It sure does seem like Apple is treading on very thin ice relative to the Magnusson Moss warranty act regarding their effective ban on aftermarket and recycled parts. Someone at the FTC should look at this…
Wow, I’m impressed! I’m on my fourth iPhone since 2013 (employer-provided, there’s no way I would drop that much of my own cash on so many phones) and thought smartphones were complete trash until 2016, which is the first time I had an iPhone where I didn’t prefer starting up my laptop to google something. My wife had two iPods fail in four years and nevertheless only gave up on them because they quit producing the models she liked. And I’m not predisposed to disliking Apple – all of my computers from the late '80s to the early '00s were Macs – but these experiences have made me want to stay far, far away from anything Apple these days.
I still have a Sony laptop from 2002 that runs surprisingly well on a lightweight version of Linux, though I can’t get a battery for it anymore. I only recently dumped another Sony laptop that I purchased in 2006 that was running modern software in a user-friendly, but heavyweight version of Linux much better than my current work-issue laptop runs Windows 7 (no battery replacement was available and the power jack eventually failed). Not that I’m advocating for Sony here – I haven’t purchased any hardware from them since that 2006 laptop, and I’ve had similar experiences with more recent laptops from Toshiba and HP – more that I don’t think your experience has much to do with Apple, but rather with how you use the machines.
Fully agreed. I think our differing opinions of Apple are evidence of that.
I’m mostly inclined to agree with you there, though I think the average user also has seen diminishing returns from increased computing power in recent years, and therefore has held onto hardware longer. This has paradoxically created both an impression of improved quality that is somewhat illusory because in the past performance improvements led to replacement before quality was ever really tested, and an impression of reduced quality because people actually hold on to their machines long enough for them to start physically breaking – fans quit, batteries stop holding charge, keyboards wear out, etc. But certainly on the whole, when people replace their devices less often, perception of quality increases.
It’s virtually certain that there’s some chatter between the phone and the battery’s controller (on the PC side it’s typically yet another SMbus thing; mobile and/or Apple might dictate something a bit less well known here; but it will be conceptually more or less the same even if it’s a slightly different low speed serial interface.
That said, the fact that there’s a data interface there would seem to be a good argument for input validation; rather than attempting to ensure that the battery is always trustworthy. It is very unlikely that a battery management IC that can be swapped with a hand soldering iron and strong nerves would resist divulging its private key all that hard against a more sophisticated attacker; nor is it clear that battery bus traffic is even encrypted after the initial authenticity handshake, in which case injecting malicious traffic after the legitimate battery has opened the door for you is quite viable.
If you can’t safely handle the relatively constrained set of interactions you would need to have with a battery you are doomed on the harder cases(like most of the operating system and applications); and that suggests bad things about the state of the little housekeeping busses you can’t control as tightly. Like, not at all hypothetically, the SIM slot; which also has a little serial interface for chatting with fairly core elements of the phone; and must accept SIMs from basically anyone.
It’s not Apple’s problem if the algorithms that cover the deterioration characteristics of their batteries don’t model some random 3rd party hardware very well and the result is poor predictions or other slightly peculiar output in the battery status interface; but it is Apple’s problem if they care enough about a bus to try to lock the door but can’t just input sanitize the problem away.
According to the datasheet it’s both.
The battery’s microcontroller implements some of the important parts of status monitoring onboard; so the phone presumably can’t provide health status at all; or can’t provide meaningful health status(depending on whether the 3rd party part fails to implement the expected commands at all, implements them differently or incorrectly) if the replacement pack can’t expose the same features; but it’s also an intentional authentication thing(as helpfully demonstrated by the fact that swapping genuine Apple batteries between two phones also triggers the behavior; despite the fact that the two batteries share capabilities and reporting behavior).
Starting on page 12 the manual describes the authentication capabilities: one of two possible shared-secret arrangements that would require either extracting the key from the old battery or access to re-key the phone(presumably what Apple’s maintenance software can do) to reestablish the bond between a phone and a new battery; even one otherwise identical in capability and implementation.
8.3.5.1 Authentication
The bq27546-G1 device can act as a SHA-1/HMAC authentication slave by using its internal engine. Sending a
160-bit SHA-1 challenge message to the bq27546-G1 fuel gauge causes the gauge to return a 160-bit digest,
based upon the challenge message and a hidden, 128-bit plain-text authentication key. If this digest matches an
identical one generated by a host or dedicated authentication master, and when operating on the same challenge
message and using the same plain text keys, the authentication process is successful.
8.3.5.2 Key Programming (Data Flash Key)
By default, the bq27546-G1 contains a default plain-text authentication key of
0x0123456789ABCDEFFEDCBA9876543210. This default key is intended for development purposes. It should
be changed to a secret key and the part should be immediately sealed before putting a pack into operation. Once
written, a new plain-text key cannot be read again from the fuel gauge while in SEALED mode.
