
Microsoft Tells FTC Repair Poses a Cyber Risk - walterbell
https://securepairs.org/microsoft-tells-ftc-repair-poses-a-cyber-risk-it-doesnt/
======
userbinator
Right to repair is just one of the many cases of "security" being used as an
excuse to take away freedom, and it's one of the ways the corporations and
governments (nearly the same thing, really) gradually build their dystopian
vision of complete control over the population. It's so alluring, because "who
doesn't want to be safe and secure?" On the surface it's appealing, but if you
think about it, much like "a world without (cyber)crime", the ultimate result
of striving for perfect security is dystopia.

Then, much as perfect freedom is unattainable, so is perfect security; and I
think it's time we rebelled against this desire to achieve it. Unfortunately,
it seems desiring _any_ sort of security is only going to give the companies
more leverage to use it against us, so the way to go is to reject completely
their notion of (centralised, authoritarian) security, and make _freedom_ the
highest priority. Insecurity is freedom, and that is what we should fight for.

That infamous Benjamin Franklin quote has really taken on a deeper meaning
recently.

~~~
whatshisface
Security against institutions is just as important as security against
individuals, because big institutions aren't any more moral than the average
individual. Everyone thinks about security against criminals, but the reason
we don't live in a third world dictatorship is our constitutionally enshrined
security against the police.

~~~
danShumway
> Security against institutions is just as important as security against
> individuals

This is very well phrased.

It gets across something I was having trouble putting into words -- that
security and freedom aren't always just opposite goals that conflict with each
other. Freedom isn't an ideal, it's a practical system designed to guard
against tangible harms.

------
awinter-py
Technology needs an immune system. 'Tamper evident' is the right approach, but
achieving this in a way that consumers can use is hard and requires building
blocks that don't exist yet.

How can you verify that the motherboard you sent out is the one you get back
_and_ it doesn't have extra hardware inside the case?

msft isn't wrong that creating a trusted supply chain for hardware is
difficult, but I think that 'how can I trust the repair shop' and 'how can I
trust MS' are the same problem.

~~~
devoply
The real threat is not tampering, the real threat is from the manufacturer and
the corporations that already have keys to the data kingdom and control the
entire stack. I have yet to hear of a single case of hardware tampering as
software tampering is much much easier and infinitely more effective... and
even if hardware tampering happens it's an extreme edge case and almost
irrelevant.

~~~
solotronics
This kind of blurs the line between hardware and software but there have been
recent attacks where groups have written attack firmwares to motherboards and
hard drives of cloud computing baremetal servers.

~~~
stcredzero
It's still software. It's just software that most application programmers
ignore by inclination.

------
ummonk
The argument they're making is obviously true, both in theory and in fact
(look up how Best Buy repair technicians act as informants for the
government).

> _if Microsoft wants to make devices that nobody can service and repair
> without breaking their security model, they’re entitled to do that. They can
> make Surface Pros so hardened and tamper proof that merely opening them will
> destroy them._

> _What they can’t do is make devices that are repairable, and then lock out
> everyone but their own service technicians._

There is no distinction here. The tamper proofing is what locks out everyone
but their own service technicians.

~~~
akira2501
> There is no distinction here.

Yes there is. The question is now "how does MSFT decide _who_ gets the right
to repair their devices?"

If it's a reasonable and non-discriminatory process, then that might be fine,
if they're arbitrarily deciding, then that's likely an issue the FTC _should_
investigate.

~~~
kevin_thibedeau
I need to get a repair authorized in 20 years. Can I still do it?

------
jensv
Bought a Surface Pro 5th generation. Less than 8 months later the battery
barely holds a charge. (<5 minutes) You're basically stuck because everything
is glued together so you don't have any options other than to buy a brand new
device. Feels a little like the forced Windows 10 updates. Good luck running
Linux unless you are willing to live with all kinds of fail, due to poor
camera support.

In the end it was far easier to just switch over to a Thinkpad.

~~~
no_wizard
The one year warranty should have covered your surface

I do support right to repair for the record. I just think this isn’t a great
example of how the right to repair would have actually helped someone

~~~
close04
Battery warranty is one of the more grey areas of warranty coverage. Depending
on local legislation and the specific coverage for the model you can get 6-12
months (it's considered a consumable) and the warranty might start when the
battery was manufactured rather than the sale date (like Dell did some years
ago, not sure if it's still a practice).

