Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple vs. the Right To Repair (bloombergview.com)

Posted by timothy on from the but-it's-intuitive dept.

retroworks writes: Bloomberg columnist Adam Minter takes on Apple's "Error 53 Code" and the precedents being challenged by the Right To Repair movement. Apple claims that bricking the phone if it's repaired by a non-Apple certified repair shop protects you from tampering with, say, the fingerprint scanner. But the column documents how the number of "certified" repair shops is under attack. If you can't open it, do you really own it?

34 of 381 comments (clear)

  1. It really is about security, not repair by Anonymous Coward · · Score: 5, Insightful

    But then again, anyone could have told you that including biometric security on a smartphone was just inviting this kind of hardware signing.

    Where outside of China are you going to find the components and the equipment to repair any of these electronics, anyway? Everything's microsoldered to a circuit board the size of a credit card, and the tiniest slip of your all-too-human hands and you've ruined a trace on a different circuit.

    1. Re:It really is about security, not repair by mrex · · Score: 4, Insightful

      If you could replace the touch ID sensor with any old thing, then they'd publish about "SECURITY FLAWS IN TOUCH ID ARCHITECTURE DISCOVERED" instead.

    2. Re:It really is about security, not repair by mrchaotica · · Score: 4, Insightful

      It shouldn't even matter! The CPU should be doing the authentication anyway, with the sensor simply sending the bitmap (or whatever) to it. Having the sensor be a "trusted" part of the authentication system is just as stupid as requiring a "trusted" keyboard for putting in passwords would be.*

      (* Yeah, yeah, keyloggers -- but don't even try arguing that angle, because anybody who cared about that wouldn't have chosen to have their phone repaired with un-vetted parts in the first place.)

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    3. Re:It really is about security, not repair by sjames · · Score: 4, Insightful

      OTOH, instead of locking up the whole phone, they could just have it refuse to accept the fingerprint ID and let you continue to use other authentication methods.

    4. Re:It really is about security, not repair by Maritz · · Score: 4, Insightful

      Plus as I understand it, PIN entry is required for setting up TouchID, which strongly suggests that falling back to PIN when TouchID has a problem would be completely reasonable. Apple obviously disagree and instead prefer to brick the phone, whether that is a commendable position in terms of security or a cynical way of selling another phone depends on what you think about Apple I suppose. Personally I'd say it's overzealous...

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    5. Re:It really is about security, not repair by tlhIngan · · Score: 5, Informative

      It shouldn't even matter! The CPU should be doing the authentication anyway, with the sensor simply sending the bitmap (or whatever) to it. Having the sensor be a "trusted" part of the authentication system is just as stupid as requiring a "trusted" keyboard for putting in passwords would be.*

      That IS what is happening.

      But the CPU and sensor are paired up because you don't want to send the sensor data unencrypted across the bus where it's then subject to spoofing attacks. It may seem silly, but it's already been proven on Android phones where a good majority of the sensors do NOT protect the sensor data they send the CPU.

      The CPU gets this data and decrypts it. However, to prevent access from user-level software or even kernel level (via privilege escalation techniques - the kernel is just an untrustworthy), the CPU enters a special trusted secure mode which is completely inaccessible to the kernel and userland software. Here your image data is processed, analyzed and a final determination done when the data is compared against the secure memory storage area (secure enclave - which because it is only accessible in secure mode is completely inaccessible to normal software).

      The problem happens when you replace the sensor which breaks the pairing and encryption keys. Now you have to decide what to do.

      A basic software engineer will say "we'll just re-pair the sensors". Which is great, until you realize you just created a security hole - what if what you just attached wasn't a sensor, but something more sophisticated? Perhaps it's something that pretends it's a sensor, but is really an attack device.

      Said attack device can try to feed specially doctored bitmaps to the secure enclave and do power monitoring and other things to try to divulge secret encryption keys used to access main storage or other things. Or perhaps feed in invalid images meant to crash the CPU in secure mode in such a way as to be able to run arbitrary code.

      Since this mode is superior to kernel mode, it will be completely invisible to the main OS and can spy on everything (think Intel Management Engine, or System Management Mode (SMM) on x86 - the software runs independently of the OS).

