[Veliladon]

The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components. Like when you take it into a repair shop, how do you know that the replacement part isn't compromised?

If I was replacing the front facing FaceID complex I sure as hell would want verifiable Apple gear and it to be paired to the phone. Why would I want some random person to be able to put something in my phone's biometric authentication path?

[buildbot]

This exactly. To have a more secure device this is one of the trade offs. Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

[candiddevmike]

AFAIK face ID generates a key used to decrypt the data. Swapping the system wouldn't let you unlock it, unless it was performing a MitM against the user of the phone. Honestly most of the TPM and trusted enclave stuff Apple does is mostly to prevent that kind of MitM situation. For most users, I don't see it as a threat to worry about.

[neilalexander]

It’s even more impressive than that — the infrared dot pattern of every Face ID sensor is also physically unique. You can’t swap out Face ID sensors and keep the same enrolment data as a result because the replacement sensor will produce a slightly different pattern.

[1] https://www.apple.com/business-docs/FaceID_Security_Guide.pd...

[sennight]

> Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

Yes, the articles would go something like this: "WTF is wrong with Apple, did they intentionally implement 'security' in the worst possible way, by leaving the phone unencrypted and just using faceID as a lock screen?!"

That is what they'd have to do for your statement to make any sense, they'd have to leave the data unencrypted and just use a removable component as a pass or fail doorman. So the system would have always been unsecure, it would just be more obvious in this scenario.

[jorvi]

I mean.. they could just show a pop-up after required passcode unlock: ‘your iPhone recently had its FaceID/brightness/battery/whatever swapped - do you wish to fully enable the replacement part for this iPhone?’

[dylan604]

because the $badGuy doing the swap could just okay that request

[tjoff]

If you give your phone to an adversary with large amounts of resources it is game over.

If you have to worry about that I most certainly would hope that you wouldn't leave your phone to a repair-shop.

[Spivak]

Everyone keeps parroting this like it's 1995 but infinite resources doesn't really help you. In the US FBI case they happened to chain a few now patched exploits in the lightning port that did nothing except allow them the ability to brute force the password. Had the password been strong it would have been game over.

Regular, run of the mill encryption you can download at every corner store can withstand attacks from nation states.

[solardev]

Zero-days are a thing, as well as companies that find them specifically to sell to governments

[chasd00]

well, depending on the adversary, the resources required could be trivial.

https://imgs.xkcd.com/comics/security.png

[mechanical_bear]

Or leave your MacBook at a repair shop with texts and emails to various VIPs, etc on it… oh wait.

[sosull]

It’s a very fair point, but stranger things have happened. Case in point: https://en.wikipedia.org/wiki/Hunter_Biden_laptop_controvers...

[_V_]

How does disabling TrueTone/autobrightness help your security? Or vibration motor? Or battery? Or rear facing camera?

I can answer for you: these are completely unrelated to security. It is just a middle finger from Apple to anyone wanting to repair their device.

edit: typo

[baybal2]

> The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components.

Reflashing serial numbers of common i2c chips is routine, and not "harder."

It basically only deters self-taught repair shop owners, without electronics background.

[lofaszvanitt]

Do you actually believe that nation states with shitton level funding can't waltz in and out of an original iPhone?

[jonny_eh]

Maybe? But shouldn't we (and Apple) at least try to make things more secure?