> A practice contrary to the principle of the anti-waste law
> In France, serialization is theoretically prohibited, according to Alexandre Isaac. Since the entry into force of the anti-waste law in November 2021, the consumer code mentions that "any technique, including software, by which a marketer aims to make it impossible to repair or recondition a device or to limit the restoration of all the functionalities of such a device outside its approved circuits is prohibited”.
Next on eBay: "Buy French ink for HP printers, use VPN to download the French drivers!".
"PC CHARGER LA LETTRE?! WTF does that mean?"
It seems clear to me though that they violate this law, we just lack enforcement.
[0]https://www.bleepingcomputer.com/news/hardware/hp-will-pay-c...
You can also buy fake iphones today which are near indistinguishable from the real thing unless you have a deep knowledge into the product, you can have a look on youtube.
Preventing repairs did not help them on that aspect.
If you can touch it, you can pwn it. This is applicable to every piece of hardware ever existed, including the M2 Macs. Just because we don't have the (publicly available) tools (yet) doesn't mean that they can't be pwned.
More difficult? Yes. So difficult that currently thrown away Macs with Activation Lock on are solid e-waste? Yes. But don't expect it to stay so forever.
That's not actually what happened. See https://www.cnet.com/tech/tech-industry/the-case-of-the-myst...
Some users on ifixit said that switching the polarity worked for them: https://www.ifixit.com/Answers/View/83099/Smart+Cover+Magnet...
Serial lock is a good thing if the owner had the option to unlock their phone's parts on Apple's website to be usable for repairs etc.
Locking a device to serial is adding insult to injury when companies like Apple decide to campaign against Right to Repair. It must be said that Apple made strides towards making repairing phones easier, but as long as counterfeit or stolen parts remain economically viable, this kind of market will exist.
The point of serialization is precisely to make stolen parts unviable economically, so you’ve painted yourself into a bit of a corner there.
> It is viable because manufacturers make access to spare parts artificially difficult or expensive.
After paying a shop to repair an iPhone with a generic screen, I believe genuine parts cost more because they are better, not due to artificial scarcity. Not only were the colors off, the battery life was less with the new screen.
I’m all for protecting a users’ right to repair, but I’d also like to disincentivize thieves from stealing my phone for parts. Both are important to me. Rossmann seems to think that Apple is just greedy and that the solution is simple, but I don’t see a viable solution in his video.
Can someone with a better grasp on this subject enlighten me? Or did I just fall for clickbait?
This is effectively what Apple does already. The usual difficulties with asking users to make security choices don't really apply here: Physical changes to the hardware are requires, so security fatigue isn't as big a deal. Maybe you get some protection from wrench attacks by not having the authority to pair new internal hardware, but that seems like a very specialized use case...
I don't think most users are capable of auditing their generic hardware to be sure it is free of backdoors.
Nobody is sneaking into my house and replacing the faceid middle of the night. This is happening to nobody you know, and nobody they know either.
The rest of us just want our $800 paper weight to work again.
Why would the camera be of consequence, though? Isn't authentication data stored in the proprietary TPM thing Apple includes in their devices?
Insisting on approved camera avoids making it easier for bad actors to stealthily capture's a victim's biometrics and then use a third party "camera" to replay that information and unlock the victim's phone without them being present.
I'm pretty sure it's not. The number of people which would be targeted by this is too small to justify the additional costs. The vast majority of people which would be targeted by this are pretty much screwed anyhow since the adversary already has physical access. It's much more likely a brand protection scheme to ensure there are fewer items out there with sub-par hardware.
If apple thinks it's an issue make it clear before letting me activate it that they no longer guarantee any safety (which they don't anyway, that's the joke, you already signed that way in the user agreement).
My ISP will provide me with a router and full support. If I change the settings or flash firmware they will no longer support it. However, if I let them restore the factory firmware and config they will again support it.
It's not hard and apple's motive here is clearly maximize stock value, nothing else.
If I am not mistaken, they also disable Face ID when you replace the camera with a genuine Apple camera from a donor phone.
1 phone that’s not thrown away is 1000s of parts saved.
Depends if you count community support or not because nobody beats Lineageos at this game.