Once the bq27546-G1 is UNSEALED, the authentication key can be changed from its default value by writing to
the Authenticate() Extended Data Command locations. A 0x00 is written to BlockDataControl() to enable the
authentication data commands. The DataFlashClass() is issued 112 (0x70) to set the Security class. Up to 32
bytes of data can be read directly from the BlockData() (0x40…0x5F) and the authentication key is located at
0x48 (0x40 + 0x08 offset) to 0x57 (0x40 + 0x17 offset). The new authentication key can be written to the
corresponding locations (0x48 to 0x57) using the BlockData() command. The data is transferred to the data flash
when the correct checksum for the whole block (0x40 to 0x5F) is written to BlockDataChecksum() (0x60). The
checksum is (255 – x) where x is the 8-bit summation of the BlockData() (0x40 to 0x5F) on a byte-by-byte basis.
Once the authentication key is written, the gauge can then be sealed again.
8.3.5.3 Key Programming (Secure Memory Key)
The bq27546-G1 secure-memory authentication key is stored in the secure memory of the bq27546-G1 device. If
a secure-memory key has been established, only this key can be used for authentication challenges (the
programmable data flash key is not available). The selected key can only be established/programmed by special
arrangements with TI, using TI’s Secure B-to-B Protocol. The secure-memory key can never be changed or read
from the bq27546-G1 fuel gauge.
8.3.5.4 Executing an Authentication Query
To execute an authentication query in UNSEALED mode, a host must first write 0x01 to the BlockDataControl()
command to enable the authentication data commands. If in SEALED mode, 0x00 must be written to
DataFlashBlock() instead.
Next, the host writes a 20-byte authentication challenge to the Authenticate() address locations (0x40 through
0x53). After a valid checksum for the challenge is written to AuthenticateChecksum(), the bq27546-G1 uses the
challenge to perform the SHA-1/HMAC computation in conjunction with the programmed key. The bq27546-G1
completes the SHA-1/HMAC computation and writes the resulting digest to Authenticate(), overwriting the preexisting challenge. The host should wait at least 45 ms to read the resulting digest. The host may then read this
response and compare it against the result created by its own parallel computation.
They might be “paranoid” about security and people messing with their devices but funnily enough there is at least one company based in Israel that for a (relatively hefty) fee, will decrypt any apple device in no time.
Now, I am not the one to support conspiracy theories and I don’t want to speculate how this company got the knowledge to do that they offer. I would never imply they are a side operation with access to the internal information from apple. Probably they are just very good at what they do
And if they are, I am sure there are more like them we have not heard about.
So, if the US intelligence agencies want to get into your Iphone, I am sure they can
Apple is all about using outstanding and elegant design to create a captive audience, then squeeze the hell out of them.
Which is kind of my point: the self repair market isn’t the enemy, it’s stupid idiots in law enforcement and others who want to crack your phone. Like the Israeli company, who would pop out the battery to sneak past the limit on login attempts before the phone goes into under-siege mode and bricks itself.
The self repair is collateral damage that Apple feels they can afford to piss off, as the alternative is letting hackers have an easier time of cracking your phone.
Louis Rossman has an interesting and plausible explanation for this situation: he suggests that apple does this to undermine iphone owners confidence in independent repair shops. If a customer comes in to have his battery replaced, and then sees the service battery message,he might think that the repair person didn’t use a genuine apple battery.
Won’t that be the day.
Surge pricing for computer repair.
Both my sons have iPhone XR. One hates it and has not liked his iPhone since his 6S and has decided to go to Pixel 3 next. I, for one, have been with Samsung for my past two phones. I am not in love with Samsung–I miss my Blackberry. Yeah, yeah, I know… But the one irrefutable fact about my Blackberry Z10 was that it did exactly what it said it would do and did it well. The Samsung is capable of doing a million things, few of them well, but I digress…
But when asked why I won’t go to the iPhone? My simple answer is, I do not want to get on the Apple rape train until I absolutely have to. Right now, I don’t, so I won’t. Apple has been this way since the 80’s, so don’t act all surprised…
AND they charge $150 legacy device repair fee. Not fun for those of us who keep our beloved iPod Classics because they are offline devices.
And my iPhone 6 (cannot recall when I got it - but it was new and the latest at the time) still - bizarrely - shows 100% max capacity. Admittedly, I use it sparingly, no social media, just phone, texts, a little browsing sometimes, a hotspot sometimes and a small number of apps (e.g. weather, calculator) and it is turned off every night, but 100%? I’d like to believe it but it seems non-plausible. Nevertheless, I am happy and, like you, have no intention of replacing it until/unless it dies.
This topic was automatically closed after 5 days. New replies are no longer allowed.