I was told at an Apple store this year that Apple will no longer repair broken iPads. Seems they just replace them if you have Apple care. I wonder if this is a way to get around right to repair. I guess if you don't repair things you don't need to provide parts for them (no spare parts are available). If parts have to be paired for supply chain security, you can't use them even if you have one on hand. From an ecological point of view Apple can claim that it is best to just return the item to them for recycling (full circle). Diabolical!
Security parts better be paired on a device. I want the FaceID camera stack and TouchID parts at a minimum to be paired. I'm also kind of ok with the display stack being paired because of the digitizer and it's next to impossible to separate the digitizer from the rest of the display stack in modern device form factors.
I agree for that. The battery example though… that one is hard to justify and either the repair is invalid or Apple dun goofed.
Another thing OEMs are trying to control from is slippage in their supply chain being used to steal components for “cheap” repairs or to subsidize other OEMs which is not a trivial problem and does happen regularly.
I get it, I fixit is in a business where being able to pull pieces out of one dead device to use in another is/would be profitable. However parts pair can actually serve real purpose - there are plenty of “separate” devices like this finger print scanners, facial recognition, etc that are necessarily physically separate from the SoC or what have you, but are functionally a single component with the SEP inside that SoC. If someone can arbitrarily replace those sensors then that becomes an attack vector.
Things become problematic/stupid when non security sensitive parts are peered. Things like the battery - while there’s an argument for reporting possible tampering, it seems to me that it should be possible to dismiss this one with a “yeah I know” - from the article it least it isn’t aggressively bricking the device, but still
FWIW I have a third party display on my iPhone 11 Pro and FaceID is understandably disabled on it. In the previous iOS I used to get nagged about it all the time but in this most recent one I seem to have been able to quash the error message and I don’t get notified about it anymore (though obviously FaceID still doesn’t work). If I go into Settings > General > About it has a warning under Display and FaceID but before it was an annoying red dot notification like the kind you get when you have a pending software update on your iPhone.
But then I think Apple should be forced to re-pair (ideally for free) if sb provides receipt of legit acquisition, and maybe after checking a ”stolen items” database.
This would be an acceptable intermediate step, but it still keeps around the need to ask Apple, which seems ethically wrong. They should have no say in whether people can repair their devices.
> After a scanner swap your device is still perfectly capable of verifying that you are in fact the owner and unlocking via the back-up methods, so once that back-up code has been entered why not allow access to the necessary software to pair the scanner to the device and restore function?
Because I can install modified hardware that performs more complicated attacks like sending the PIN for your phone or your iTunes password over the network? And since it’s a hardware modification, it’s persistent forever and nearly impossible to find. Malicious hardware is not part of the threat model that phone manufacturers design around and it’s cheaper/simpler to pair components to fight against that attack vector than to come up with protection mechanisms (eg restrict the memory that the component has access to and various Hw measures to make sure you can’t fuck around in the analog domain - it’s really really complex to get right and a flaw means your entire run is vulnerable until you fix it if you even can without doing major redesign work).
Seems far fetched that someone would go so far to attack you. What sort of enemies you have?
What i'm saying is that most of us are willing to give up a bit of security for repairability and saving the planet. Phones and laptops are expensive products in terms of resources used to create them. We're definitely not paying the full price for them. Imagine how much would it cost to extract every microgram of precious resources and capture all pollution and co2 emitted in the supply and distribution chain. Instead we're lining the pockets of megacorps that use every trick to enrich themselves while slowly destroying the environment, the same corps that gives access to your data to the government if need be. I'd say the chance of a sophisticated hardware hacker implanting a rogue chip in your phone is somewhat smaller than the chance of your phone's screen or battery dying in the next year.
The sort of enemies Apple designs for are the highest-level ones one can think of. They often kind of walk the walk with things like lockdown mode. I respect and like that.
... however the compromises they make in the name of security are often weirdly broad, UX-degrading and suspiciously align very well with their business interests.
None of this applies to the battery, yet this is exactly where Apple is using it ... Also, the connection with the display is ridiculous. The complexity that custom hardware would need to have to attack using the display is almost absurd.
I mean your argument is not wrong, it just doesn't really apply to parts pairing. Clearly, this means it isn't Apple's only concern to secure devices.
Did they make a new update? When I switched batteries last year the only thing that was restricted was fast charging and that's more of a way to keep you safe when usi g cheap cells...
Read the article: They authenticate specific battery serial numbers, rather than type or producer. That means they authenticate if a given battery is the specific battery inserted at the apple factory. This, of course, also authenticates the type and producer, so they could allow fast charging on replacement batteries, yet they choose not to allow any replacement at all, not even with batteries from a discarded equivalent equipment.
Again, if the intent is to protect against defective batteries this seems a very strange way to go about it. This specifically disallows replacement parts. Any replacement parts, no matter where they come from.
