[HN Gopher] Samsung's "repair mode" lets technicians look at you...
___________________________________________________________________
Samsung's "repair mode" lets technicians look at your phone, not
your data
Author : WaitWaitWha
Score : 132 points
Date : 2022-07-30 19:49 UTC (3 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| jiggywiggy wrote:
| The amount of times it refused to give my password for a repair
| and they in returned refused warranty is more too often. Luckily
| it was mostly their bluf.
| 63 wrote:
| This feels like a big win for privacy. I just hope that it's
| communicated well enough that users know to enable it when they
| send in their phone for repairs.
|
| I also wish there was a way to enable it if the touchscreen is
| inaccessible, as it usually is by the time I would consider
| seeking repairs.
| randombits0 wrote:
| It's also bs. The promise is only as good as the maker and the
| technology. Has it been vetted? Are there independent
| evaluations? Is Samsung willing accept any liabilities in the
| event of failure?
|
| All hype, no substance. Delete your data (with no way of
| verifying) and restore it on return.
| [deleted]
| [deleted]
| ISL wrote:
| Smart repair shops will enable it (and document it) as Step 0
| in a repair. What a great way to reduce risk and liability for
| everyone.
| [deleted]
| gjs278 wrote:
| turtleman1338 wrote:
| There is a standard android feature for years that works the
| same: Guest Account. Anyway I would wipe my device before sending
| it to repairs.
| baisq wrote:
| That's okay, but I would never send my phone in for repair
| without wiping it first no matter what. Surely I'm not alone :-)
| re wrote:
| Some English-language coverage:
|
| https://arstechnica.com/gadgets/2022/07/samsungs-repair-mode...
|
| https://www.sammobile.com/news/samsung-repair-mode-data-isnt...
|
| https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj...
| dang wrote:
| Changed from https://news.samsung.com/kr/%ec%82%bc%ec%84%b1-%ea
| %b0%a4%eb%.... Thanks!
| [deleted]
| silversnitch wrote:
| Curious, why does Samsung need to have Phone booted up for
| battery repair? I recently had a battery replacement done for my
| iPhone and I had similar concerns if I need to give them Phone
| unlocked, but they asked me to turn off Phone. That is what I
| expect from battery repair!
| vinni2 wrote:
| It's not just Samsung Apple does the same. I was shocked when I
| wanted to replace my iphone display and the technician asked me
| to turn off pass code. Like he didn't even give me another
| choice. I did a quick backup on icloud and wiped my phone and
| gave it. It was annoying to restore everything.
| vladvasiliu wrote:
| When I had my iPhone battery changed, they explicitly said it
| should be unlocked and / or I should give them the code. So I
| went through the trouble of backing everything up, wiping the
| phone clean, and then reinstalling everything when I got it
| back.
|
| If there was some kind of "status debug port" or whatever, the
| technicians could've done the various checks the sibling talks
| about without needing full control of my phone.
| vinni2 wrote:
| This.
| bpodgursky wrote:
| I assume the technician wants to make sure the phone still
| works after they replace the battery...
| recycledmatt wrote:
| You want to turn it back on to validate everything is working
| right and it's all plugged in correct. You also want to
| validate you didn't break anything else while attempting the
| repair
| gambiting wrote:
| And also(sadly necessary) you want to stop scammers who will
| send you a broken phone and then pretend you broke it. So you
| want to switch it on before and after the repair.
| ajsnigrutin wrote:
| Plus, a lot of phones give out diagnosic info (current going
| in, battery voltage, current going out, etc.)
|
| Phones also have induction chargers on their back plates (Qi,
| usually to charge heaphones and stuff), that have to be
| enabled in software to charge.
| takeda wrote:
| Oh man, HTC 10 was the worst phone I owned in terms of
| repair-ability (I even saw one phone repair place explicitly
| saying they don't support that phone). Not only you risk
| screen (primarily) and other components damage. You can also
| break the phone in subtle ways when putting it back[1] and
| reopening it back is again tough because you need to unglue
| the screen first to get to screws.