~~~
pbhjpbhj
Consumables are readily replaced at low cost. Batteries (in phones/tablets)
are essential central components.

If you need tools or instructions then the parts aren't really consumables.

~~~
MereInterest
Part of the issue is the trend of integrating parts that used to be easily
replaceable. My first phone/laptop each had batteries that could be swapped in
under 10 seconds with no tools. My latest do not.

------
Fnoord
For those who thought Microsoft was an alternative to Apple with regards to
right to repair: think again. The mid-range and high-end HP laptops (not
Lenovo) are the easiest serviceable these days.

~~~
siphon22
I use a hp elitebook 8470p i got for 100 usd from some guys garage and it is
simply amazing. No screws, not even one to get the bottom cover off! You just
slide it off and bam, your cpu/heatsink, fan, ram, and hdd are accessible on
pretty much the same layer.

~~~
Fnoord
There are some sweet spots of old laptops which are serviceable. Some are even
Macs. There's also some which have an Intel ME which can be disabled. Some are
even x86-64. Its getting less common though.

------
close04
> If the TPM or other hardware or software protections were compromised by a
> malicious or unqualified repair vendor, those security protections would be
> rendered ineffective and consumers’ data and control of the device would be
> at risk

Then make it so the consumer can always tell if the security became
ineffective.

~~~
HeWhoLurksLate
I'm getting Vista flashbacks.

------
sorval
Ah, Theres the old Steve Balmer Microsoft we all know and love.

~~~
userbinator
To be fair, Steve's Microsoft wasn't the one that introduced and popularised
invasive telemetry, "treat the user like an idiot" design (including things
like forced updates), nor the feverish desire to lock down the PC platform in
the name of "security", but it may have just been a matter of time.

------
orthoxerox
What about Tesla? IIRC they also prevent owners and third parties from working
on their cars.

~~~
cameronbrown
I can understand the rationale that modified software could be a major danger
in their cars.

~~~
userbinator
We've had modified cars and the associated culture for over a century, and no
major danger has arisen from it (no more than the usual attributed to bad
drivers, anyway.)

~~~
guitarbill
the batteries are fairly new technology though and do pose a serious hazard. i
have no doubt as the field matures it'll become safer though, with established
procedures. glad to see people like Rich Benoit are blazing the trail already.

~~~
Sendotsh
Are the battery packs really more dangerous than playing with nitrous
injection or race fuel? I don’t need any certifications or permission to do
either of those in my shed.

~~~
cameronbrown
Is there a lot of information online relating to those subjects? I'd guess
it's a lot easier to find knowledge in these areas than lithium ion batteries
for cars, which obviously makes it more dangerous because there's nobody to
help if something goes wrong.

------
thefounder
Remember not to buy Microsoft if you have alternatives

~~~
doggydogs94
You forgot to include Apple in your do not buy list.

------
gmueckl
Is there a way to replace board firmware with a hacked one that hides its
alterations ny emularing ROM accesses? It could then also patch the secure
boot checks out of the OS during system boot. Such a firmware would only be
detectable by desoldering the flash chips and using a dedicated hardware
reader.

If that is the case, every computer could be fundamentally compromised if you
left it out of sight for long enough.

~~~
AnthonyMouse
You don't even have to replace the board firmware. You can just replace the
board, or the entire device, with one that does whatever you want. Like
emulate whatever the real device does until the user enters their PIN and then
send it back to the attacker via wireless.

There are a lot of different threat models here. The problem is that for the
serious ones, like a state-level attacker, anything but continuous physical
security is hopeless. But for the less serious ones, all of this faux spycraft
is nothing but an excuse for anti-consumer behavior because the path of least
resistance for your kids to get into your phone is by shoulder surfing your
PIN, not using 0-days to install custom device firmware etc.

------
deogeo
Is this the "new, open-source friendly" Microsoft?

~~~
patrick5415
Seriously. It’s hard to understand why Microsoft has been getting so much
fanfare from the OS community recently.

~~~
mhh__
New generation of programmers, many of which would have been very young/not
alive when Microsoft were at peak (anti-OSS)/EEE?

~~~
giancarlostoro
I am "one of them" Microsoft still has some old corporate people still in
charge versus some of the new projects which are not managed necessarily by
the same groups. Until all these types leave it will feel like Microsoft is
passive agressive.

