
Apple's desensitisation of people to fundamental security practices - Hasknewbie
https://www.troyhunt.com/apples-desensitisation-of-the-human-race-to-fundamental-security-practices/
======
ChicagoBoy11
The author himself points out in the article that Apple provides you with the
necessary tools to hand Apple support a completely wiped phone as they
diagnose your issue and then recover it again at home. If his point is simply
that this process is inconvenient and the state of the art should be better,
then I think it's a pretty weak point.

The analogy that a commenter made here about a plumber entering your home is
spot on. Like the locks on a door, the security mechanisms Apple has designed
are constructed to thwart breaches on a large-scale (governments) and also on
a small scale (your snooping family members).

Protecting it from people who need to service is it does not seem to fit any
of these categories; if you cannot trust the Apple Genius in the store, seems
silly that this same person would nonetheless trust the probably dozens of
people who handled the device before it was finally placed in its box. And,
like the plumber, if you somehow want him in your house and you want him to
provide expert advice on how to fix your problem yet you fear that he may do
something nefarious in the process, Apple does one better than "keepin' ya eye
on him" \-- it essentially allows you to strip the house of all of your
belongings so the plumber has nothing to look at but the sink. And then it
lets you put all your things back in. Seems pretty good to me.

~~~
ajmurmann
I took his point to be that Apple encourages you to go the insecure route and
just trust them instead of teaching their customers good security awareness.
Apple doesn't suggest to you to wipe your phone, they tell you to just trust
them.

A better analogy from the physical world would be a locksmith who tells you to
just leave your keys under the door mat for him so that he can come in and do
the work when you aren't home.

~~~
ghostly_s
And plenty of people would be willing to make that trade-off on security for
convenience. (This is locksmith right? Like...you realize if he actually cared
he could get in your house _without_ keys?) Others wouldn't. Depends how
sensitive your personal information is; or in the locksmith analogy, to what
extent you consider your valuables irreplaceable. Seems kind of silly to
expect every layperson to operate to the same security standards as a security
professional. My mother does not have credentials to dozens of business
systems on her phone; she has pictures of her cats and _maybe_ a credit card
account stored somewhere.

~~~
gonvaled
The locksmith analogy breaks down fast: the locksmith can enter into your
house if he really tries, but Apple can not enter into your phone without your
help (if it can, it's utterly broken)

~~~
sangnoir
Remember Apple (the organization, not some random 'Genius') has code that runs
as root on all Apple devices and can remotely update that code.

> but Apple can not enter into your phone without your help

Of course Apple _can_ \- that is why the FBI asked them to do just that. Apple
_won 't_ as a matter of principle, not due to any technological limitation.

~~~
gonvaled
> Of course Apple can - that is why the FBI asked them to do just that.

If they can, it's broken. Do not buy those devices.

~~~
ghostly_s
You are hopelessly naive. Do you have some method for independently verifying
Microsoft and Google cannot remotely access their respective consumer OS's
that you'd like to share with us?

------
userbinator
I don't know, this feels like a case of "you're going to have to let the
plumber into your house if you want him to fix your broken toilet." If you're
buying Apple products and asking for support from them, you're implicitly
trusting them anyway. Apple likes to advertise their security greatly; but in
fact, I think "we own you so you can be protected from everyone, including
yourself" is probably closer to the truth.

~~~
a_c
Following the plumber metaphor, at least we were able to monitor plumber's
action and it affects mostly the toilet. While what apple is doing is more
along the line of "give us the key to your house, we will fix your toilet"

~~~
coldtea
People put plumbers/babysitters/cooks/helpers/professionals of various kinds
in their houses that they don't monitor.

~~~
smacktoward
Plumbers (reputable ones, anyway) are generally bonded and insured so that
customers know they will do what they say they will do without causing undue
damage (see [https://www.angieslist.com/articles/hiring-contractor-
whats-...](https://www.angieslist.com/articles/hiring-contractor-whats-
difference-between-bonded-and-insured.htm)).

Does Apple provide any insurance to protect/reimburse the customer if a Genius
misuses their access to the customer's device?

------
droopybuns
This is a really bad piece. The alarmist tone is not appropriate. News flash:
when you give a stranger your phone, they have access to your phone!

The hyperbole is shady. I like some of troy's work, but this post just further
exacerbates the "Chicken Little" stereotype of Security Advocates.

