this post was submitted on 23 Sep 2023
144 points (90.4% liked)
Apple
17607 readers
36 users here now
Welcome
to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!
Rules:
- No NSFW Content
- No Hate Speech or Personal Attacks
- No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread
Communities of Interest:
Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple
Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode
Community banner courtesy of u/Antsomnia.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Obfuscating what you have to do ≠ not providing you with a roadmap on what you have to do.
This is a non sequitur.
It doesn’t automatically follow that a lack of tools means there is obfuscation. The simple fact that there can be many reasons why tools aren’t widely available alone breaks that logic.
But I’d say the fact that we already know exactly why difficulties arise when replacing parts, definitely proves that there’s no obfuscation.
Which again circles back to the difference between anti-repair and not pro-repair.
Just because Apple doesn’t go out of their way to provide a roadmap and hold your hand and as a result you are having difficulties when you’re trying to do it yourself, doesn’t mean they are actively thwarting you.
Apple doesn’t even think about you and me, their concern is to facilitate their own repair processes.
They don’t.
Aside from biometrics none of the parts are serial locked.
What you’re thinking about is parts based factory calibrated data loaded into the parts from a central database.
Just because the system ignores the calibration data once the part doesn’t match the one the calibration was intended for, doesn’t mean it’s “locked”, it just means that you’re trying to use calibration data for the wrong part.
So, I do agree on anti repair vs not-pro-repair, and assuming you’re right about the calibration stuff (which seems possibly true by my understanding)…
Why do they serialize the biometric scanners? The only way that’d make sense was if the bio scanner was scanning, comparing to a registered scan, and then just giving the rest of the phone a thumbs up to unlock.
But as I understand, the biometrics are stored on the Secure Enclave within the cpu and the scanner is just a sensing device.
For your device to be compromised would require an attacker to reverse engineer the sensors output, have a model of your face to spoof, and for the device to be accepting biometric unlocking, which iPhones only do after having been unlocked via passcode.
There are a couple of concerns with biometrics.
The big one is, as you already mentioned, spoofing biometrics.
The FaceID or TouchID sensor essentially saying “I got that face/fingerprint that you have in your Secure Enclave”. Granted it is a sophisticated attack, but nevertheless one you’d want to prevent if only because it’s good practice to maintain a secure chain in which the individual links can trust each other.
For similar reasons the lockdown mode exists, which is mainly useful in limited scenarios (e.g. journalists, dissidents, etc).
On the other hand, if ever there was a potential attacker, it would be a government because they unlimited funds in theory and it isn’t hard to imagine the FBI trying to utilize this in the San Bernardino case if it was available.
A different risk, which would make the above quite a bit easier to accomplish, would be an altered biometrics scanner that, in addition to working the way it’s supposed to work, stores and sends off your biometrics or simply facilitates a replay attack.