What security scenario would you even use as a basis here? Ridiculous...
Totally not resales negatively affecting Apples turnover.
That aftermarket car bumper? Sorry, can't use it, might come from a stolen vehicle.
Specialized smaller shops also have the ability.
Currently there is NO WAY for me to change a screen on apple device without an annoying message or faceId issues on the 13. I cannot purchase a programming software.
Or some guy that figured it out with or without insider knowledge (which also usually means anyone can make a key for your car).
Trivial solution for someone like apple.
I went to an iPhone repair shop because my phone was boot-cycling and the repair guy basically said “yep, that’s a faulty front facing camera, stops it booting”. Then he unplugged it and the phone was able to turn on. At this stage he could even plug the camera back in and it worked… so I’m assuming it was actually an issue with the faceID signing process at boot that bricked my iPhone. The repair guy said it was really common.
He could replace everything except Face ID on the device which was a big shame as it killed the resale value (he could replace the earpiece/camera module with one that didn’t have faceID which is presumably to avoid issues with signing).
I don't even have my face registered and just use a passcode for everything.
Maybe someone will make a flex cable that has it all integrated.
So the phone boot cycles if the cable is in, but if you take it out and then insert it back during boot the front camera and front speaker work but not FaceID.
So everyone will just click "Approve" in order to get their phone back. In which case what is the point of even having trusted signatures at all ?
Pretty sure this is understandable.
Yes, in theory it might be a problem. In practice any supply chain that resulted in a significant issue like this would be easily prosecuted so let wetware systems handle the things they’re better suited to.
But the entire assumption that parts are restricted for security reasons is flawed. "Security" is done in the main SoC, the peripherals such as Face ID/Touch ID sensors should just be dumb input devices providing the face/fingerprint data to the SoC which authenticates them. There is absolutely no reason why those should be part of the chain of trust.
Any phone that lets you just circumvent security by removing a part wasn't secure in the first place.
From the Apple Platform Security document:
> After the TrueDepth camera confirms the presence of an attentive face, it projects and reads thousands of infrared dots to form a depth map of the face along with a 2D infrared image. This data is used to create a sequence of 2D images and depth maps which are digitally signed and sent to the Secure Enclave. To counter both digital and physical spoofs, the TrueDepth camera randomises the sequence of 2D images and depth map captures and projects a device-specific random pattern. A portion of the Secure Neural Engine — protected within the Secure Enclave — transforms this data into a mathematical representation and compares that representation with the enrolled facial data. This enrolled facial data is itself a mathematical representation of the user’s face captured across a variety of poses.
My point is, I personally can't be sure there is no mechanism, legal or illegal, via which the NSA can just compel them to hand over the keys. Who knows, maybe there exists a FOOBAR law that compells them to build backdoors into their products. Maybe they're doing it voluntarily outside of the law. I would assume everything can be trivially hacked nowadays, and a large portion of intelligence analysts spend their time on parallel construction (i.e. creating alternative stories about how they gatheried their evidence, without giving away their abilities).
I'm not saying that Apple does this. I simply don't know.
Are you sure? Last I heard the NSA is in the intelligence gathering business... I absolutely would not put it past them that they acquired those keys somehow.
Even if they do not have the keys, bribing an employee and/or installing your own NSA person as an employee in an Apple-authorized repair shop seems like a rather easy thing to do. Or just backdoor the computer that is used to communicate with apple to perform the re-signing stuff. There are thousands of authorized repair shops around the world and you only need to compromise one (or compromise a few so that any "abnormal patterns of repairs" cannot be easily detected by Apple, if it even audits repair logs for suspicious activity at all).
I am sure the NSA has something figured out by now. And not just them.
Are you sure there isn't a teapot in orbit around Mars?
The NSA can't magically break into people's HSMs and steal the keys. We have a pretty good idea of what the NSA's capabilities are. If Apple's system is correctly designed, it will only allow components with certificates installed at manufacturing time to be paired together, and the pairing server will use a HSM to hold the private key to do so.
Can the NSA still backdoor your phone? Sure, that's possible by physical definition. They could extract a specific camera unit's private key via FIB analysis, then manufacture a backdoored replacement, insert that key into it, then bribe or otherwise backdoor themselves into some Apple authorized repair shop and run through a re-pairing with it when they swap it into your phone. But that's a lot harder and less likely to happen (i.e. only in extremely high-value cases, if at all) than the silly "oh it's the NSA, they definitely have the keys" nonsense that people throw around here without any supporting evidence.
On the other hand, the NSA certainly has a motive to obtain Apple's keys. And while I doubt we really have a good idea of what the NSA's capabilities are, the capabilities we do know about are sufficient.
The Snowden leaks gave us a very good idea about what the NSA does. Tap fibre. Backdoor products in transit. Develop and use remote exploits (nothing particularly amazing about them, it's on the same level of RE/exploitation/polishing work as what I've done for game console homebrew in the past). That one time they actually did something novel with modern crypto and figured out how to efficiently break 1024-bit DH for fixed parameter sets. These are all practical, reasonable things that are a far cry from the magical abilities people like to ascribe to them.