~~~
Hasknewbie
Although I find the title and tone of the piece a bit meh, he still had a
point: Apple is targeting non-tech users who are not familiar with backups,
let alone infosec. It is Apple's responsibility to ensure the safety of the
data they're asking for, which as the Brisbane news he's pointing to
indicates, they're not doing.

~~~
ghostly_s
'A bit meh'? This might be the most hyperbolic headline I've seen on here in
years.

The users Apple is 'targeting' (an odd choice of words; most would use
'customers' here) mostly don't do anything so sensitive with their phones that
they need to worry about bad actors within the company which sold them their
phone in the first place. In the rare instance where some Apple tech starts
stealing nude photos or credit cards, they will be fired, probably prosecuted,
and the customer will recover. Big whoop.

~~~
Houshalter
Linked in the article: [http://www.brisbanetimes.com.au/queensland/apple-
store-photo...](http://www.brisbanetimes.com.au/queensland/apple-store-photo-
ring-scandal-in-brisbane-privacy-commissioner-weighs-in-20161013-gs1d83.html)

>The Australian privacy commissioner will call on technology giant Apple to
explain reports of staff stealing, sharing and ranking of customers' explicit
photos.

I have no idea why people think this is a crazy hypothetical. _Of course_ some
techs will look at your nude photos. And in this case, copy them, post them
online, and rate them.

------
cyberferret
I don't know about the author of the article, but personally I would be even
more worried if I handed a locked phone over to a tech and they said "Oh,
don't worry about giving us the unlock code - we have ways to get around that
easily..."

The fact that tech guys cannot easily get into a locked iPhone actually gives
me better peace of mind.

At the end of the day, as others have said - It's like handing over the house
key to a tradesman, or your car key to a mechanic (I do both on a routine
basis, once I have vetted the other party). End of the day, it is about making
their job as easy as possible, and some semblance of trust is required if
humanity is to keep moving forward.

I wonder what the author would say if he went to his employer or a client site
to diagnose a network issue and they refused to give him any admin passwords.
Sure you can diagnose a DNS or firewall issue without the domain admin
password, but having it surely makes the job a LOT easier and quicker.

~~~
sambe
Exactly. I found it odd that he claims to be a security guy yet repeatedly
says Apple should have some way around a locked phone. No solution offered in
the article...

------
anondon
> if there's a hardware issue that requires the device to be taken "out back",
> then there should be a means of diagnosing faults on a locked device.

A dangerous suggestion.

A better policy might be for Apple to _require_ it's users to backup all their
data, wipe the phone clean and hand over an unlocked device. After getting
back the device, you could sell it on ebay, like OP suggested, or wipe the
device clean in case you suspect malware was installed and continue using it.

~~~
yeukhon
There's a catch though. Some settings don't get carried over to iCloud (I
recently upgraded to iPhone 7 from iPhone 6), and for many heavy users the
free iCloud storage is not enough for backup nowadays.

~~~
K0SM0S
And that's assuming all the sync and backup worked well, which even on day-to-
day use between and iPhone, iPad and Mac can be a bit of a pain (pictures not
syncing, etc.) Given their insane means, I don't know how Apple manages to
fail at providing at least working cloud/sync services, let alone performance
in that regard. But there it is, iCloud services are a dumbed down mess that
_may_ or _may not_ work.

~~~
yeukhon
And overwrite is automatic. I don't think there's even snapshot feature so in
case of some horrible incident I can retrieve back the old version. I could be
wrong.

------
m3rc
Huge help he's giving his son by teaching him basic security practices, but
also how to type on a damn keyboard.

I volunteer with an engineering education camp over some summers and kids are
totally unable to do anything with a normal computer. We try to start teaching
them programming through writing minecraft mods and we require that kids have
a little bit of experience with minecraft, but half the kids that come in have
NEVER used a computer that wasn't an iPad. In their lives. We have to show
kids how a keyboard works, and they're point of refrence is the virtual one
from a touchscreen.

~~~
ianai
Wow how old are these kids? That makes it sound like we're a generation away
from using tablets 100% in place of generalized desktops.