Look at the resell value of any other phone, it basically drops to zero the moment you open the box, while even older iphones get sold for very fair prices. And getting that many years out of a phone is absolutely stellar.
Personally, I just let strangers like what they want to like. WTF do I care if they like this phone instead of this other phone.
Interestingly Microsoft actually seems to be supporting right to repair but it could be some kind of PR stunt, still though that’s a good step forward
Samsung does shitty things, but they are open and honest about it.
Unless Apple is dealing with thefts at the factories before they make it in to a phone.
Art, food, electronics, materials, clothing, malware, root kits, ad nauseam.
I've been reading about counterfeit, black market, and gray market goods for decades. Do not want.
If I pay $1,000 for a Gucci handbag, I want an authentic $1,000 Gucci handbag. (I have zero issue with knockoffs clearly labeled as knockoffs.)
Anti-consumer, anti-labor, anti-customer, anti-fairuse and pro-monopoly bullshit regiments like DRM, DMCA, inability to repair, and price gouging are orthogonal issues. We can have provenance without these shackles if we choose to reign in corporate power.
As for Apple in particular, they're not the worst, and have been getting better. Their phones and laptops are the most reliable and are becoming easier to repair (design and logistics). The terms of their Apple Care have gotten more generous (forgiving).
Spitballing, I'd say Apple is ~1/3rd of the way towards a healthy cradle-to-grave product lifecycle. They can and should do much better with 3rd party repairs. Like making authentic parts available at cost. Certifying repairs shops. Certifying technicians. Etc.
Source: I was a tech at an Apple Dealer as a kid. Our leads were trained and certified. Our parts were all authentic. My notions are based on experience, not some utopian fantasy.
One way to do this is spend MORE money to make sure every single part of the device is waste and MUST go to a landfill.
Another way would be to do the opposite, and make the spare-parts readily available for everyone to make the sum of parts less valuable. The mainboard is already unusable because it's flagged as stolen, the rest of the parts should not be worth more than 60-70USD. But because some of the parts cannot be purchased at all, they are currently worth alot more
Sorry am going by the title, didn't read French.
If every single spare-part can also be ordered new and the sum of usable components from a stolen iPhone totals to ~60USD (excluding the mainboard because it is marked as stolen and fused), it's no longer economically viable to steal an iPhone, send it to another country, disassemble it for parts, test the parts and resell them.
As of today, some parts cannot be purchased by third parties at all, so grey-market sourcing is a viable economy.
> After paying a shop to repair an iPhone with a generic screen, I believe genuine parts cost more because they are better, not due to artificial scarcity. Not only were the colors off, the battery life was less with the new screen.
In the pre-Apple world this was already solved: Manufacturers printed their logo on the spare-part, so buyers knew when they get a genuine part or not. 3rd parties are still allowed to produce parts, but faking the logo qualifies as counterfeit --> If you want an original part, ask for an original part and pay the premium
Assuming this kind of lock is unbreakable and all the parts in the phone are locked, you mean, which is a big assumption in the long run. A side effect is that you can't reuse parts from a bricked phone in another, which increases waste without actually addressing the problem which is access to spare parts.
> I believe genuine parts cost more because they are better, not due to artificial scarcity
Price is not the only restriction, but also the number of parts you can order, having to send back the damaged one (which prevents stocking on spare parts for the future) and the exclusion of third party repair shops. In any case I acknowledged that what apple did is indeed a good step, but the repair system can be improved.
If the device is enrolled in a corporate MDM, the confirmation of HW-changes could be delegated from the user to the admin, with the device working in "degraded" mode (i.e. no FaceID) until the admin approves the Repair.
Even more, large companies could contract with specific repair-companies to authorize them for their company devices and their repairs are synced into the corporate processes.
This would create a paradigm-shift in that market as repair-volume suddenly becomes more predictable ("I'll repair phones when they come in" --> "my company is the exclusive repair-center for a footprint of 10k corporate devices"), repair-companies will commit to certain performance, then drive smaller-volume contracts and individual repairs to offset the cost of such guaranteed turnaround-times, and so on...
They should trade them in to Apple, who have one of the best recycling programs amongst hardware vendors. ;P
Also couldn't you avoid this problem entirely be just making the dot projector use an unique pattern for each unlock attempt?