The NSA could waltz into the plant manufacturing the HSM. Or they could waltz into Apple and make sure Apple uses the right HSM with keys already known to the NSA, e.g. by replacing the shipment of the HSMs Apple ordered. (This would require the NSA knowing in advance when Apple buys HSMs for what purpose and from what vendor, but again, intelligence gathering business).
>These systems are designed to be robust even against physical access attacks.
They are designed by humans trying to make those things "robust" against attacks. "Robust" is a "best effort" word.
Assuming that the thing that got shipped to you actually is the thing you think and not just some nice NSA chip with the name of a popular HSM vendor printed on top. You cannot really open up the chip and look inside as, if this is a properly designed HSM, this it is supposed to be destro if you tamper with the enclosure or any other vital parts of it.
I'd be surprised if the NSA does not spend resources on research into breaking HSMs, and if it do esnot spend resources on designing "fakes". The level of their success is unknown until the next Snowden shows up. But if they did break some HSMs, they wouldn't be alone .
So, there is a chance the NSA can waltz into Apple and break into their HSM and steal their keys.
This assumes Apple uses HSMs for this kind of stuff and uses them correctly.
Since authorized third-party repair shops can replace components and repair the hardware with some help from Apple, as I said before, it's not even necessary to compromise Apple or their HSMs, it's sufficient to compromise those repair shops, whether third party of have a few NSA Geniuses around.
But either swapping out HSMs pre-installation or breaking ones with design flaws is certainly in the realm of possibility too.
>The Snowden leaks gave us a very good idea about what the NSA does.
No, Snowden showed what they did in 2013 and before, because that's when he went public.
Snowden does not know what they did 2014, let alone what they are doing now in 2021. That's about 8 years of most recent NSA R&D that we do not know about.
>Backdoor products in transit.
HSM is a "product", last I heard ;)
>These are all practical, reasonable things that are a far cry from the magical abilities people like to ascribe to them.
Magical? Nothing magical in what I said I believe the NSA could reasonably achieve.
We're talking about abusing design flaws in HSMs and/or supply chain attacks not creating "a GUI interface using VisualBasic to track the killers IP address".
I don't think the parent was advocating for anything related to the NSA, just reminding us of the current state.
The rule of law is significantly weaker and they have already shown that they will go after even mild dissidents e.g. journalists not just mass-terrorists or other more serious threats.
So sure US may have the keys. But unlikely every country does.
This is more petty Apple bullshit.
I know a lot of the other phone manufacturers do stuff like this and think it's ok, but Apple knows what it's doing.
> If you were able to swap out security components, you might be able to spoof messages
But Apple repair shops can do exactly that (unless they always replace the device whenever the screen is broken, but I doubt that). What's the purpose in this whole cryptographic integrity if a third party - certified or not - can violate it without leaving a trace?
If I was a person who has to worry this much about their security I'd much prefer swapping the screen myself without involvement of people that can't even be honest about "water damage" most of the time.
Why do you doubt that? I'm sure that's exactly what they do.
Edit: Well, by "device" here I read "screen + sensor". If you meant the entire phone then I agree with you heh.
Apple’s site is showing ~$250 for a screen replacement (a little more or less depending on the model).
Can you link to this please? I cannot find it.
This device spies on your files for "CSAM" or whatever, but you think it's going out on a limb to save you when the screen breaks?
Security theater. But in all honestly it's just a ploy to sell you more garbage that you don't own and can't repair yourself.
This is not about defending Apple, I don't support the CSAM scanning feature neither as I find it useless and insulting.
What's the security model what is effectively Hawking radiation? How can we frame a device that talks directly to big brother as secure without mental gymnastics?
Replace "CSAM" with "unapproved thoughts" and look to how Apple caved to Putin just days ago. The CSAM system will be used to benefit the FSB and other intelligence organizations.
Optional today is mandatory tomorrow. This will come back to haunt us.
The device and the company are wholly compromised and morally bankrupt.
b) It's only for iCloud Photo Library.
c) You shouldn't use SaaS platforms if you are worried about CSAM detection.
They are required by law to take reasonable efforts to prevent the storage and dissemination of CSAM.
E: Oh yeah, it’s the same guy. He has an interesting track record https://news.ycombinator.com/item?id=20507037
All those points got debunked in the comments. As for that thing with the batteries -- you can't blame people for buying illegally imported and/or counterfeit  parts when there is no legal way to obtain them outside of AARP.
Oh yeah also, stuff like this is the reason why Apple is a two trillion dollar company.
He is. Just watch the webcam video.
>you can't blame people for buying illegally imported
It’s only illegal to import counterfeit parts.
>there is no legal way to obtain them outside of AARP
It is perfectly legal to buy generic replacement parts without apple logos, but the chinese factories don’t find it worth their time to produce such as “authentic” parts earn them more money.
And yeah, he ended up admitting it and bragging about buying counterfeit parts.
> Oh yeah also, stuff like this is the reason why Apple is a two trillion dollar company.
These things have nothing to do with each other, but I rather doubt that you even read Apples financial statements.
Where previously they could have third parties remove cracked glass from broken screens and re-laminate them to make legitimate refurb parts. However, these were deemed unauthorized refurbs (but not illegal/unlawful to make) so instead they used the logos on cables as justification to have customs seize them as "counterfeits" on behalf of trademark enforcement.