      So re-pairing the sensor is a bad idea unless you're in a controlled situation.

      Instead, Apple aborts the complete OS with error 53 - the sensor pairing data is mismatched, and the system is no longer trustable. To protect user data, it would be preferable to simply erase the encryption keys so user data cannot be compromised (think of it this way - the people who can carry out the attack would likely be state actors). Because while 99.999% of the time, the sensor will just be another sensor, who's to tell it isn't a sensor designed to hack the system and spy on its user with the ultimate spyware?

      This is one of those security balances that has to be worked out - do you try to protect user data against state sponsored attacks that have been proven to occur, or do you try to give the user the ability to fix it, at the risk of completely compromising your security?

      Apple chose the former - if the sensor isn't trustable, then the secure enclave is no longer trustable - malware could easily be running and private user data could be sniffed and uploaded for later analysis. So instead, when Apple detects the phone's software may have been compromised, they shut down with error 53.

      Once the secure enclave is compromised, all bets are off. And Apple cannot tell if the TouchID sensor was replaced because the user changed it, or if was changed because the NSA needed to spy.

    6. Re:It really is about security, not repair by MrKrillls · · Score: 3, Insightful

      Exactly. Disable the fingerprint reader and demand a PIN.

      Bricking the phone is evil. Driving people to factory authorized repair doesn't cut it for me. Especially if that involves bricking phones. People are too dependent upon phones for apple to take it upon themselves to decide it is best to brick someone's phone on scant evidence of actual malfeasance. It is wrong. It is wrong minded. It is thoughtless. And it is selfish on apple's part.

      --
      Don't step on the baby.
    7. Re: It really is about security, not repair by hidden · · Score: 3, Insightful

      Disabling touch ID on a phone with a non- genuine sensor would be fine. People would just have to use their PIN instead. But that's not what apple has chosen to do. Instead they've chosen to entirely nuke the device, with no warning. That's not a reasonable behaviour for a consumer security measure.

    8. Re:It really is about security, not repair by Anonymous Coward · · Score: 5, Insightful

      But since it doesn't throw the error when the repair is done but months later when an update is applied kinda makes all of this pointless. I could swap the sensor and access all the data I want the way it works now if I was trying to do so and this "security" measure would not stop me since it doesn't kick in at the time of the swap out. The way it stands now its really only enforcing "apple only" repairs and not any form of security.

    9. Re:It really is about security, not repair by BronsCon · · Score: 5, Interesting

      Falling back to PIN is how I unlock my wife's iPhone 6s Plus when she asks me to change songs or reply to a message on her behalf while she's driving. There's no reason, absolutely none at all, why the Error 53 can't simply be a logged condition that disables the fingerprint reader; Apple should also be able to fix it by pairing the phone and fingerprint scanner.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    10. Re:It really is about security, not repair by spire3661 · · Score: 3, Insightful

      And as we see, it may be useful for security, but it ruins usability (via making repairs harder than they have to be). Apple has no excuse here. They HAVE to allow 3rd party parts, just like the automakers had to eventually be forced to.,

      --
      Good-bye
    11. Re:It really is about security, not repair by solidraven · · Score: 3

      Fingerprint sensors are dead easy to bypass though. Unless you wear gloves your phone's case contains the unlock information... So intelligence agencies will still get in easily. Bogus argument. Quite frankly there is no reason to encrypt the sensor data on a board level, the moment they had sufficient access to take a desoldering station to your phone it's already past the point of trustworthy. Then again they'd just force your finger on the sensor... And if you want a sneak attack, just bug the screen driver and capacitive touch IC instead... (easier and far more valuable data).

    12. Re:It really is about security, not repair by BronsCon · · Score: 3, Insightful

      Yup, because a sensor that is disabled (power and data pins) when it fails to authenticate itself can totally prod at the rest of the system.

      And if Apple's engineering is that weak, they deserve the criticism. If the secure enclave is truly write-only as Apple claims, if communication between the fingerprint reader and the secure enclave is encrypted as Apple claims, if a rolling secondary key is used as Apple claims, if the match decision is made within the secure enclave (as would be necessary if it is write-only)... see where I'm going with this?

