iPhones 'disabled' if Apple detects third-party repairs(theguardian.com)
theguardian.com
iPhones 'disabled' if Apple detects third-party repairs
http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair
362 comments
What you didn't mention is that this verification only happens on a software upgrade. In the meantime either one of these two things could happen (I don't know which): 1. The sensor could do all the malicious things you mention 2. The sensor is blocked from accessing the security enclave.
The former doesn't seem like a secure solution that one should be really glad of. The latter would also be possible after a software upgrade so there is no need to disable the device completely. In short, they didn't choose a good solution.
Simply disabling a phone at some point well after a repair is just bad.
Edit: The parent post was edited a bit, so my point is now mostly covered. I still don't see a security-related reason to disable the complete device on a software upgrade. Maybe it could enable an attacker to modify the OS somehow in the process. However, I don't agree that this issue is "overblown". This presents a real problem for users that now have an unusable phone. It's important to note that Apple doesn't offer repairs everywhere in the world so many users now can't repair their phone at all.
The former doesn't seem like a secure solution that one should be really glad of. The latter would also be possible after a software upgrade so there is no need to disable the device completely. In short, they didn't choose a good solution.
Simply disabling a phone at some point well after a repair is just bad.
Edit: The parent post was edited a bit, so my point is now mostly covered. I still don't see a security-related reason to disable the complete device on a software upgrade. Maybe it could enable an attacker to modify the OS somehow in the process. However, I don't agree that this issue is "overblown". This presents a real problem for users that now have an unusable phone. It's important to note that Apple doesn't offer repairs everywhere in the world so many users now can't repair their phone at all.
My mistake, added that part into the parent post. The coverage of this story is all over the place and it's hard to keep track.
You are right though, allowing users to update/restore but disabling the sensor is a better solution. I'm not too sure why Apple chose this route. They haven't commented on the technical reasons behind it so it's hard to say for sure.
You are right though, allowing users to update/restore but disabling the sensor is a better solution. I'm not too sure why Apple chose this route. They haven't commented on the technical reasons behind it so it's hard to say for sure.
> The Touch ID sensor has access to the iPhone Security Enclave, where fingerprint data is kept. A malicious sensor could, hypothetically, steal fingerprints from an iPhone user unknowingly.
No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF linked here by somebody. What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
> If the validation fails, the device will function mostly fine, although with Touch ID disabled.
On iOS 8. Once the device is updated to v9, it turns into brick. Quoting from OP:
"They repaired the screen and home button, and it worked perfectly." He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead. When Olmos (...) took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
> If a customer encounters Error 53, we encourage them to contact Apple Support.
This may be a media-friendly euphemism for "it's dead", unless this London staff was clueless.
No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF linked here by somebody. What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
> If the validation fails, the device will function mostly fine, although with Touch ID disabled.
On iOS 8. Once the device is updated to v9, it turns into brick. Quoting from OP:
"They repaired the screen and home button, and it worked perfectly." He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead. When Olmos (...) took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
> If a customer encounters Error 53, we encourage them to contact Apple Support.
This may be a media-friendly euphemism for "it's dead", unless this London staff was clueless.
What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
Of course, taking advantage of the exploit in question requires the phone to be stolen by an extremely sophisticated (if not state-level) bad guy, altered by installation of a malicious sensor that has never been documented to exist in the wild, then recovered by the owner, and then stolen again at a later date. All to acquire personal biometric data that could just as easily be obtained with a piece of Scotch tape.
A simple application of Occam's Razor suggests that Error 53 isn't a "security feature" at all, it's just Apple being a rent-seeking asshole.
Of course, taking advantage of the exploit in question requires the phone to be stolen by an extremely sophisticated (if not state-level) bad guy, altered by installation of a malicious sensor that has never been documented to exist in the wild, then recovered by the owner, and then stolen again at a later date. All to acquire personal biometric data that could just as easily be obtained with a piece of Scotch tape.
A simple application of Occam's Razor suggests that Error 53 isn't a "security feature" at all, it's just Apple being a rent-seeking asshole.
> * A simple application of Occam's Razor suggests that Error 53 isn't a "security feature" at all, it's just Apple being a rent-seeking asshole.*
I don't think you understand Occam's Razor.
I don't think you understand Occam's Razor.
There's always more to learn. What am I missing?
Occam's Razor says that you should select the hyposthesis with the fewest assumptions. Saying Apple is a "rent seeking asshole" assumes that Apple did this maliciously, which is a huge ball of assumptions when they've literally put out a security paper[1] on how Touch ID and Security Enclave works.
[1]:https://www.apple.com/business/docs/iOS_Security_Guide.pdf
[1]:https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Does that document explain Apple's motivation for bricking phones that never had the fingerprint reader enabled, and that didn't even use traditional lock passwords?