~~~
m3rc
I never took data down but I'd say most are in the 10 to 12 range, with a
couple outliers above that. Next to no kid below 10 has touched a keyboard.

I don't live in a tech-y area either, and the kids come from a lot of diverse
backgrounds. It's just that kids first introductions to computing is always an
iPad. Makes the job of educators a lot harder :/

~~~
ianai
Believe it or not that makes me worry a little less. My keyboard classes
didn't really start until 7th grade I think. Tablets are great. My guess is
they're easier to lock down for kids, but also expose kids to modern concepts
(passwords, websites, idk what else). Its probably fine so long as they sooner
than later learn to type. Now, there's the worrying number of hunt and peckers
I see in the IT department at work...

------
kalleboo
I would love for the iPhone to have a "guest mode" for the times you need to
loan the phone to someone for a quick call, and that would work for Apple
Store diagnostics as well.

~~~
matt_wulfeck
You need to explicitly turn off "find my phone". Not sure the exact reason
why, but I know that it has something to do with iOS security.

~~~
tomschlick
find my iphone locks the phone's serial number so it can't be wiped /
activated with a new account. turning it off allows the phone to be re-
activated under a new itunes account

------
drodgers
Last time I needed an iphone repaired (a 1 hour in-store screen replacement),
they asked me to write down my passcode on the repair authorisation form! They
also seemed really offended when I said I'd rather erase it instead.

Apple could do a much better job in this department.

~~~
bm5k
Anecdata: I've always insisted on wiping devices over providing
passcodes/passwords and I've never gotten any negative vibes about it.

------
electic
I am not sure why this article is raging. Before I go into the Apple Store for
a hardware issue, I backup my phone, and just erase it. They usually take an
hour or so to fix it and I just restore it and I am up and running again. Am I
missing something here?

~~~
pavanky
He explains it later on in the article:

    
    
      I could have wiped it there and then, handed it over and later restored from last night's iCloud backup, 
      but I don't like not having a fully working outgoing device before doing a restore to a new one. 
      I also don't like the lag time due to poor Australian internet and 
      whilst I could have driven home and done a local backup to iTunes, 
      there's still the need to reconfigure a bunch of things that don't cleanly restore

~~~
coldtea
> _but I don 't like not having a fully working outgoing device before doing a
> restore to a new one._

[https://www.youtube.com/watch?v=bwvlbJ0h35A](https://www.youtube.com/watch?v=bwvlbJ0h35A)

------
pedalpete
So many people are missing Troy's point and suggesting that he could wipe the
phone, or you can trust apple like you trust a plumber.

It's a hardware problem. Can't Apple as the hardware manufacturer create a
sandboxed service area on your phone where they and their genii can do
diagnostics? Does it really take every person with a hardware issue to either
hand-over their entire device unencrypted or wipe the device before giving it
to the manufacturer for maintenance?

Imagine if you could let a plumber into your house, but they could only see
the plumbing! They would have no access to all the goods in your house. Isn't
that what we should be aiming for with technology? Don't try to put real world
constraints where they shouldn't exist. I can already create a sandboxed 2nd
user on my device, why can't apple do this themselves, just for them, with the
correct hardware or whatever. Or why doesn't apple recommend people do this
before handing over the phone.

------
jlgaddis
Several years ago, I took a white MacBook in to the Apple Store to have it
looked at. The white plastic around the front corners had started to crack and
chip off. It didn't affect the functionality at all -- it was only cosmetic --
but I wanted to get it fixed.

Apple said they'd have to send it off to fix it. It'd be about three weeks
before I'd get it back and, yes, they'd need my password -- to fix a purely
_cosmetic_ issue.

The next day, I took it to a local AASP and showed it to them. They said
they'd order the part, get it the next morning, and I could pick it up the
next afternoon. No, they didn't need my password.

When I went back to get it, they had fixed it and it was just like brand new.
Oh, and they had ran some type of diagnostic tests on it, found that the DVD
drive was failing, and went ahead and replaced that for me too -- _without my
password!_

It was all covered under AppleCare and I didn't have to do the
backup/wipe/restore dance.