~~~
maxxxxx
Blame it on the "old people" but you soon you will see that "young people"
will pull the same nonsense as soon as they have to hit quarterly numbers. Big
companies can't be your friend.

~~~
achamayou
Microsoft's new strategy has not happened to the detriment of quarterly
numbers, on the contrary.

------
shmerl
As usual, DRM proponents try to sell DRM as a security feature. In practice
it's the opposite. DRM is the security risk.

~~~
xoa
This sort of of statement is one I made back in the lates 90s and early 00s.
As an absolute statement it was wrong and still is wrong, and I think the
enthusiast tech community's adoption of it has done a huge amount of harm. We
reflexively opposed things like TPMs at all, rather then recognizing that the
real question is who controls putting keys there. It would have been (and
still would be) better to fight to make sure the standard is that the end
people in charge of the device have the right to control the master keys on
it. By going for a blanket "no chains of trust at all" we gave up a lot of
useful capabilities and left the door open for companies to come in making use
of them but with unpleasant and unnecessary extras tacked on.

~~~
_emacsomancer_
> This sort of of statement is one I made back in the lates 90s and early 00s.
> As an absolute statement it was wrong and still is wrong, and I think the
> enthusiast tech community's adoption of it has done a huge amount of harm.

It's absolutely a correct statement from a user perspective.

------
doggydogs94
I see no difference between Microsoft’s position and that of Apple. Except
that Apple is a trendy brand.

~~~
karmakaze
Yes they're both on the wrong side of right to repair.

------
yarrel
Microsoft love Open Source.

User freedom, not so much.

------
xoa
Microsoft isn't entirely wrong, and "right to repair" advocates conspicuous
failure to acknowledge this tradeoff is one of the weaker and more irritating
parts of the movement. Note _tradeoff_ as the word, it's not as if good things
don't come with it too, nor does it mean the same weighting applies to
everyone. It doesn't mean that those who want to shouldn't be able to hack on
their devices. A similar tradeoff applies to pure software signing, where I am
very much in favor of a legal requirement that hardware "possessors" [1]
should be able to load their own master signing keys into any cryptographic
roots of trust, and thus be able to run software of their choice with no
further relationship with the manufacturer even in a system that has full
signing required.

But the power to do that is also the power to screw it up. If any 3rd party
can repair something like biometric hardware, any 3rd party could also
compromise said hardware. Some people may find the benefits of the former
outweigh the latter, but I do think it should be a choice in the law, and that
liability should adjust accordingly. Ie., you can upfront on buying a device
request that it not enforce cryptographic reqs for hardware repairs (this
could be controlled by a permanent fuse or many other ways), but alternately
you can also request that continue to be a requirement. In my case for example
I _do not want_ to buy an iPhone that is "right to repair enabled". I don't
want the magic circle of who can mess with it expanded any further than the
minimum, which is Apple themselves who are by definition inside the tent
anyway.

I also think the "right to repair" movement is a symptom rather then cause
thing, and obscures the real problem for the vast majority of the market. The
true core issue is that, in America in particular, legal standards for fitness
for purpose are simply way, way too loose. The reasonable expectation most
people have for buying something expensive is that it'll be in working order
for a proportionate number of years. Not forever of course, but a $200-400+
bit of electronics shouldn't be dead in 13 months either. A $500-1k one should
probably last at least 4-5 years without further cost, etc. The retail price
should reflect whatever it takes to make that happen. Manufacturers are the
ones in a position to deal with that, who have the best stats on failure
rates, and can make decisions about tradeoffs between cheapness of repairs,
more on QA, where more expensive repair reqs might reduce repair need even
farther in the first place (or provide other feature value), etc. It simply
shouldn't be the consumers' problem at all, beyond evaluating the retail
price. Yet it's completely standard to have something ludicrous like a single
year warranty.

Essentially, it's a classic market Externality problem. Everyone does expect
their devices to last, but are forced to roll the dice on whether they
specifically have bad luck and have to pay expensive rare repairs all by
themselves. The manufacturer gets to advertise an artificially low price but
externalizing the failure rate percentage onto the customers, and even charge
extra for what should be standard. Instead warranties should be adaptive,
something like "1 month for every $12 retail price up to a maximum of 5 years"
say. Then let the market sort it out from there. I'm worried "right to repair"
will ultimately be camouflage that let manufacturers skip out on their real
responsibilities in some cases. Right to repair could make out of warranty
repairs cheaper, but _you shouldn 't have to pay at all_ within a reasonable
normal life.