No?
Well, then it makes sense to look elsewhere for that motivation. Additional data appears to be needed. Lacking such data, assumptions are all we have.
No?
Well, then it makes sense to look elsewhere for that motivation. Additional data appears to be needed. Lacking such data, assumptions are all we have.
Possibly you're stretching for Hanlon's Razor, except you've got the wrong end of it. Hanlon's is the one that says "never assign to malice what can be assigned to stupidity". This feels like a screwup. The reason why it happens is consistent with security. But the effects are maddening.
Looks like you got this one right, and I'm glad to admit it.
Could be. At least your assumption, unlike mine, is testable. If it's an unintentional bug, the policy behind "Error 53" will become more consumer-friendly in an upcoming iOS update. If it doesn't... well, Occam wins the day.
Today's state-level agency is tomorrow's small town police department, and next week's street criminal. Attacks only get better.
Also, Apple is not only designing phones for you and me, but for businesses who nowadays are the target of state-level security agencies.
Clearly Apple fudged the implementation of this feature, and it's a PR nightmare, but all evidence points to their intentions being genuine.
Also, Apple is not only designing phones for you and me, but for businesses who nowadays are the target of state-level security agencies.
Clearly Apple fudged the implementation of this feature, and it's a PR nightmare, but all evidence points to their intentions being genuine.
Exactly this.
Do you really think Apple hasn't been shocked/annoyed at how China/US/et al have actively tried to hack their customers including attempt to compromise their own servers ?
Do you really think Apple hasn't been shocked/annoyed at how China/US/et al have actively tried to hack their customers including attempt to compromise their own servers ?
What if the "owner" of the device, i.e. the person who paid her hard-earned wages to "own" it, is not interested in using the "TouchID" feature?
Is there an untapped niche for a similarly-sized single board computer (not several computers, baseband processor, SIM card that runs code, etc. jammed into a hermetically sealed casing that is worthy of being in the Museum for Modern Art) that just does simple simpler, "boring", useless things like send and receive packets, read, write and store files, etc.
A pocket-sized computer that a user can not just rent but _pwn_, that does not make gratuitous network connections to some "mothership" and allow for easy monitoring and remote control by a third party, and that does not brick itself if it's casing is opened. A computer that can be, to the fullest extent possible via open source software, controlled entirely by the user.
Who knows maybe a person could turn such a small computer into "a device for sending and receiving text, images, sound and video over a network, such as the internet."
Nah, there would be no use for such a thing. Only a device _that can handle payments_ is worth using to send and receive text, images, audio and video.
What is the point of a device used to communicate, e.g., a "phone", if it cannot also be used to spend money?
Is there an untapped niche for a similarly-sized single board computer (not several computers, baseband processor, SIM card that runs code, etc. jammed into a hermetically sealed casing that is worthy of being in the Museum for Modern Art) that just does simple simpler, "boring", useless things like send and receive packets, read, write and store files, etc.
A pocket-sized computer that a user can not just rent but _pwn_, that does not make gratuitous network connections to some "mothership" and allow for easy monitoring and remote control by a third party, and that does not brick itself if it's casing is opened. A computer that can be, to the fullest extent possible via open source software, controlled entirely by the user.
Who knows maybe a person could turn such a small computer into "a device for sending and receiving text, images, sound and video over a network, such as the internet."
Nah, there would be no use for such a thing. Only a device _that can handle payments_ is worth using to send and receive text, images, audio and video.
What is the point of a device used to communicate, e.g., a "phone", if it cannot also be used to spend money?
> A pocket-sized computer that a user can not just rent but _pwn_
Then don't buy an iPhone. Simple. You and the other dozen people on the planet will surely be missed.
The rest of us absolutely want Apple to be as aggressive about security/privacy as they possibly can be. Especially with even moderate countries e.g. UK, Australia being equally aggressive about invading privacy.
Then don't buy an iPhone. Simple. You and the other dozen people on the planet will surely be missed.
The rest of us absolutely want Apple to be as aggressive about security/privacy as they possibly can be. Especially with even moderate countries e.g. UK, Australia being equally aggressive about invading privacy.
Looks like we got a fanboy.
When people visit countries and come back finding screws on their laptops removed, they don't need to be "fanboya" to want more security.
> A malicious sensor could, hypothetically, steal fingerprints from an iPhone user unknowingly. This could be used to unlock the phone and make purchases through Apple Pay without the owner's permission.
Why in the hell would anyone bother with this, if it's trivial to get persons fingerprints and reproduce them to unlock the device ? [1] Even if you lack the touch ID, the device is still encrypted by the PIN and is functioning (and is secure) normally without it.
