[HN Gopher] Samsung's "repair mode" lets technicians look at you... ___________________________________________________________________ Samsung's "repair mode" lets technicians look at your phone, not your data Author : WaitWaitWha Score : 132 points Date : 2022-07-30 19:49 UTC (3 hours ago) (HTM) web link (arstechnica.com) (TXT) w3m dump (arstechnica.com) | jiggywiggy wrote: | The amount of times it refused to give my password for a repair | and they in returned refused warranty is more too often. Luckily | it was mostly their bluf. | 63 wrote: | This feels like a big win for privacy. I just hope that it's | communicated well enough that users know to enable it when they | send in their phone for repairs. | | I also wish there was a way to enable it if the touchscreen is | inaccessible, as it usually is by the time I would consider | seeking repairs. | randombits0 wrote: | It's also bs. The promise is only as good as the maker and the | technology. Has it been vetted? Are there independent | evaluations? Is Samsung willing accept any liabilities in the | event of failure? | | All hype, no substance. Delete your data (with no way of | verifying) and restore it on return. | [deleted] | [deleted] | ISL wrote: | Smart repair shops will enable it (and document it) as Step 0 | in a repair. What a great way to reduce risk and liability for | everyone. | [deleted] | gjs278 wrote: | turtleman1338 wrote: | There is a standard android feature for years that works the | same: Guest Account. Anyway I would wipe my device before sending | it to repairs. | baisq wrote: | That's okay, but I would never send my phone in for repair | without wiping it first no matter what. Surely I'm not alone :-) | re wrote: | Some English-language coverage: | | https://arstechnica.com/gadgets/2022/07/samsungs-repair-mode... | | https://www.sammobile.com/news/samsung-repair-mode-data-isnt... | | https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj... | dang wrote: | Changed from https://news.samsung.com/kr/%ec%82%bc%ec%84%b1-%ea | %b0%a4%eb%.... Thanks! | [deleted] | silversnitch wrote: | Curious, why does Samsung need to have Phone booted up for | battery repair? I recently had a battery replacement done for my | iPhone and I had similar concerns if I need to give them Phone | unlocked, but they asked me to turn off Phone. That is what I | expect from battery repair! | vinni2 wrote: | It's not just Samsung Apple does the same. I was shocked when I | wanted to replace my iphone display and the technician asked me | to turn off pass code. Like he didn't even give me another | choice. I did a quick backup on icloud and wiped my phone and | gave it. It was annoying to restore everything. | vladvasiliu wrote: | When I had my iPhone battery changed, they explicitly said it | should be unlocked and / or I should give them the code. So I | went through the trouble of backing everything up, wiping the | phone clean, and then reinstalling everything when I got it | back. | | If there was some kind of "status debug port" or whatever, the | technicians could've done the various checks the sibling talks | about without needing full control of my phone. | vinni2 wrote: | This. | bpodgursky wrote: | I assume the technician wants to make sure the phone still | works after they replace the battery... | recycledmatt wrote: | You want to turn it back on to validate everything is working | right and it's all plugged in correct. You also want to | validate you didn't break anything else while attempting the | repair | gambiting wrote: | And also(sadly necessary) you want to stop scammers who will | send you a broken phone and then pretend you broke it. So you | want to switch it on before and after the repair. | ajsnigrutin wrote: | Plus, a lot of phones give out diagnosic info (current going | in, battery voltage, current going out, etc.) | | Phones also have induction chargers on their back plates (Qi, | usually to charge heaphones and stuff), that have to be | enabled in software to charge. | takeda wrote: | Oh man, HTC 10 was the worst phone I owned in terms of | repair-ability (I even saw one phone repair place explicitly | saying they don't support that phone). Not only you risk | screen (primarily) and other components damage. You can also | break the phone in subtle ways when putting it back[1] and | reopening it back is again tough because you need to unglue | the screen first to get to screws. | | Having a builtin validating code as one commenter mentioned | would be a godsend, but nearly all companies do everything | they can to make customers not want their phones repaired. | | [1] things like some sensors not working, accidentally | clipping the tape with buttons, touch screen being funky | (although that likely was due to non genuine screen), or my | favorite - gps working but never able to get exact location) | code_duck wrote: | I destroyed an iPhone 6 Plus screen one time reassembling | it. Apparently I switched a 1.7 mm screw with a 1.3 mm, and | when I popped it back together then entire screen (which | wasn't working for touch anyway) shattered. | kevincox wrote: | Can't they have a signed "self-test" image that they can boot | up and it checks the phone? This wouldn't have access to any | user data but can boot up and check that all of the | components are working. This sounds much quicker and more | effective than prodding at the user's OS anyways. | recycledmatt wrote: | In high volume test and repair environments this exists, | but part of how they can do it is they erase and overwrite | the data on the phone. When you don't care about the users | data this becomes much easier. Data migration is a pain. | (Esp when it's not yours) | TheSoftwareGuy wrote: | That sounds like repair mode | lghh wrote: | I worked at a phone repair place for a few years about a | decade ago. This would have been great! However, it wasn't | something that existed. | GuB-42 wrote: | At least on my phone (Samsung), the "self-test" app is on | the /system partition, which is where the user OS is, and | you need to boot normally to use it. You can run it by | entering *#0*# in the dialer, no need to flash anything. | | Having a dedicated test image (like /recovery) is a | possibility, but it wouldn't be the same environment as the | user. The kernel may be different, maybe some runtime | calibration data would be missing, and most customers want | to see their phone working after a repair. | ixmerof wrote: | That's both odd and interesting, my only experience with official | repair services was that they always were starting ANY job by | wiping the entire device. That was always written in bold letters | that's what I have to agree for. Their answer on why it is | required was always that's the only way to test the phone is | fully functional as from factory with default config. Thus... I | started fixing them on my own. | WaitWaitWha wrote: | Following is the text of the post as translated to English by G. | | > Samsung Electronics has officially unveiled the 'repair mode' | service that can prevent the leakage of personal information of | Galaxy smartphone users. 