It literally does - their devices easily reach 8-10 years of active usage, and we are talking about something that is used more than your shoes per day, actively charged-discharged each day, thrown around/fallen down, etc. Like that’s a great lifetime however we look at it, and it might need one or two battery replacements max for that.
iPhone 5s release date: 2013
Last official update from galaxy s4: Android 5.0.1 in 2015 [1]
Last official update to iPhone 5s: iOS 12.5.7 in 2023 [2]
I’m well aware that you’re speaking of custom roms, but insinuating that this is solving ewaste issues is disingenuous at best. No ewaste is fixed by us nerds flashing custom roms through adb incantations in out of support hardware.
Admittedly you might have to put the iphone on its side so you can get the charging cable in there, which means you might have to figure out how to rotate the pictures too.
Since the phone has to already be unlocked for this privilege to be granted, it can't be used to bypass authentication.
The hardware is already installed by this point, so if it's 'spying' it can do that. The user's choice has no impact on the hardware's ability to record and/or deliver information.
At best, the replacement hardware would be able to unlock the phone for the attacker at some later time. However, the cost of getting this customized unlocking device into the phone seems high given that the attacker needs physical access to the device to embed the hardware in the first place, and then again at a later time to get into the device.
It seems like the phone would alert for any swapped part, no matter genuine or not. Maybe this is why. Makes sense to me now.
By the way long ago I got a screen repaired at an unofficial place, on an old iphone, and camera started working incorrectly (focusing issues etc). I kinda suspect they swapped the camera for a different one, if the phone warned me immediately that would have been cool. I heard many similar stories by the way.
For example, my dad used to use Androids. Without fail, he would get malware on them, he simply could not resist bypassing the security prompt to click on something he wanted to click on. Or maybe he does not understand English, or the concept of malware enough to properly heed the security warning pop up.
With iPhone, it’s not possible, so there is no worry, and no malware. Same with the hardware changes. People like my dad, or my wife, or even me who have very little interest in technology simply want to trust their device. And this device is literally the key to their life, their financials, their personal data.
All I know is my life has been made much easier by slinging Apple devices at people in my family that they simply do not have a way to mess up.
But their main motivation is likely control and profit more than safety
Wrong. It is a genuine piece of hardware but modified. With respect, did you read the linked article?
And by the way, it's also possible to do the same exact thing in an iPhone right now, somebody could totally hook up a microcontroller with a microphone straight to the battery.
If you want to go all the way, you can also replace the whole device straight with a fake iphone and record everything.
They took the genuine piece and swapped some stuff out and modified firmware, not just made a straight up fake. That's why it was hard to detect, it was a completely genuine device on the face of it.
> And by the way, it's also possible to do the same exact thing in an iPhone right now, somebody could totally hook up a microcontroller with a microphone straight to the battery.
Yes. But that is tricky (not much free space in the body to add something new) and can probably be detected visually. However if somebody swapped an existing part like a camera for a fake camera that acts like a camera but also spies on you then it would be tricky to visually see, but the phone would warn you.
Binary thinking is full of such pitfalls.
Maybe that's a lesson to learn that we should require open bootloaders and more open systems to reduce ewaste. If Android devices were more opened, this amazing effort to save devices could be even better. As we go forward, more and more older devices will simply be good enough if you could just install software updates onto it.
And as of "nerds", I may point out that the general public doesn't reinstall their windows either and just go to a repair shop.
As anecdotal experience, the same age (or even older) iphones are also being used by many.
They could have also made a complete fake as well instead of a partial fake just by keeping the plastic enclosure, this device isn't exactly complicated.
> Yes. But that is tricky (not much free space in the body to add something new) and can probably be detected visually. However if somebody swapped an existing part like a camera for a fake camera that acts like a camera but also spies on you then it would be tricky to visually see, but the phone would warn you.
That's kind of a ridiculous threat model anyway, those targeted attacks are just going to hack the iPhone and stream the camera in software whenever they want with some custom payload.
In case of this device, sure. But it would be much more costly and error-prone, build your own PCBs etc. But in case of iPhone we don't worry about them building fakes from scratch, because those would be easy to tell on the spot. We worry about a genuine phone with fake parts.