Either it's really over-engineered or is what it is - scare tactic to bring people to Apple repair centers.
I wish they'd use rather this media attention to inform the public that fingerprint authentication isn't there for security, but conveniency first. Apple Pay would function just fine without it. But would it have it's appeal of easy payment ? Probably not.
[1] https://www.youtube.com/watch?v=2u4ZLGsw1zo
Why in the hell would anyone bother with this, if it's trivial to get persons fingerprints and reproduce them to unlock the device ? [1] Even if you lack the touch ID, the device is still encrypted by the PIN and is functioning (and is secure) normally without it.
Either it's really over-engineered or is what it is - scare tactic to bring people to Apple repair centers.
I wish they'd use rather this media attention to inform the public that fingerprint authentication isn't there for security, but conveniency first. Apple Pay would function just fine without it. But would it have it's appeal of easy payment ? Probably not.
[1] https://www.youtube.com/watch?v=2u4ZLGsw1zo
I'm not sure it was over-engineered. Recall when Touch ID was introduced there was huge media backlash: Apple is stealing our fingerprints, how do we know there isn't an NSA backdoor to the fingerprint storage, and so on.
The Secure Enclave system was set up exactly to counter those concerns.
Interestingly, when other phone vendors later implemented fingerprint unlocking there was far less outrage. Even when the fingerprint images themselves were found as unencrypted raster images on device storage.
The Secure Enclave system was set up exactly to counter those concerns.
Interestingly, when other phone vendors later implemented fingerprint unlocking there was far less outrage. Even when the fingerprint images themselves were found as unencrypted raster images on device storage.
I think it is definitely over-engineered. If it is a scare tactic to bring people to Apple repair centers why isn't this happening with other Apple products?
Oh you mean apart from all the glue and solder, non-replaceable batteries and the like?
Not sure if I understood you correctly but replacing batteries yourself in your Macbook does definitely void warranty but does not brick the device.
Wouldnt it be more logical to simply disable the Touch Functionality and treat it like a Pre-TouchID button when not replaced by Apple with an OEM part?
From the Daily Dot article, it looks like what you described is what happens (TouchID is disabled) and the phone will function mostly fine, but the author also encountered other bugs possibly related to the issue. However, the bigger problem was whenever he tried to restore or update the device, Error 53 occurred and it failed. Restore from backup still worked though. So essentially, his iPhone was locked to that iOS version and could not be modified.
http://www.dailydot.com/technology/what-is-error-53-iphone/
http://www.dailydot.com/technology/what-is-error-53-iphone/
I don't think that would solve the underlying problem of the TouchID sensor being compromised. The device would potentially be venerable to software based attacks that re-anbled the compromised TouchID sensor.
Why? Then the user is left guessing why their phone is acting like it has no TouchID when it does.
Would you rather guess why Touch ID isn't working or have a completely unusable phone?
If you get your phone repaired and TouchID no longer works when you get it back then it's not going to take a genius to put two and two together and figure out that it might be related to the repair.
It's a well known issue and every independent repairmen will warn you before replacing this part or else they would quickly get sued out of existence.
We don't know the technical details behind. For all it's worth, the button might be like one of those thunderbolt ports that has direct memory access and can alter the firmware during a software upgrade.
Don't worry. If there's any bullshit in the article, I'm sure Apple will help us discern which parts are true and which parts are false, the expensive way. Every time.
Is enclave a standard security term? Does apple publish technical details on what sort of security the touch id uses?
Damned if they do, and damned if they don't.
"Anyone can access your private photos and emails! Just replace the home button with one programmed with your own fingerprints!"
Can you imagine the comments if that were a story?
The problem here is that Apple didn't find a way to tell repair shops and users that this could be an issue.
"Anyone can access your private photos and emails! Just replace the home button with one programmed with your own fingerprints!"
Can you imagine the comments if that were a story?
The problem here is that Apple didn't find a way to tell repair shops and users that this could be an issue.
It doesn't have to be either or. Apple could provide a better fail over behavior for the home key, including a way for a consumer to validate the changed hardware.
For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.
Bottom line, when one authentication method fails, you need a fail over to something more difficult.
For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.
Bottom line, when one authentication method fails, you need a fail over to something more difficult.
> Please contact apple secure support to confirm that your device is still secure
There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.
There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.
If they can issue an auth code for apple hardware then presumably it's possible to issue one for non apple hardware. They just have to make some effort to confirm the owner of the phone has it rather than a thief.
I'm sure no nation-state level actor would ever infiltrate this process..
At which point you have much bigger problems than a compromised iPhone.
Therefore... Apple shouldn't try to protect you?
Only to the extent I protect my own data. If I don't use the fingerprint scanner (or even a simple password), don't brick my phone because the fingerprint scanner failed validation.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
The bad guy can then walk the user through that security verification process, and the user is screwed. Think it through.