------
Houshalter
I found this article it links to more alarming:
[http://www.brisbanetimes.com.au/queensland/apple-store-
photo...](http://www.brisbanetimes.com.au/queensland/apple-store-photo-ring-
scandal-in-brisbane-privacy-commissioner-weighs-in-20161013-gs1d83.html)

>The Australian privacy commissioner will call on technology giant Apple to
explain reports of staff stealing, sharing and ranking of customers' explicit
photos.

I think this is important, because all the comments so far are about how this
is a crazy hypothetical scenario that no one should be worried about. It's
not.

~~~
sundvor
Exactly. With Apple's track record, the author has every right not to trust
Apple with his device's security, no less so because he is in security himself
and regularly gets notified of hacks / data breaches - presumably on his
phone. Australia Red Cross Blood Service and Cap Gemini being the two most
recently published.

He is _not_ being alarmist; it may only take a few rotten apples to spoil the
barrel, but boy did it get spoiled.

------
pfista
My laptop was accidently switched up at the PDX once. I was coordinating to
have it shipped back and the lost and found employee asked me to provide my
password to prove that the laptop was mine. I had to insist on providing the
full serial number a couple of times before she agreed.

------
jammur
> _Genius (and I 'll be using that term sarcastically from here on in)_

Slightly off topic, but it really bugs me when people ridicule these workers
who are just doing what they've been instructed to do. Seems to happen all too
often when discussing the Genius Bar.

~~~
warp
I think he's ridiculing the names "Genius" and "Genius Bar", not the workers.

~~~
jammur
Maybe, but it can easily be interpreted as mean spirited, and added nothing at
all to the discussion.

A Microsoft MVP probably shouldn't be throwing shade at another company's
marketing term.

~~~
sundvor
Seems to me it is rather agnostic, entirely directed at the fact that with
"Genius" comes certain higher expectations.

------
nyreed
I mean, I agree with the premise, but is handing over a locked phone to an
untrusted third party any better than an unlocked one? Doesn't physical access
always mean game over? If they know they're returning the device to you, can't
some sort hardware interception, keylogger, or listening device be installed
inside the phone?

[https://www.reddit.com/r/AskNetsec/comments/2ehk06/why_does_...](https://www.reddit.com/r/AskNetsec/comments/2ehk06/why_does_physical_access_immediately_mean_game/ck0gef2/)

------
coldtea
> _It 's a hardware fault and no, I can't give it to you unlocked, I'm a
> security guy and I think about these things._

Yeah, because they will be magically able to test it and fix it while
locked...

/facepalm

------
Spooky23
That hasn't been my experience at Apple at all. After the "has your phone been
wet" interrogation, they've suggested that I wipe the device.

------
spiralpolitik
Doesn't match any experience that I've had with the genius bar.

In all cases that I can remember I've been told when making the appointment to
back up the device prior to the appointment and every time the device has had
to go into service the genius person has had me wipe and factory reset the
device in the store before they take it off me.

Anecdotal for sure, but so is the original article.

------
JumpCrisscross
> _Genius: Uh, no, we need it unlocked._

Tell them you are okay with them not being able to run diagnostics on
completing the repair; yes, you understand this may leave the device badly
calibrated. Don't waste time arguing; escalate until you get someone who will
accept your locked phone.

I go through this every time I use Apple's Genius bar. Only once did I have to
wipe, and that was with a Mac.

~~~
lucaspiller
On Mac you can enable Guest Mode which does the trick.

------
matt4077
Is this article really using both "think of the children" and "Apple is
terrible" to get people riled up?

You can back up to iCloud and reset the phone. When getting it back, log in
and wait 30min, everything should be there.

You can't diagnose hardware problems without access to the software and any
limited "service mode" is just a backdoor in waiting.

------
questionr
Provided they really do require authorization to perform any actions on the
phone.

That would prevent anyone from modifying your phone without your permission.
Such as flash the BIOS or something more malicious. Again provided
authorization is required to perform those actions.

------
bm5k
Just wipe the phone & hand it to them. It doesn't take long to reset all
content & settings. Restore it (from the backup you made right before leaving
the house. You DID back it up before leaving, right?) as soon as you get home.

------
Bud
Fundamentally flawed article; stupid.

The author doesn't seem to get that if Apple could run arbitrary software on a
locked phone, THAT MEANS IT IS NOT SECURE TO BEGIN WITH.