> That's kind of a ridiculous threat model anyway, those targeted attacks are just going to hack the iPhone and stream the camera in software whenever they want with some custom payload.
As it is now these phones are not so easy to hack without user proactively installing malware and many of them would survive only until the next OS update or security response payload. A hardware attack is more compelling.
I suggest having a look to Youtube. Some fake iPhones are so good that unless you have a deep knowledge of the product, you can be fooled. I certainly would be fooled.
> As it is now these phones are not so easy to hack without user proactively installing malware and many of them would survive only until the next OS update or security response payload. A hardware attack is more compelling.
I'm confident those state actors have the payloads ready whenever they want to use it on high value targets, this is kind of naive. Pegasus NSO could be a public example of that.
You are not valuable enough to require such an exploit but that's a thing right now.
It's not an "effort", it's misdirection.
And regarding "payloads", yes but again it's an arms race and it goes away at the next security response. Hardware gives foothold
The reason Apple prompts for genuine parts is to devalue the stolen phone market. If repair shops could put in any old camera, there would be a lot more incentive to sell stolen phones to repair shops, therefore more incentive to steal phones, therefore more stolen phones.
Apple's a giant company. I have no emotional connection to them. But most of what we're talking about here makes sense from a business and even customer-friendly perspective, or at least as a reasonable tradeoff between ease/expense of repair and likelihood of having your phone stolen or pwned.
For stolen parts, they could lock the parts if the device is locked, that's a solution against theft to resell parts but again, that's not what's being done either. It's becoming pretty hard to justify their bad practices.
Would I like it that my phone detects tampering and hardware integrity violation and spams me with alerts? Absolutely.
Would I support some way of being able to repair my phone with legal genuine parts though? Totally.
Are those exclusive options? I don't know. Which one I think is more important? I don't know.
> Are those exclusive options? I don't know. Which one I think is more important? I don't know.
First they are indeed not exclusive options, locking parts when the phone is locked is a possible option.
And then we have to think what's the most common for most people, a dropped iPhone on the floor which needs a component change or somebody swapping touchid while you are sleeping. I have my own idea on that.
What if a genuine part is modified. I am not sure it is a solvable problem?
> First they are indeed not exclusive options, locking parts when the phone is locked is a possible option.
If that is technically possible I am all for it (but if I had to choose between no integrity protection and integrity protection that makes it harder to repair, I don't know what I would choose). However if you are a phone, how would you distinguish between a legitimate repair and malicious swapping out of parts? Sounds like incompleteness theorem would say you can't
Same problem as it is now, nothing changes.
> However if you are a phone, how would you distinguish between a legitimate repair and malicious swapping out of parts? Sounds like incompleteness theorem would say you can't
If your threat model is malicious swapping parts, an iPhone isn't for you anyway, you need a device more secure than that.
And I doubt that applies to more than an handful of individuals, even targeted attacks themselves usually don't go this far and prefer to just exfiltrate the data by software.
Now the phone warns you about a replaced part. Even if it is a genuine one.
> If your threat model is malicious swapping parts, an iPhone isn't for you anyway, you need a device more secure than that.
This is a thread model of many people in many countries today. Sorry for stupid question but is there a usable phone that is more secure, seriously?
Yes, and that's a broken behavior.
> This is a thread model of many people in many countries today. Sorry for stupid question but is there a usable phone that is more secure, seriously?
No it's not a threat model of many people. I'm not even aware of such an attack existing publicly, please link relevant media articles of past attempts, including on Android. Targeted attacks go for the software because it's easier and doesn't leave a trace.
> Sorry for stupid question but is there a usable phone that is more secure, seriously?
Publicly you have GrapheneOS, privately you have security firms providing secure systems for high profiles which are targets.
Absence of evidence != evidence of absence. It is technically doable and not that difficult, give a minute or two in private with someone's phone.
> Publicly you have GrapheneOS, privately you have security firms providing secure systems for high profiles which are targets.
Does GrapheneOS protect from part replacement?
Also I mean entire populations, such as prosecuted ethnic minorities or people with political views (cf Uighurs or HK freedom supporters). They also need to live a normal life by the way, where they can use the normal apps and not conspicuously juggle two phones all the time.