Let's extrapolate this to UEFI/Secure Boot.
If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.
Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.
If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.
Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.
Wouldn't touchID get disabled until the verification process was finished? They would need the user's password.
If you're targeted by a "bad guy" at this level of play, you have much bigger problems than an untrustworthy fingerprint sensor.
[deleted]
They could invent another architecture which doesn't tie a mechanically failible element with an identity system.
Then the user would still need to input their passcode after the button was replaced before anything could be stolen.
That works, if and only if you already know the user's pin to unlock the phone.
This attack you suppose Apple is defending against is not possible.
The only attack Apple is really defending against is the attack of non-Apple phone repair companies.
This attack you suppose Apple is defending against is not possible.
The only attack Apple is really defending against is the attack of non-Apple phone repair companies.
I highly recommend reading up on Apple's Security white paper that details how it all works... https://www.apple.com/business/docs/iOS_Security_Guide.pdf
It's totally dumb that a functioning phone is bricked by an update because of repairs done in the past. Imagine the same thing happening to your car. "Sorry sir, the software update done to your car has now disabled the vehicle because in the past someone not related to x (insert name of car company here) has repaired it, your car is now junk (you can't even resell it) and you'll have to buy a new one".
It's just petty revenge because you had to temerity to go to another party other than apple to get your phone repaired and maybe even saved some money in the process. So now, in retaliation we'll destroy your phone in software. I'm sure this will go down well with the various EU courts.
It's just petty revenge because you had to temerity to go to another party other than apple to get your phone repaired and maybe even saved some money in the process. So now, in retaliation we'll destroy your phone in software. I'm sure this will go down well with the various EU courts.
Seems more like short sightedness than "petty revenge."
The new home button hardware can't be securely validated, and a future OS update fails on the unexpected condition of invalid Touch ID hardware. I can imagine that this wasn't a prioritised testing scenario, likely not even considered by Apple when developing iOS.
It's a lousy way to fail — the phone should just disable Touch ID and Apple Pay, and anything that relies on the secure co-processor.
But it feels far more like there's an `else` branch sitting in the iOS codebase somewhere where a programmer has written:
//NOTE: This should never, ever happen
//.. code that triggers error 53
The new home button hardware can't be securely validated, and a future OS update fails on the unexpected condition of invalid Touch ID hardware. I can imagine that this wasn't a prioritised testing scenario, likely not even considered by Apple when developing iOS.
It's a lousy way to fail — the phone should just disable Touch ID and Apple Pay, and anything that relies on the secure co-processor.
But it feels far more like there's an `else` branch sitting in the iOS codebase somewhere where a programmer has written:
//NOTE: This should never, ever happen
//.. code that triggers error 53
There's a lot of stuff that depends on the secure element - in fact the phone would be quite useless without it.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element. Incoming text messages only show the phone number.
You're right, however - a Touch ID sensor that cannot be verified should not brick the phone. Apple should just disable Touch ID and sever any link between the sensor and the secure element.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element. Incoming text messages only show the phone number.
You're right, however - a Touch ID sensor that cannot be verified should not brick the phone. Apple should just disable Touch ID and sever any link between the sensor and the secure element.
> There's a lot of stuff that depends on the secure element - in fact the phone would be quite useless without it.
Disclaimer: I don't own an iPhone with Touch ID.
However, it seems to me that the phone should still work if you logged on with your PIN instead of with TouchID. It should therefore be as useful as most phones that didn't have TouchID in the first place (which happens to be all my Android and iOS smartphones).
Disclaimer: I don't own an iPhone with Touch ID.
However, it seems to me that the phone should still work if you logged on with your PIN instead of with TouchID. It should therefore be as useful as most phones that didn't have TouchID in the first place (which happens to be all my Android and iOS smartphones).
Correct. In fact, a passcode is always required the first time after you reboot your phone. The passcode secures the Secure Element, which contains the fingerprint data used by Touch ID.
The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
IMO bricking on touch ID issues is extreme, but maximises the security of the device.
IMO bricking on touch ID issues is extreme, but maximises the security of the device.
>IMO bricking on touch ID issues is extreme, but maximises the security of the device.
We are all smart people here and there are several ways to have security without bricking expensive hardware.
First, the update can wipe the device instead of bricking it.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
There would be several better solutions that the most profitable company in the world could figure out if they wanted to. It's funny how their particular solution happens to make them even more money through shutting down third party repairs and making people buy new phones.
This is like your home alarm software(made by the home builder) remotely burning down your house and telling you to build a new one because someone may have tampered with home access and could possibly enter your home.
We are all smart people here and there are several ways to have security without bricking expensive hardware.
