numbers to black-list stolen parts (too much effort for too little value IMO but I'm not a bean counter for a nation-state-sized corporation so what do I know?) is very different from white-listing ordained parts.

Independent shops should be able to buy broken phones from individuals and part them out for repairs without jumping through Apple's hoops.

[dwaite]

> Independent shops should be able to buy broken phones from individuals and part them out for repairs without jumping through Apple's hoops.

I assume in this scenario that all independent shops are trustworthy entities that won't use stolen, reclaimed, or third-party parts in order to save money, without informing the customer?

[robocat]

Apple could provide a genuine parts and stolen parts tracking tool for the most valuable parts: screen, camera, motherboard.

The goal is to make stolen iPhones worth nearly zero to thieves, which makes iPhones more valuable to all iPhone owners. Otherwise stolen iPhones are worth enough to incentivise a stolen iPhone economy. https://www.ifixit.com/Parts/iPhone_13/Screens Not having your phone stolen is worth your replacement cost to you.

[shuntress]

Nothing exists in a vacuum.

Tracking stolen phones and busting chop shops is probably something that should be handled by law enforcement.

[newtritious]

Until it is, Apple are serving their customers by protecting them from this problem.

[shuntress]

I am much more likely to need a phone serviced than have a phone stolen.

Apple should protect me from a repair monopoly overcharging just enough such that a new device (also sold by said monopoly) looks more appealing than a repair.

[newtritious]

They are also protecting you against repair shops using substandard parts, and compromising device security.

The claim about them doing this to make you buy a new device is made up.

[tjoff]

The first part doesn't require functionality to be disabled though.

[buildbot]

Probably a combination of missing calibrations and the software locking. It seems better to fail visibly than to have a device silently phoning home that it is non-genuine.

[bogwog]

> It's also nice for consumers who get their devices stolen strictly for parts. Preventing someone from basically chop shopping phones. I don't use iphone's but it's a nice feature. If the parts are serialized they could prevent your stolen iphone's camera from working in someone else's stolen iphone. Essentially locking the parts to a iphone that locked by an appleid.

A notification that says "this iPhone has stolen parts", some cooperation with the police, etc. could all work without locking down the part. There are a million ways to do it that don't involve destroying the planet and stomping on consumer rights.

Also, getting past the serial number lock isn't that hard. It's hard for the typical random asshole who steals phones, but not for someone knowledgeable enough to buy stolen phones to do repairs. Just search for "iphone screen programmer" on eBay and you'll find them selling for around ~$90.

$90 + an aftermarket screen is still less than what Apple charges for a repair, DIY or not.

[pbhjpbhj]

You can sign things without locking them though. The utility you're speaking of is identification, what's the utility for a user in locking a device against repair?

Apple probably report way more data than a list of part IDs already.