I was told at an Apple store this year that Apple will no longer repair broken iPads. Seems they just replace them if you have Apple care. I wonder if this is a way to get around right to repair. I guess if you don't repair things you don't need to provide parts for them (no spare parts are available). If parts have to be paired for supply chain security, you can't use them even if you have one on hand. From an ecological point of view Apple can claim that it is best to just return the item to them for recycling (full circle). Diabolical!
Security parts better be paired on a device. I want the FaceID camera stack and TouchID parts at a minimum to be paired. I'm also kind of ok with the display stack being paired because of the digitizer and it's next to impossible to separate the digitizer from the rest of the display stack in modern device form factors.
If it improves security: Go at it, have fun.
... but give me, the owner, a way to override it. It could be through a pairing code delivered with the device.
I agree for that. The battery example though… that one is hard to justify and either the repair is invalid or Apple dun goofed.
Another thing OEMs are trying to control from is slippage in their supply chain being used to steal components for “cheap” repairs or to subsidize other OEMs which is not a trivial problem and does happen regularly.
I get it, I fixit is in a business where being able to pull pieces out of one dead device to use in another is/would be profitable. However parts pair can actually serve real purpose - there are plenty of “separate” devices like this finger print scanners, facial recognition, etc that are necessarily physically separate from the SoC or what have you, but are functionally a single component with the SEP inside that SoC. If someone can arbitrarily replace those sensors then that becomes an attack vector.
Things become problematic/stupid when non security sensitive parts are peered. Things like the battery - while there’s an argument for reporting possible tampering, it seems to me that it should be possible to dismiss this one with a “yeah I know” - from the article it least it isn’t aggressively bricking the device, but still
FWIW I have a third party display on my iPhone 11 Pro and FaceID is understandably disabled on it. In the previous iOS I used to get nagged about it all the time but in this most recent one I seem to have been able to quash the error message and I don’t get notified about it anymore (though obviously FaceID still doesn’t work). If I go into Settings > General > About it has a warning under Display and FaceID but before it was an annoying red dot notification like the kind you get when you have a pending software update on your iPhone.
Parts pairing reduces theft risk.
But then I think Apple should be forced to re-pair (ideally for free) if sb provides receipt of legit acquisition, and maybe after checking a ”stolen items” database.
Otherwise we just increase e-waste.
This would be an acceptable intermediate step, but it still keeps around the need to ask Apple, which seems ethically wrong. They should have no say in whether people can repair their devices.
Or tie re-pairing to the iCloud account on the device, seems like that’d be sufficient for anti theft.
> After a scanner swap your device is still perfectly capable of verifying that you are in fact the owner and unlocking via the back-up methods, so once that back-up code has been entered why not allow access to the necessary software to pair the scanner to the device and restore function?
Because I can install modified hardware that performs more complicated attacks like sending the PIN for your phone or your iTunes password over the network? And since it’s a hardware modification, it’s persistent forever and nearly impossible to find. Malicious hardware is not part of the threat model that phone manufacturers design around and it’s cheaper/simpler to pair components to fight against that attack vector than to come up with protection mechanisms (eg restrict the memory that the component has access to and various Hw measures to make sure you can’t fuck around in the analog domain - it’s really really complex to get right and a flaw means your entire run is vulnerable until you fix it if you even can without doing major redesign work).
Seems far fetched that someone would go so far to attack you. What sort of enemies you have?
What i'm saying is that most of us are willing to give up a bit of security for repairability and saving the planet. Phones and laptops are expensive products in terms of resources used to create them. We're definitely not paying the full price for them. Imagine how much would it cost to extract every microgram of precious resources and capture all pollution and co2 emitted in the supply and distribution chain. Instead we're lining the pockets of megacorps that use every trick to enrich themselves while slowly destroying the environment, the same corps that gives access to your data to the government if need be. I'd say the chance of a sophisticated hardware hacker implanting a rogue chip in your phone is somewhat smaller than the chance of your phone's screen or battery dying in the next year.
> What sort of enemies you have?
The sort of enemies Apple designs for are the highest-level ones one can think of. They often kind of walk the walk with things like lockdown mode. I respect and like that.
... however the compromises they make in the name of security are often weirdly broad, UX-degrading and suspiciously align very well with their business interests.
None of this applies to the battery, yet this is exactly where Apple is using it ... Also, the connection with the display is ridiculous. The complexity that custom hardware would need to have to attack using the display is almost absurd.
I mean your argument is not wrong, it just doesn't really apply to parts pairing. Clearly, this means it isn't Apple's only concern to secure devices.
Did they make a new update? When I switched batteries last year the only thing that was restricted was fast charging and that's more of a way to keep you safe when usi g cheap cells...
Read the article: They authenticate specific battery serial numbers, rather than type or producer. That means they authenticate if a given battery is the specific battery inserted at the apple factory. This, of course, also authenticates the type and producer, so they could allow fast charging on replacement batteries, yet they choose not to allow any replacement at all, not even with batteries from a discarded equivalent equipment.
Again, if the intent is to protect against defective batteries this seems a very strange way to go about it. This specifically disallows replacement parts. Any replacement parts, no matter where they come from.
What could possibly go wrong?