First, the update can wipe the device instead of bricking it.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
There would be several better solutions that the most profitable company in the world could figure out if they wanted to. It's funny how their particular solution happens to make them even more money through shutting down third party repairs and making people buy new phones.
This is like your home alarm software(made by the home builder) remotely burning down your house and telling you to build a new one because someone may have tampered with home access and could possibly enter your home.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
At the end of the article, it said that affected customers should contact Apple Support. Are you sure they are not offering a hardware fix at that point? It doesn't sound to me like they're just letting people hang.From a different article:
>When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
>When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
There is a failure in the apple stores vs phone support. I went to two Apple stores to try to get my watch band replaced or fixed under warranty and was told by both of them "no way no how" - but phone support had no problem replacing the band.
I find the stores are somewhat inconsistent in their application of policy. (Particular if the policy isn't well defined ahead of time, as in this case)
(As an aside, the practice of requiring an appointment to talk to a support person or even just drop off a broken computer is maddening.)
I find the stores are somewhat inconsistent in their application of policy. (Particular if the policy isn't well defined ahead of time, as in this case)
(As an aside, the practice of requiring an appointment to talk to a support person or even just drop off a broken computer is maddening.)
Alternative interpretation -- "A custom voided his warranty by installing some rando third-party aftermarket parts, and is furious that it didn't work out."
Yes. Just as destroying the phone with a hammer maximizes the security of the device. Effective but entirely useless.
The phone would still work perfectly fine and safe if Touch ID would be disabled and input from the sensor wouldn't be trusted.
The phone would still work perfectly fine and safe if Touch ID would be disabled and input from the sensor wouldn't be trusted.
> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
What are you even talking about?
If the fingerprint scanner is suspicious, just disable it and leave the rest running. And this is in fact what happens, until a software update is installed and then the phone suddenly decides to brick itself completely.
What are you even talking about?
If the fingerprint scanner is suspicious, just disable it and leave the rest running. And this is in fact what happens, until a software update is installed and then the phone suddenly decides to brick itself completely.
Does the 911 feature still works on these phones? 911 should work even without a SIM card and without any other authentication, to purposefully disable a phone in this way may have bigger repercussions than just 'security'.
How? TouchID is the less secure authentication than password/PIN anyway (which is shown by the fact that you need to enter PIN/Pass right after boot). How would just disabling TouchID auth be a worse option?
>TouchID is the less secure authentication than password/PIN anyway (which is shown by the fact that you need to enter PIN/Pass right after boot).
The fact that you need to enter PIN right after boot, just shows that they use "two factor authentication" to make it even more secure.
It doesn't IN ANY WAY show that TouchID is "the less secure authentication" method of the two.
The fact that you need to enter PIN right after boot, just shows that they use "two factor authentication" to make it even more secure.
It doesn't IN ANY WAY show that TouchID is "the less secure authentication" method of the two.
You can do anything you want on the phone without using Touch ID at all. The fingerprint sensor is not a necessary factor in their implementation, while the passcode is.
> You can do anything you want on the phone without using Touch ID at all
I believe ApplePay requires TouchID.
I believe ApplePay requires TouchID.
I can't try because Apple Pay isn't available here yet. According to this support document it works without Touch ID (emphasis mine):
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
https://support.apple.com/en-us/HT203027
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
https://support.apple.com/en-us/HT203027
Fingerprints are impossible to change and can be brute-forced. Therefore, fingerprint security is less secure than a password that can be changed.
Brute forced with what? Trying different fingers?
A fingerprint, like any piece of data, is handled at the lowest levels as a number. A number with some constraints, but a number.
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
>By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box.
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
Well, yes.
I'd argue that fingerprints for security are just silly to begin with.
I'd argue that fingerprints for security are just silly to begin with.
> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.
The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.
That wouldn't really be a good idea. Someone could steal your phone and replace the TouchID hardware. Then this popup comes up and they say, oh yeah this hardware is totally legit! Then they get your data, impersonate you, charge stuff etc.
The prompt would have to be after you authenticated your phone in some other way, like via the passcode.
I think it's totally OK not to accept authentication from an unvalidated device, but a legitimate user should be able to do the validation.
I think it's totally OK not to accept authentication from an unvalidated device, but a legitimate user should be able to do the validation.
I think the post is referring to a hotel maid scenario.
Fingerprint scanners are useless for security. My fingerprints are everywhete, especially all over my phone. Touch id merely buys time, which can increase security but if they get my fingerprints, make a dummy finger then they need very little time to open my phone. If they are determined they'll do it. If they are not, probably they won't care about the data in my phone.
