Apple vs. the Right To Repair

retroworks writes: Bloomberg columnist Adam Minter takes on Apple's "Error 53 Code" and the precedents being challenged by the Right To Repair movement. Apple claims that bricking the phone if it's repaired by a non-Apple certified repair shop protects you from tampering with, say, the fingerprint scanner. But the column documents how the number of "certified" repair shops is under attack. If you can't open it, do you really own it?

Re: I hate Apple but they're right

No, you do not own the VISA nor the driver's license. They are not your property.

Buy apple and get what you deserve

[stealth_finger]

If you get your phone bricked for having the absolute audacity to take to phone

For example, an unauthorized or faulty screen replacement

. Who authorised the failure dickheads? They should be made to replace every single device they bricked with no reason or warning. Maybe this is how they plan on getting over their stagnation in sales, make all the dumb fucks who bought one in the first place buy another one just because. And you know most will because they can't be without their idevice.

Re:I hate Apple but they're right

Have you read the text on the card, or in the cardholder's agreement you signed on to when you choose to keep and use the card? I believe not, because you'd have come across the text "The card provided is the property of [company] and must be returned or destroyed upon our request." It is literally one of the few things you think you own that you actually don't.

Have you read your statutes regarding your driver's license? I also believe not, because you'd note that most all governments retain the right to revoke the license (at which point, again, return the license or destroy it) and, in fact, in some places, possession of the license after that is illegal (sometimes effectively making you a criminal without your knowledge if they cancel it due to parking tickets while you're driving). The province I live in just fixed that issue last year allowing you to retain your invalid license card on the understanding it is no longer legal for any purpose other than identification. Still, to ensure there's value to the identification, the license is designed to show tampering. Again, one of the few things that it seems like is yours, but by the classical definition of property, really isn't.

Re:It really is about security, not repair

[tlhIngan]

It shouldn't even matter! The CPU should be doing the authentication anyway, with the sensor simply sending the bitmap (or whatever) to it. Having the sensor be a "trusted" part of the authentication system is just as stupid as requiring a "trusted" keyboard for putting in passwords would be.*

That IS what is happening.

But the CPU and sensor are paired up because you don't want to send the sensor data unencrypted across the bus where it's then subject to spoofing attacks. It may seem silly, but it's already been proven on Android phones where a good majority of the sensors do NOT protect the sensor data they send the CPU.

The CPU gets this data and decrypts it. However, to prevent access from user-level software or even kernel level (via privilege escalation techniques - the kernel is just an untrustworthy), the CPU enters a special trusted secure mode which is completely inaccessible to the kernel and userland software. Here your image data is processed, analyzed and a final determination done when the data is compared against the secure memory storage area (secure enclave - which because it is only accessible in secure mode is completely inaccessible to normal software).

The problem happens when you replace the sensor which breaks the pairing and encryption keys. Now you have to decide what to do.

A basic software engineer will say "we'll just re-pair the sensors". Which is great, until you realize you just created a security hole - what if what you just attached wasn't a sensor, but something more sophisticated? Perhaps it's something that pretends it's a sensor, but is really an attack device.

Said attack device can try to feed specially doctored bitmaps to the secure enclave and do power monitoring and other things to try to divulge secret encryption keys used to access main storage or other things. Or perhaps feed in invalid images meant to crash the CPU in secure mode in such a way as to be able to run arbitrary code.

Since this mode is superior to kernel mode, it will be completely invisible to the main OS and can spy on everything (think Intel Management Engine, or System Management Mode (SMM) on x86 - the software runs independently of the OS).

So re-pairing the sensor is a bad idea unless you're in a controlled situation.

Instead, Apple aborts the complete OS with error 53 - the sensor pairing data is mismatched, and the system is no longer trustable. To protect user data, it would be preferable to simply erase the encryption keys so user data cannot be compromised (think of it this way - the people who can carry out the attack would likely be state actors). Because while 99.999% of the time, the sensor will just be another sensor, who's to tell it isn't a sensor designed to hack the system and spy on its user with the ultimate spyware?

This is one of those security balances that has to be worked out - do you try to protect user data against state sponsored attacks that have been proven to occur, or do you try to give the user the ability to fix it, at the risk of completely compromising your security?

Apple chose the former - if the sensor isn't trustable, then the secure enclave is no longer trustable - malware could easily be running and private user data could be sniffed and uploaded for later analysis. So instead, when Apple detects the phone's software may have been compromised, they shut down with error 53.

Once the secure enclave is compromised, all bets are off. And Apple cannot tell if the TouchID sensor was replaced because the user changed it, or if was changed because the NSA needed to spy.

Re:Apple's planned obsolescence profit strategy

[david_thornley]

Apple wants to keep making better phones. They normally succeed (although I'm not a fan of the size of the 6 and 6S). Apple keeps upgrading the software on their phones more than pretty much anyone else, but usually when a phone gets old it's a trade-off whether to run an OS designed for a much more capable phone or fall behind on the software. I read the reviews first. Third, nobody's stopping you from getting repairs of the non-security-sensitive components.

The thing is that Apple works hard to make iPhones secure, and since Apple doesn't sell many different models you don't get an option to buy a less secure one.