Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
saurik 6 days ago

If you have access to my laptop long and deep enough to replace the hinge sensor with a fake one that prevents the lid from closing as a way to turn it into a recording device -- which of course would also require installing software on it -- instead of just putting a tiny microphone into it (or my bag), you are simultaneously a genius and dumb. And if you really are going to that level of effort, hoping that I don't notice my laptop failing to go to sleep when I close it so you might be able to steal it is crazy when you can 100% just modify the hardware in the keyboard to log my password.

Hell: what you really should do is swap my entire laptop with a fake one that merely shows me my login screen (which you can trivially clone off of mine as it happily shows it to you when you open it ;P) and asks for my password, at which point you use a cellular modem to ship it back to you. That would be infinitely easier to pull off and is effectively game over for me because, when the laptop unlocks and I don't have any of my data (bonus points if I am left staring at a gif of Nedry laughing, though if you showed an Apple logo of death you'd buy yourself multiple days of me assuming it simply broke), it will be too late: you'll have my password and can unlock my laptop legitimately.

> There are good security reasons for a lot of what Apple does.

So, no: these are clearly just excuses, sometimes used to ply users externally (such as yourself) and sometimes used to ply their own engineers internally (such as wherever you heard this), but these mitigations are simply so ridiculously besides the point of what they are supposedly actually securing that you simply can't take them seriously if you put more than a few minutes of thought into how they work... either the people peddling them are incompetent or malicious, and, even if you choose to believe the former over the latter, it doesn't make the shitty end result for the owner feel any better.

moshib 6 days ago | parent | next [-]

I can imagine a different attack vector: A malicious actor doing laptop repairs can absolutely replace the hinge sensor and install software on it. They could draw in people by offering cheaper prices, then steal their info or use it to setup more complex scams.

The counterpoint to this is that car body shops can also plant recording devices in your car. This is true, but the signal-to-noise ratio in terms of stealing valuable data is much lower. I don't have data to back this up, but I assume way more people use their laptops for online purchases and accessing their bank account than doing the same with phone calls in the car.

ajsnigrutin 6 days ago | parent [-]

A repair worker can install software on it without replacing the sensor. Also add a tiny mic without installing the software. Or both.

I mean.. someone could replace your cars breakpads with pieces of wood or plastic, which would seemingly brake on the repair shop parking lot but fail horribly (burn and worse) when you needed them after. Somehow we still let people replace brake pads without having to program in the serial numbers.. for now.

Shorel 6 days ago | parent | prev [-]

Your laptop can be compromised during a trip to a foreign state, by state actors.

Travelling back you would notice a microphone, and would notice nothing on the laptop.