They have at most 48 hours (or perhaps 24?) and 5 tries to find your fingerprint and unlock the device. TouchID will discard the keys and require a passphrase if it is not used for a while or after the fifth invalid fingerprint attempt. The window of opportunity is not that big. I would not characterize it as useless at all.
> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement.
Couldn't they just ask the user? Use the backup password to authenticate.
If it's my device, I want to be the one who chooses what I trust.
Couldn't they just ask the user? Use the backup password to authenticate.
If it's my device, I want to be the one who chooses what I trust.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element.
I don't have a password on my iPhone. I don't need one, because I don't store any critical data on the phone, or spend any significant time in environments where it's likely to be stolen. And I guess I'm naive enough to assume that no one from the NSA Tailored Operations department is going to sneak into my bedroom at night and install a malicious fingerprint sensor.
So, no, there is absolutely no reason for Apple to brick my entire iPhone if the sensor fails validation. They should act to maintain the level of security chosen by the user... no more, no less.
I don't have a password on my iPhone. I don't need one, because I don't store any critical data on the phone, or spend any significant time in environments where it's likely to be stolen. And I guess I'm naive enough to assume that no one from the NSA Tailored Operations department is going to sneak into my bedroom at night and install a malicious fingerprint sensor.
So, no, there is absolutely no reason for Apple to brick my entire iPhone if the sensor fails validation. They should act to maintain the level of security chosen by the user... no more, no less.
That's true. I meant to say it should disable any hardware that was directly tied to the secure element, such as Touch ID and Apple Pay's NFC chip. I didn't mean to imply all encryption services in iOS should be disabled.
The scenario they're protecting against appears (to me) to be a bad actor changing the hardware. If the Touch ID sensor is bad, and you propose falling back to a PIN, who's to say the digitizer isn't compromised too and is recording touches?
Sounds a bit like a downgrade attack if they didn't fail fast and hard at the earliest opportunity.
Sounds a bit like a downgrade attack if they didn't fail fast and hard at the earliest opportunity.
> If the Touch ID sensor is bad, and you propose falling back to a PIN, who's to say the digitizer isn't compromised too and is recording touches?
So why not brick the phone out of the box? Even if the finger scanner is original, somebody may have compromised the digitizer anyway.
So why not brick the phone out of the box? Even if the finger scanner is original, somebody may have compromised the digitizer anyway.
I don't think they are protecting against that scenario so much as not accounting for it. I expect Apple's assumption is that they provide all components for their devices. People who install unauthorised third party components can no longer have those devices serviced by Apple — so it no longer matters to Apple whether those devices are compromised, because they aren't really "Apple" devices at that point anyway.
This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.
This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.
There's no need to be so hostile and assume malice when there's plenty of perfectly sound explanations otherwise.
Apple is a fairly security conscious company now so security tradeoffs should not be a surprise.
Apple is a fairly security conscious company now so security tradeoffs should not be a surprise.
Assume malice? How do you mean?
There is only one valid reason to authenticate the fingerprint scanner before using it, and that is to prevent the use of aftermarket replacements.
No matter what the motives behind this mechanism were, it was put in place exactly to prevent 3rd party scanners from working.
And if they implemented authentication and didn't even test what happens if it fails, then well... how do they know it works at all?
No matter what the motives behind this mechanism were, it was put in place exactly to prevent 3rd party scanners from working.
And if they implemented authentication and didn't even test what happens if it fails, then well... how do they know it works at all?
If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated. It doesn't matter about aftermarket replacements.
The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.
I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.
So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.
The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)
The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.
I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.
So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.
The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)
> If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated.
Consider reading the description of iOS security features linked somewhere in this thread.
Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.
Consider reading the description of iOS security features linked somewhere in this thread.
Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.
If I understand this correctly (not an iphone person), the touch ID sensor is just a fingerprint scanner?
As a standalone measure, biometrics make a shitty password substitute because you can't change a finger print if it's compromised, so shouldn't the iphone be secured on the premise that the finger print scanner is already compromised, hence losing it should not qualify as a downgrade attack?
As a standalone measure, biometrics make a shitty password substitute because you can't change a finger print if it's compromised, so shouldn't the iphone be secured on the premise that the finger print scanner is already compromised, hence losing it should not qualify as a downgrade attack?
Touch ID is a fingerprint scanner, but the Touch ID system is paired with the "Secure Enclave" in Apple's AX chips.
Secure Enclave is a separate coprocessor running its own L4-based microkernel. This hardware is directly paired with security-sensitive hardware (Touch ID, Apple Pay NFC chip, etc). It provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.
So when you stick a third-party Touch ID sensor in an iPhone it's obviously not going to be paired with the secure coprocessor. It doesn't really matter whether biometrics are shitty passwords, the iOS update process realises there is compromised hardware touching the Secure Enclave and fails in the worst possible way for the user.