~~~
dvhh
do you imply that an iPhone is not secure ?

~~~
csydas
No they're saying arbitrary code execution on the phone would be insecure,
perhaps in a slight misunderstanding of what the article suggests, but true
nonetheless.

I too am wary of a diagnostic partition/back door as an answer to this
conundrum as it seems like it just introduces another vector for attack. We
can say "just make it secure" or "don't give it access to do malicious stuff,
but the nature of jailbreaks on the iPhone rely on bugs in otherwise innocent
functions. Jailbreaks are just exploiting the phone security.

The author seems to be of the opinion that there should be a hardware test
that doesn't require actual access to the phone, which is probably true --
they likely could just swap the speaker in this case and call it a day. But
many of the hardware components are integrated on the iPhone and I'm not sure
there's value in a dedicated speaker test device or a limited hardware test
device like that. Similarly, quality testing afterwards would best be done
before handing it back to the customer; it's pretty lousy service to hand back
a fixed device for it to just not work again, and at some point to ensure that
you've solved the problem you need to get into the phone.

I don't know what the full answer is here since the core problem seems to be
Troy doesn't trust Apple. As others have said, you give up your car keys when
you get your car repaired. You let the plumber into the house. At some point
trust has to be there and people need to be held accountable for violating
that trust. Geeksquad violated that trust without real penalties multiple
times, so it's a legit fear. But Troy seems really intent on distrusting Apple
-- that's fine, but he needs to realize how that's in direct conflict with how
support works. Does he insist the same security on his car? (Ie, no keys for
the mechanic?).

As for a solution, maybe an iPhone onsite imaging tool, some small microboard
attached to a raid box that quickly pulls an encrypted image and stores it
temporarily on site. The tech can test it on a vanilla and then restore for
the client. I don't know if this would violate the iPhone security though
being able to restore the image...

~~~
detaro
I read it more as that he does trust Apple (who could remotely update his
phone with backdoors, read his iCloud contents or ..., but likely has strict
controls in place against this), but he doesn't necessarily trust a random
individual Apple employee who has unlimited and unsupervised access to his
phone. Especially since there are documented cases of store employees copying
photos, less so of Apple actually compromising user data if avoidable.

------
gabeio
I agree that it's not the best case that Apple needs to bring it "in the back"
and to need to unlock it but if you can access the phone's diagnostics from
outside the locked phone done it's already insecure. The fact that even apple
has to have me unlock my phone tells me that not even their diagnostic tools
work outside the lock screen. That sounds beautifully secure to me. And I
agree with userbinator in that "you're going to have to let the plumber into
your house if you want him to fix your broken toilet.".

------
hartator
Funny, he doesn't care it's full unlocked iPhone backups being uploaded to
Apple servers and freely accessible. It's not like there is full iMessages,
iPhotos and other App Data in it!

~~~
detaro
Freely accessible to random employees, without anything in place to prevent
that? Source for that claim?

------
thr0waway1239
Suppose I submitted this story with the following headline:

"Microsoft MVP has problems with Apple's security policies"

The article is actually a good read. I think the message needs to reach
everyone - although I am sure the irony is not lost on the people with
slightly longish memories about Microsoft's security track record till very
recently.

In any case, I am sure someone would come in and change the headline and ask
me to cut down the hyperbole and focus on the message.

This exact response needs to be sent to bloggers who write these click-baity
headlines. The fact that some of them are experts who do know what they are
talking about actually makes it more cringe-inducing, not less.

Oh, and no, the developed countries do not make up the entire human race (even
if people in insular Australia might sometimes think so - see what I did
there?), and many many people in the rest of the world don't even have Apple
devices.

~~~
dzhiurgis
It is somewhat ironic that he quotes a tweet about Surface being repaired in
sight without asking a password, when MS now forces all kinds of telemetry and
spyware on their OS.

Edit: You can add to insult that a MVP has a problem with a genius... Oh this
is a nice story!

