Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple vs. the Right To Repair (bloombergview.com)

Posted by timothy on from the but-it's-intuitive dept.

retroworks writes: Bloomberg columnist Adam Minter takes on Apple's "Error 53 Code" and the precedents being challenged by the Right To Repair movement. Apple claims that bricking the phone if it's repaired by a non-Apple certified repair shop protects you from tampering with, say, the fingerprint scanner. But the column documents how the number of "certified" repair shops is under attack. If you can't open it, do you really own it?

9 of 381 comments (clear)

  1. It really is about security, not repair by Anonymous Coward · · Score: 5, Insightful

    But then again, anyone could have told you that including biometric security on a smartphone was just inviting this kind of hardware signing.

    Where outside of China are you going to find the components and the equipment to repair any of these electronics, anyway? Everything's microsoldered to a circuit board the size of a credit card, and the tiniest slip of your all-too-human hands and you've ruined a trace on a different circuit.

    1. Re:It really is about security, not repair by tlhIngan · · Score: 5, Informative

      It shouldn't even matter! The CPU should be doing the authentication anyway, with the sensor simply sending the bitmap (or whatever) to it. Having the sensor be a "trusted" part of the authentication system is just as stupid as requiring a "trusted" keyboard for putting in passwords would be.*

      That IS what is happening.

      But the CPU and sensor are paired up because you don't want to send the sensor data unencrypted across the bus where it's then subject to spoofing attacks. It may seem silly, but it's already been proven on Android phones where a good majority of the sensors do NOT protect the sensor data they send the CPU.

      The CPU gets this data and decrypts it. However, to prevent access from user-level software or even kernel level (via privilege escalation techniques - the kernel is just an untrustworthy), the CPU enters a special trusted secure mode which is completely inaccessible to the kernel and userland software. Here your image data is processed, analyzed and a final determination done when the data is compared against the secure memory storage area (secure enclave - which because it is only accessible in secure mode is completely inaccessible to normal software).

      The problem happens when you replace the sensor which breaks the pairing and encryption keys. Now you have to decide what to do.

      A basic software engineer will say "we'll just re-pair the sensors". Which is great, until you realize you just created a security hole - what if what you just attached wasn't a sensor, but something more sophisticated? Perhaps it's something that pretends it's a sensor, but is really an attack device.

      Said attack device can try to feed specially doctored bitmaps to the secure enclave and do power monitoring and other things to try to divulge secret encryption keys used to access main storage or other things. Or perhaps feed in invalid images meant to crash the CPU in secure mode in such a way as to be able to run arbitrary code.

      Since this mode is superior to kernel mode, it will be completely invisible to the main OS and can spy on everything (think Intel Management Engine, or System Management Mode (SMM) on x86 - the software runs independently of the OS).

      So re-pairing the sensor is a bad idea unless you're in a controlled situation.

      Instead, Apple aborts the complete OS with error 53 - the sensor pairing data is mismatched, and the system is no longer trustable. To protect user data, it would be preferable to simply erase the encryption keys so user data cannot be compromised (think of it this way - the people who can carry out the attack would likely be state actors). Because while 99.999% of the time, the sensor will just be another sensor, who's to tell it isn't a sensor designed to hack the system and spy on its user with the ultimate spyware?

      This is one of those security balances that has to be worked out - do you try to protect user data against state sponsored attacks that have been proven to occur, or do you try to give the user the ability to fix it, at the risk of completely compromising your security?

      Apple chose the former - if the sensor isn't trustable, then the secure enclave is no longer trustable - malware could easily be running and private user data could be sniffed and uploaded for later analysis. So instead, when Apple detects the phone's software may have been compromised, they shut down with error 53.

      Once the secure enclave is compromised, all bets are off. And Apple cannot tell if the TouchID sensor was replaced because the user changed it, or if was changed because the NSA needed to spy.

    2. Re:It really is about security, not repair by Anonymous Coward · · Score: 5, Insightful

      But since it doesn't throw the error when the repair is done but months later when an update is applied kinda makes all of this pointless. I could swap the sensor and access all the data I want the way it works now if I was trying to do so and this "security" measure would not stop me since it doesn't kick in at the time of the swap out. The way it stands now its really only enforcing "apple only" repairs and not any form of security.

    3. Re:It really is about security, not repair by BronsCon · · Score: 5, Interesting

      Falling back to PIN is how I unlock my wife's iPhone 6s Plus when she asks me to change songs or reply to a message on her behalf while she's driving. There's no reason, absolutely none at all, why the Error 53 can't simply be a logged condition that disables the fingerprint reader; Apple should also be able to fix it by pairing the phone and fingerprint scanner.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  2. Property by Anonymous Coward · · Score: 5, Insightful

    Property for peasants is so last century.
    Welcome to the 21st century, where property is only for corporations, copyright is eternal and everything is under license.

  3. EULAs ... by gstoddart · · Score: 5, Interesting

    We pretty much lost this fight when judges upheld the right of corporations to make EULAs binding, including the ability of corporations to change them as they see fit.

    Combine this with the DMCA, and the rest of the copyright/IP bullshit, and, no, you don't own it any more ... you have the right to use it according to their terms, but in no way do you own it in terms of being able to take it apart, modify it, fix it, repair it, or otherwise do anything they haven't licensed you to do.

    This is the direction corporations want to go, and they've been getting lawmakers to enable them.

    You, the consumer? You have no rights other than what they've chosen to give you.

    Until we see lawmakers shift the other way (and they're heavily influenced by lobbying and campaign contributions), you can expect with shit like the TPP and everything else, you'll see less and less "rights" to the products you think you own.

    Welcome to the awesome future, in which the corporations hold all the cards.

    --
    Lost at C:>. Found at C.
  4. Re: I hate Apple but they're right by Anonymous Coward · · Score: 5, Informative

    No, you do not own the VISA nor the driver's license. They are not your property.

  5. Re:If I can't fix the FPU in my Pentium III... by drinkypoo · · Score: 5, Insightful

    Are there any tamper-proofing features in the P3 that would prevent you from doing this? Or is your inability simply due to your not having the right tools, not that anyone does?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Re:I hate Apple but they're right by Anonymous Coward · · Score: 5, Informative

    Have you read the text on the card, or in the cardholder's agreement you signed on to when you choose to keep and use the card? I believe not, because you'd have come across the text "The card provided is the property of [company] and must be returned or destroyed upon our request." It is literally one of the few things you think you own that you actually don't.

    Have you read your statutes regarding your driver's license? I also believe not, because you'd note that most all governments retain the right to revoke the license (at which point, again, return the license or destroy it) and, in fact, in some places, possession of the license after that is illegal (sometimes effectively making you a criminal without your knowledge if they cancel it due to parking tickets while you're driving). The province I live in just fixed that issue last year allowing you to retain your invalid license card on the understanding it is no longer legal for any purpose other than identification. Still, to ensure there's value to the identification, the license is designed to show tampering. Again, one of the few things that it seems like is yours, but by the classical definition of property, really isn't.