Secure Enclave is a separate coprocessor running its own L4-based microkernel. This hardware is directly paired with security-sensitive hardware (Touch ID, Apple Pay NFC chip, etc). It provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.
So when you stick a third-party Touch ID sensor in an iPhone it's obviously not going to be paired with the secure coprocessor. It doesn't really matter whether biometrics are shitty passwords, the iOS update process realises there is compromised hardware touching the Secure Enclave and fails in the worst possible way for the user.
Does this mean your fingerprint never leaves the scanners coprocessor and is inaccessible to iOS and the other processors and OSs within the phone?
Basically, yes. The Secure Enclave is hardware isolated from the rest of the chip.
Apple's own security guide explains it best [1]:
> The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Regarding the actual fingerprint storage, it looks like the encryption key is kept in the Secure Enclave and the entire decryption and verification process occurs within the Secure Enclave. However the encrypted data itself may be stored outside the Secure Enclave:
> The raster scan is temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes sub-dermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes.
[1] https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Apple's own security guide explains it best [1]:
> The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Regarding the actual fingerprint storage, it looks like the encryption key is kept in the Secure Enclave and the entire decryption and verification process occurs within the Secure Enclave. However the encrypted data itself may be stored outside the Secure Enclave:
> The raster scan is temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes sub-dermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes.
[1] https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Yeah, there's the source of that quote, 'sub dermal ridge flow angle mapping', which at the time was described as 'how we know it's really your finger', along with supposedly measuring 'micro RF fields' to ensure it was a live finger.
Except it could be defeated by a laser printed fingerprint on a piece of paper (initially).
Except it could be defeated by a laser printed fingerprint on a piece of paper (initially).
Yes, at least according to Apple: https://www.apple.com/business/docs/iOS_Security_Guide.pdf (page 7).
"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but _cannot_ read it".
"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but _cannot_ read it".
Yes. The OS can only tell if the fingerprint matched or not. The checking is done solely in the secure enclave. Presumably the OS also gets told which fingerprint matched too?
[deleted]
[deleted]
I'm pretty sure there was no direct malice here (except for the usual Apple disregard for 3rd party components), but the security reasoning behind this move is still questionable. The only danger of a compromised Touch ID sensor, is that it could record your fingerprint and let the attackers replay that fingerprint to access all your encryption keys on Secret Enclave.
That would be a huge vulnerability, if there hadn't been thousands of other ways to record your fingerprint, and while most of them are less accurate than a trojan Touch ID, they're also much easier to pull off.
And at the very worst, if a sophisticated malicious actor got the chance to meddle with your phone, they could just skip the Touch ID sensor altogether and install a stealthy fingerprint digitizer in the touch screen or on the back of the phone.
So in short, Apple's security measure, if my understanding is correct, does absolutely nothing to protect the user.
That would be a huge vulnerability, if there hadn't been thousands of other ways to record your fingerprint, and while most of them are less accurate than a trojan Touch ID, they're also much easier to pull off.
And at the very worst, if a sophisticated malicious actor got the chance to meddle with your phone, they could just skip the Touch ID sensor altogether and install a stealthy fingerprint digitizer in the touch screen or on the back of the phone.
So in short, Apple's security measure, if my understanding is correct, does absolutely nothing to protect the user.
THE critical security system of your phone has been tampered with. PIN data, TouchID data, crypto data and everything else related to security is on that same bus. You do not detail secure info over that channel.
Aha, that makes more sense.
[deleted]
Too bad the compiler doesn't raise a fatal error for comments like that.
It may even be against the law in Europe because the phone was working perfectly after the repair and only the later update locked the phone without the ability to unlock it.
To keep with the care maker example, in Germany, the car makers used to void the 10 years guarantee on the painting of the car if the regular checks were done by an independent car shop. This was then declared as illegal.
I suppose Apple will soon release an update and declare that this was "a bug".
To keep with the care maker example, in Germany, the car makers used to void the 10 years guarantee on the painting of the car if the regular checks were done by an independent car shop. This was then declared as illegal.
I suppose Apple will soon release an update and declare that this was "a bug".
How will affected users get the "new update" if their phone is already broken by the previous? I mean, I hope that, in the case of already broken phone caused by their own update, apple _at_least_ give them a new iphone for free, else they are gonna get rape-sued here in EU
No, the phone did not work perfectly after the repair. The fact that the user didn't realise it didn't work perfectly doesn't change that. The repair compromised the security of the device.
Image if you have your tires changed by an independent car shop and a month later one of your wheels falls off on the highway. Do you start complaining about it to the car's manufacturer because 'it worked perfectly before'. No you don't.
The repair shop didn't repair it properly, if it was repaired properly the new TouchID sensor would be securely paired with the Secure Enclave and this issue would not occur.