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    13. Re:It really is about security, not repair by spire3661 · · Score: 3, Insightful

      Usability includes the sum total of the life of the device, including 3rd party repairs. Security is always a compromise between usability and integrity. Apple fell too far on the security side and hampered usability. For the record, i read your comment on my ipad, the only axe i have to grind is making sure we maintain a 'right to repair', which includes 3rd party parts.

      --
      Good-bye
  2. If you can't open it, do you really own it? by bulled · · Score: 3, Insightful

    No, but this is the trade off people make when buying devices like the iphone/ipod. Clearly people value having the fashionable/trendy/"Just Works*" that Apple provide over being able to fix something that is broken. Until that trade off tilts harder against the consumer it will continue to be made.

    * - For some values of "Just Works"

    1. Re: If you can't open it, do you really own it? by h4x0t · · Score: 3, Funny

      Apple store genius: Can I help you?
      Any sensible human: No you cannot.

  3. Popup by bondsbw · · Score: 4, Insightful

    "Would you like to use this new fingerprint scanner? [Yes] [No]"

    Yes -> "Please enter your password."

    See that wasn't so hard.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  4. Property by Anonymous Coward · · Score: 5, Insightful

    Property for peasants is so last century.
    Welcome to the 21st century, where property is only for corporations, copyright is eternal and everything is under license.

  5. EULAs ... by gstoddart · · Score: 5, Interesting

    We pretty much lost this fight when judges upheld the right of corporations to make EULAs binding, including the ability of corporations to change them as they see fit.

    Combine this with the DMCA, and the rest of the copyright/IP bullshit, and, no, you don't own it any more ... you have the right to use it according to their terms, but in no way do you own it in terms of being able to take it apart, modify it, fix it, repair it, or otherwise do anything they haven't licensed you to do.

    This is the direction corporations want to go, and they've been getting lawmakers to enable them.

    You, the consumer? You have no rights other than what they've chosen to give you.

    Until we see lawmakers shift the other way (and they're heavily influenced by lobbying and campaign contributions), you can expect with shit like the TPP and everything else, you'll see less and less "rights" to the products you think you own.

    Welcome to the awesome future, in which the corporations hold all the cards.

    --
    Lost at C:>. Found at C.
  6. Your government is untrusted with your data. by tlambert · · Score: 4, Insightful

    Your government is untrusted with your data.

    But escaping that is "fashionably trendy".

    Got it.

    1. Re: Your government is untrusted with your data. by TheReaperD · · Score: 3, Interesting

      99.99% of customers, Apple or other, could care less about government intrusion into your devices. Here on /. it seems otherwise because we're not a fair sampling of the general population. This is nothing more than a poor excuse to force people to only repair with Apple, at a highly inflated price, or buy a new device. For the few that really care about keeping our data away from the government, smartphones should never be an option in their current form. They're a tracking and security nightmare.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
  7. If I can't fix the FPU in my Pentium III... by tlambert · · Score: 3, Interesting

    If I can't fix the FPU in my Pentium III... do I really own it?

    1. Re:If I can't fix the FPU in my Pentium III... by drinkypoo · · Score: 5, Insightful

      Are there any tamper-proofing features in the P3 that would prevent you from doing this? Or is your inability simply due to your not having the right tools, not that anyone does?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Re:Of course not by stealth_finger · · Score: 3, Insightful

    If you can't open it, do you really own it?

    Mere common sense tells us that that the answer is NO. If a person sells you a product, yet retains the right to forcibly dictate how you use that product, then you haven't bought anything at all, but rather leased it.

    Especially if they reserve the right to brick it irrecoverably because you had the gall to try and get repaired by someone other than them.

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u
  9. Re: I hate Apple but they're right by Anonymous Coward · · Score: 5, Informative

    No, you do not own the VISA nor the driver's license. They are not your property.

  10. Typical obfuscation journalism by SensitiveMale · · Score: 3, Interesting

    From what I understand and I could be wrong, but this issue isn't repairing an iPhone. I don't see how there is a problem replacing a screen or battery. It's when a shop replaces some part that is within the Apple Pay environment. Apple could have a point that using third party hardware can compromise security.