|
| Having a builtin validating code as one commenter mentioned
| would be a godsend, but nearly all companies do everything
| they can to make customers not want their phones repaired.
|
| [1] things like some sensors not working, accidentally
| clipping the tape with buttons, touch screen being funky
| (although that likely was due to non genuine screen), or my
| favorite - gps working but never able to get exact location)
| code_duck wrote:
| I destroyed an iPhone 6 Plus screen one time reassembling
| it. Apparently I switched a 1.7 mm screw with a 1.3 mm, and
| when I popped it back together then entire screen (which
| wasn't working for touch anyway) shattered.
| kevincox wrote:
| Can't they have a signed "self-test" image that they can boot
| up and it checks the phone? This wouldn't have access to any
| user data but can boot up and check that all of the
| components are working. This sounds much quicker and more
| effective than prodding at the user's OS anyways.
| recycledmatt wrote:
| In high volume test and repair environments this exists,
| but part of how they can do it is they erase and overwrite
| the data on the phone. When you don't care about the users
| data this becomes much easier. Data migration is a pain.
| (Esp when it's not yours)
| TheSoftwareGuy wrote:
| That sounds like repair mode
| lghh wrote:
| I worked at a phone repair place for a few years about a
| decade ago. This would have been great! However, it wasn't
| something that existed.
| GuB-42 wrote:
| At least on my phone (Samsung), the "self-test" app is on
| the /system partition, which is where the user OS is, and
| you need to boot normally to use it. You can run it by
| entering *#0*# in the dialer, no need to flash anything.
|
| Having a dedicated test image (like /recovery) is a
| possibility, but it wouldn't be the same environment as the
| user. The kernel may be different, maybe some runtime
| calibration data would be missing, and most customers want
| to see their phone working after a repair.
| ixmerof wrote:
| That's both odd and interesting, my only experience with official
| repair services was that they always were starting ANY job by
| wiping the entire device. That was always written in bold letters
| that's what I have to agree for. Their answer on why it is
| required was always that's the only way to test the phone is
| fully functional as from factory with default config. Thus... I
| started fixing them on my own.
| WaitWaitWha wrote:
| Following is the text of the post as translated to English by G.
|
| > Samsung Electronics has officially unveiled the 'repair mode'
| service that can prevent the leakage of personal information of
| Galaxy smartphone users. 'Repair Mode' is a function that allows
| you to selectively disclose data when repairing a smartphone, and
| fundamentally blocks concerns about access or leakage of personal
| information that may occur during the repair process through some
| private companies. If the user executes 'Repair Mode' in the
| 'Battery and Device Care' menu in the 'Settings' of the
| smartphone, the smartphone is rebooted. After that, you won't be
| able to access your personal data, such as photos, messages, and
| accounts, and only use the default installed apps. After
| repairing the smartphone, the user can access personal data again
| after exiting the 'repair mode' and rebooting through
| pattern/fingerprint recognition. Samsung Electronics will first
| introduce 'repair mode' through software updates from the Galaxy
| S21 series, and plan to expand it to some other models in the
| future. Recently, Samsung Electronics has been continuously
| adding functions to protect and secure sensitive personal
| information to mobile devices such as smartphones and tablets.
| Last year, it unveiled 'Samsung Knox Vault,' an information
| protection technology that blocks various attacks by storing
| encrypted personal information in its own storage space. We
| released a new security solution to block. In a recent article
| published in the Samsung Newsroom, Shin Seung-won, managing
| director of the Security Team of Samsung Electronics' MX
| Division, said, "Technology is connecting the world closer than
| ever, but the risks are also increasing." "Samsung's top priority
| is customers "It's about making sure you stay safe while trying
| out this new experience."
| [deleted]
| pvg wrote:
| https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
|
| For things like that, find an English language source or wait
| till one materializes.