'Repair Mode' is a function that allows | you to selectively disclose data when repairing a smartphone, and | fundamentally blocks concerns about access or leakage of personal | information that may occur during the repair process through some | private companies. If the user executes 'Repair Mode' in the | 'Battery and Device Care' menu in the 'Settings' of the | smartphone, the smartphone is rebooted. After that, you won't be | able to access your personal data, such as photos, messages, and | accounts, and only use the default installed apps. After | repairing the smartphone, the user can access personal data again | after exiting the 'repair mode' and rebooting through | pattern/fingerprint recognition. Samsung Electronics will first | introduce 'repair mode' through software updates from the Galaxy | S21 series, and plan to expand it to some other models in the | future. Recently, Samsung Electronics has been continuously | adding functions to protect and secure sensitive personal | information to mobile devices such as smartphones and tablets. | Last year, it unveiled 'Samsung Knox Vault,' an information | protection technology that blocks various attacks by storing | encrypted personal information in its own storage space. We | released a new security solution to block. In a recent article | published in the Samsung Newsroom, Shin Seung-won, managing | director of the Security Team of Samsung Electronics' MX | Division, said, "Technology is connecting the world closer than | ever, but the risks are also increasing." "Samsung's top priority | is customers "It's about making sure you stay safe while trying | out this new experience." | [deleted] | pvg wrote: | https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... | | For things like that, find an English language source or wait | till one materializes. | frozenport wrote: | Everybody that upvoted read the article in Korean? | blooalien wrote: | Google Translate *is* "a thing" these days... Amazing where | technology has gotten us. Much of what we enjoy as commonplace | today was literal science-fiction when I was just a child (not | so very long ago). | rvba wrote: | We played Starcraft: Brood War so we know how to translate | Korean | teej wrote: | We live in the richest time in human history for free, high | quality text translation. | MrDresden wrote: | What does PII stand for? Personal identifiable information? | | If so, there is much more stored on a device then identity | information. | karamanolev wrote: | It's not so much identity information (i.e. data about your | identity), as much as data that can personally identify you. | The obvious PII is your full name and social security number. | That's your identity. But your credit card number or your | address aren't your identity, per se, but still can personally | identify you, so also considered PII. | | Things that are not normally considered PII is for example your | OS or even specific device model (i.e. user is using iPhone 12 | Pro is not normally considered PII). As usual, it's not a | crystal clear definition, so varies by context, company, | industry regulations and so on. | foota wrote: | It generally means anything sensitive. | leereeves wrote: | > If the user executes 'Repair Mode' in the 'Battery and Device | Care' menu in the 'Settings' of the smartphone, the smartphone is | rebooted. | | But how do you enter repair mode if your phone is broken? | liminalsunset wrote: | I think on Samsung phones, plugging them into a standard USB-C | multiport hub with an HDMI monitor and a keyboard/mouse plugged | in allows use of the "DeX" mode, even while locked. | | I would assume someone could plug the phone in, use the mouse | to enter their password and operate the UI to activate such a | feature. | Nullabillity wrote: | I'm sure that'll be helpful for the one person in the world | who owns a USB-C multiport hub. | NavinF wrote: | They're pretty common. I don't own one personally, but lots | of people have laptops with no full-size HDMI port. For | them the dongle is necessary to make the laptop usable. | AshamedCaptain wrote: | Have you been to any physical office in the past 4 years ? | liminalsunset wrote: | I wasn't aware they were so unpopular. I don't mean a | Thunderbolt dock, it can be one of those ten buck dongles | from Amazon with a bunch of ports on it, that looks like a | glorified card reader. | | It will also work with any computer monitor that has a | USB-C input and USB ports on it, usually, which are | starting to become popular enough lately where I'm from. | blooalien wrote: | Depends entirely upon _how exactly_ it 's broken, and how the | mode is enabled. If it's done in the settings app, then as | someone else here pointed out, a broken screen would make that | a bit pointless. If the mode can be enabled other ways (button | combination, something via USB, etc) preferably in _multiple_ | possible ways, then it could be extremely useful. | zuminator wrote: | Seem to me that if your phone can't even boot up, then repair | mode is moot, the repair person won't be able to log into your | account to access your private info. Even after the phone is | operational they still won't be able to run anything without | you putting in your password. I think this is more for the | situation where the repair person asks you to log in so they | can verify that the phone is fully working. You'll want to | expose as little sensitive data as possible. | | I do think you have a point though. If you sent in a non- | functional phone, and now it's in the shop being fixed, but the | repair person needs to do a detailed check of the phone's | operation, how can that be done safely without you being | present? Maybe there could be a "repair mode password" that you | can give out remotely and only allows the phone to enter repair | mode. | leereeves wrote: | > Seem to me that if your phone can't even boot up, then | repair mode is moot | | I've never needed to repair a phone, but I assumed the repair | shop asked for your password. (And some other comments have | said as much here.) Do they not do that? | | If they do, I like the idea of a "repair mode password". ___________________________________________________________________ (page generated 2022-07-30 23:00 UTC)