  11. Apple's planned obsolescence profit strategy by JoeyRox · · Score: 3, Insightful

    Think of it as a three-legged stool. The first leg is to mete out feature and function improvements so that each new model has just enough goodness to entice an upgrade. The second leg is to release iOS updates that run so slowly on existing models that users are forced to upgrade just to restore the relative performance they used to get on their current phones. The third leg is to charge exorbitant prices for authorized repairs while making it impossible for third-parties to provide affordable repair services.

    This strategy is designed to gently encourage and then forcibly coerce users to keep upgrading their phones.

    1. Re:Apple's planned obsolescence profit strategy by david_thornley · · Score: 3, Informative

      Apple wants to keep making better phones. They normally succeed (although I'm not a fan of the size of the 6 and 6S). Apple keeps upgrading the software on their phones more than pretty much anyone else, but usually when a phone gets old it's a trade-off whether to run an OS designed for a much more capable phone or fall behind on the software. I read the reviews first. Third, nobody's stopping you from getting repairs of the non-security-sensitive components.

      The thing is that Apple works hard to make iPhones secure, and since Apple doesn't sell many different models you don't get an option to buy a less secure one.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  12. Re:I hate Apple but they're right by Anonymous Coward · · Score: 5, Informative

    Have you read the text on the card, or in the cardholder's agreement you signed on to when you choose to keep and use the card? I believe not, because you'd have come across the text "The card provided is the property of [company] and must be returned or destroyed upon our request." It is literally one of the few things you think you own that you actually don't.

    Have you read your statutes regarding your driver's license? I also believe not, because you'd note that most all governments retain the right to revoke the license (at which point, again, return the license or destroy it) and, in fact, in some places, possession of the license after that is illegal (sometimes effectively making you a criminal without your knowledge if they cancel it due to parking tickets while you're driving). The province I live in just fixed that issue last year allowing you to retain your invalid license card on the understanding it is no longer legal for any purpose other than identification. Still, to ensure there's value to the identification, the license is designed to show tampering. Again, one of the few things that it seems like is yours, but by the classical definition of property, really isn't.

  13. Profound misunderstanding of what ownership means by Brannon · · Score: 4, Interesting

    Ownership means you have every right to tamper with something. It DOES NOT mean that you have any guarantees that the hardware will continue to work if you do so. It never has, EVER, in the history of mankind, EVER meant that.

    Microwaves and other electronics will frequently have tamper avoidance measures built into them for safety reasons--does that mean you don't own your microwave? An emissions control system might disable a car or generator if it discovers it's been tampered with, does that mean you don't own your car?

    A biometric sensor may be tamper-proofed for security reasons (which is exactly what happened here)--doesn't mean that you don't own it.

  14. Separate issues by sjbe · · Score: 4, Insightful

    Where outside of China are you going to find the components and the equipment to repair any of these electronics, anyway?

    Umm, you can buy things from China. If you need proof of this please visit your local Walmart.

    Everything's microsoldered to a circuit board the size of a credit card, and the tiniest slip of your all-too-human hands and you've ruined a trace on a different circuit.

    The practicality of actually doing a repair or modification is not relevant to whether or not one should have the right to attempt the repair or modification. Those are separate issues.

  15. Re:stop buying overpriced overhyped apple trash by Archangel+Michael · · Score: 3, Insightful

    I've known plenty of people who have had both, switched, and switched back. Both ways.

    People want what they want, and there is a choice. Apple or Android are both perfectly fine as consumer choices for everyday people. Some people prefer (gasp!) Apple, others prefer (gasp!) Android even after trying the other. I know, really hard to understand how anyone can like either, considering how awesome Windows Phone (or whatever it is called today) is!

    IMHO the biggest limitation to what a phone can do, is the user using it.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  16. Lies by dkman · · Score: 3, Insightful

    If they wanted what they claim they wanted then they could simply show a warning that "certified parts were detected" or a "tamper detected" every time the phone boots, or more annoyingly every time it wakes.
    What they really want is for you to come suck from their teat any time you need help with their device so they can enjoy the cash flow and laugh all the way to the bank with their 18 billion in profits.

    --
    I refuse to sign
  17. Fixed a mistake in the article by Khashishi · · Score: 4, Insightful

    How can I avoid Error 53?
    Don't buy Apple