\----

1: which would be defined as something alone the lines of "anyone who has
paid, either upfront _or_ on an ongoing plan basis, for hardware and possesses
the right to control access to it." Lawyers could make it watertight, but
basically a definition which would explicitly not allow any sort of "oh we
were only leasing it to them!" loopholes.

~~~
stefan_
You are deluding yourself if you think cryptography can be the solution to an
attacker with access to the physical machine. No crypto in the world can help
you if I simply bug the fricking physical keyboard!

~~~
xoa
> _You are deluding yourself if you think cryptography can be the solution to
> an attacker with access to the physical machine._

Of course it can be part of a solution. Responses like yours, which display
zero consideration of threat scenarios, time/info/resource costs, or any
potential improvements are somewhat tiresome these days.

> _No crypto in the world can help you if I simply bug the fricking physical
> keyboard!_

I'm sorry, can you point to that "fricking physical keyboard" on my iPhone?
I'll wait.

And even if you want to talk purely about PCs and attached keyboards, there is
no inherent reason those couldn't be locked down too were it a general
problem, and have a system refuse to trust any peripheral by default. HSMs can
also be part of an overall plan that can mitigate some damage even from a
keyboard bug. Furthermore, breaking into a private residence or business is a
significantly more time/information/resource intensive problem then subverting
a centralized repair place through which lots of hardware passes and is left
unattended, and which will not in fact generally include peripherals (if my
computer is broken, I bring just the computer in, not the
keyboard/mouse/monitor).

~~~
HeWhoLurksLate
_To get it out of the way, I disagree with the GP._

If you've looked through any number of the NSA or CIA leaks (Vault 7, for
example) you'll have seen a device that looks like a standard Ethernet
magjackn+ USB connector that has a little tiny processor embedded inside of it
(it leaches power from the USB power rails, IIRC) that can be used to
exfiltrate packets and the like.

It's not impossible to get bugged when you send your PC in for repair. It's
also probably unlikely considering that there's many other easier ways to grab
your data.

~~~
xoa
> _If you 've looked through any number of the NSA or CIA leaks (Vault 7, for
> example) you'll have seen a device that looks like a standard Ethernet
> magjackn+ USB connector that has a little tiny processor embedded inside of
> it (it leaches power from the USB power rails, IIRC) that can be used to
> exfiltrate packets and the like._

I don't see how that's related? PCs right now don't make use of the kind of
cryptographic lockdown iPhones do. In the case of desktops that's likely
because it's assumed physical security can be taken as more of a baseline,
though in the case of notebooks it's probably more just inertia. The whole
"right to repair" movement is precisely because this has been changing. I
mean, what you wrote directly argues the case for locking down of hardware,
encrypting everything along the busses between chips or having destructive
tripwires or both, and so on.

> _It 's not impossible to get bugged when you send your PC in for repair.
> It's also probably unlikely considering that there's many other easier ways
> to grab your data._

The nature of security though is that it's worth being forward looking to what
will come down the line in the future. _Particularly_ if we're talking about
legislating it and putting the force of law behind making one decision or
another, which tends to then be quite difficult to change. Isn't it worth
being cautious about?

------
olliej
God I hate this argument (even when I worked at Apple). There are many valid
(eg remotely plausible) reasons, but “haxors cybering your security” is not
one of them.

[autocorrect wanted to change haxors to hackers. I’m not sure if that’s good
or not)

~~~
olliej
People seem to hate this comment.

Here's what I mean by plausible: "If we filled it entirely with resin and glue
it is less likely to break and hence less likely to need repair, but doing
that makes repair impossible"

I do not mean _good_ reasons, I am specifically saying that there are
"reasons" that are more plausible than "security"

------
Avamander
It's time we also remove the "Windows"-button (edit: the branded concept, not
the physical button) from all the keyboards. We should have the right to
repair in the form of also removing corporate advertising from our devices.

~~~
alexkavon
Come again? The “Windows”-button is just a super/command key that exists on
many other keyboards and OSes outside of Windows.

~~~
ansgri
As I understand, it's only about removing the Win logo from the button, which
is long due on officially Linux-supporting laptops.