| frozenport wrote:
| Everybody that upvoted read the article in Korean?
| blooalien wrote:
| Google Translate *is* "a thing" these days... Amazing where
| technology has gotten us. Much of what we enjoy as commonplace
| today was literal science-fiction when I was just a child (not
| so very long ago).
| rvba wrote:
| We played Starcraft: Brood War so we know how to translate
| Korean
| teej wrote:
| We live in the richest time in human history for free, high
| quality text translation.
| MrDresden wrote:
| What does PII stand for? Personal identifiable information?
|
| If so, there is much more stored on a device then identity
| information.
| karamanolev wrote:
| It's not so much identity information (i.e. data about your
| identity), as much as data that can personally identify you.
| The obvious PII is your full name and social security number.
| That's your identity. But your credit card number or your
| address aren't your identity, per se, but still can personally
| identify you, so also considered PII.
|
| Things that are not normally considered PII is for example your
| OS or even specific device model (i.e. user is using iPhone 12
| Pro is not normally considered PII). As usual, it's not a
| crystal clear definition, so varies by context, company,
| industry regulations and so on.
| foota wrote:
| It generally means anything sensitive.
| leereeves wrote:
| > If the user executes 'Repair Mode' in the 'Battery and Device
| Care' menu in the 'Settings' of the smartphone, the smartphone is
| rebooted.
|
| But how do you enter repair mode if your phone is broken?
| liminalsunset wrote:
| I think on Samsung phones, plugging them into a standard USB-C
| multiport hub with an HDMI monitor and a keyboard/mouse plugged
| in allows use of the "DeX" mode, even while locked.
|
| I would assume someone could plug the phone in, use the mouse
| to enter their password and operate the UI to activate such a
| feature.
| Nullabillity wrote:
| I'm sure that'll be helpful for the one person in the world
| who owns a USB-C multiport hub.
| NavinF wrote:
| They're pretty common. I don't own one personally, but lots
| of people have laptops with no full-size HDMI port. For
| them the dongle is necessary to make the laptop usable.
| AshamedCaptain wrote:
| Have you been to any physical office in the past 4 years ?
| liminalsunset wrote:
| I wasn't aware they were so unpopular. I don't mean a
| Thunderbolt dock, it can be one of those ten buck dongles
| from Amazon with a bunch of ports on it, that looks like a
| glorified card reader.
|
| It will also work with any computer monitor that has a
| USB-C input and USB ports on it, usually, which are
| starting to become popular enough lately where I'm from.
| blooalien wrote:
| Depends entirely upon _how exactly_ it 's broken, and how the
| mode is enabled. If it's done in the settings app, then as
| someone else here pointed out, a broken screen would make that
| a bit pointless. If the mode can be enabled other ways (button
| combination, something via USB, etc) preferably in _multiple_
| possible ways, then it could be extremely useful.
| zuminator wrote:
| Seem to me that if your phone can't even boot up, then repair
| mode is moot, the repair person won't be able to log into your
| account to access your private info. Even after the phone is
| operational they still won't be able to run anything without
| you putting in your password. I think this is more for the
| situation where the repair person asks you to log in so they
| can verify that the phone is fully working. You'll want to
| expose as little sensitive data as possible.
|
| I do think you have a point though. If you sent in a non-
| functional phone, and now it's in the shop being fixed, but the
| repair person needs to do a detailed check of the phone's
| operation, how can that be done safely without you being
| present? Maybe there could be a "repair mode password" that you
| can give out remotely and only allows the phone to enter repair
| mode.
| leereeves wrote:
| > Seem to me that if your phone can't even boot up, then
| repair mode is moot
|
| I've never needed to repair a phone, but I assumed the repair
| shop asked for your password. (And some other comments have
| said as much here.) Do they not do that?
|
| If they do, I like the idea of a "repair mode password".
___________________________________________________________________
(page generated 2022-07-30 23:00 UTC)