Image if you have your tires changed by an independent car shop and a month later one of your wheels falls off on the highway. Do you start complaining about it to the car's manufacturer because 'it worked perfectly before'. No you don't.
The repair shop didn't repair it properly, if it was repaired properly the new TouchID sensor would be securely paired with the Secure Enclave and this issue would not occur.
Your analogy is way off.
This is more like your Tesla car's keyfob misfunctioning and you get it repaired by a non-Tesla dealer. The dealer could've put in a backdoor to get into the vehicle.
Tesla releases a big new update for their car software and now your Tesla is completely bricked and Tesla refuses to repair it, saying you have to buy a new car.
Is that acceptable?
This is more like your Tesla car's keyfob misfunctioning and you get it repaired by a non-Tesla dealer. The dealer could've put in a backdoor to get into the vehicle.
Tesla releases a big new update for their car software and now your Tesla is completely bricked and Tesla refuses to repair it, saying you have to buy a new car.
Is that acceptable?
In regards to warranty repairs automakers can (and often do) deny coverage due to the presence of non-OEM parts. Outside of warranty / safety repairs they are certainly not obligated to perform service.
Almost, except the Tesla store just says you have to buy a new (authentic) key fob rather than a new car.
Apple or other authorized repair shops can still fix phones that have been disabled due to security chain errors.
Apple or other authorized repair shops can still fix phones that have been disabled due to security chain errors.
I don't think so, see my other comment.
https://news.ycombinator.com/item?id=11048311
https://news.ycombinator.com/item?id=11048311
Hunh. My bad, I was under the impression (based off some other comments) that replacing the home button/finger scanner with a legit one and updating the security pair would make the issue go away, but looks like I was wrong.
and how can I be sure that in the Apple store they are fixing the phone with a thrustworthy component?
and so on...
Apple excuses make no sense this time.
Except that the wheels didn't fall off the phone. This lockup happens due to code proactively added by Apple. You are confusing three different issues: the design of the system, the legality, and how security should work. In this case, none of those three items align. This is Apple's problem - they chose the easiest option for themselves, not what would benefit customers legally, functionally, or by securing the device properly.
You are fundamentally misunderstanding the threat model. What is the exact threat that Apple is guarding against? Is it an evil maid attack planting new sensors, switched devices, someone's fingers being cut off? All of these require different mitigations - none of which for a general purpose consumer phone are to brick the device when upgrading.
You are fundamentally misunderstanding the threat model. What is the exact threat that Apple is guarding against? Is it an evil maid attack planting new sensors, switched devices, someone's fingers being cut off? All of these require different mitigations - none of which for a general purpose consumer phone are to brick the device when upgrading.
It would be definitely illegal in France which has a law against planned obsolescence - but EU doesn't have it yet. https://en.m.wikipedia.org/wiki/Planned_obsolescence#Regulat...
Only if it was "planned obsolescence" and not "a security measure".
I don't think you can excuse something as "a security measure" when it is clear that it is not a reasonable security measure and the reason for disabling device is something else.
Anyway, this confirms that I'll stay away from Apple stuff.
Anyway, this confirms that I'll stay away from Apple stuff.
>Imagine the same thing happening to your car.
That sort of exists now. There are parts, like the throttle control on Volvo's, ABS units on BMW's, etc, where the unit is coded to your vehicle.
You can't, for example, swap an otherwise identical throttle from a junkyard into a Volvo. It puts the ECU into limp mode, and the car is essentially useless.
Now, that's not the result of an over-the-wire firmware update, but that's really the only piece missing. When/If vehicles start regularly updating firmware over the wire, you'll start seeing stuff like this.
That sort of exists now. There are parts, like the throttle control on Volvo's, ABS units on BMW's, etc, where the unit is coded to your vehicle.
You can't, for example, swap an otherwise identical throttle from a junkyard into a Volvo. It puts the ECU into limp mode, and the car is essentially useless.
Now, that's not the result of an over-the-wire firmware update, but that's really the only piece missing. When/If vehicles start regularly updating firmware over the wire, you'll start seeing stuff like this.
How is this the top comment?
We can see that it is clearly nothing to do with 'revenge' or 'retaliation'. The evidence clearly contradicts that.
Apple makes strong promises around security and Touch ID in particular. This is clearly designed to maintain the integrity of that system.
It's certainly a terrible failure mode - the error message should explain what the problem is.
But imputing these bizarre motives just reveals bias on the part of the commenters.
The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
[this was obviously going to be downvoted, but for the record nobody has either made an argument for, or provided evidence for the 'revenge' motivation, while the 'poorly implemented security policy' explanation is clearly supported by the evidence.]
We can see that it is clearly nothing to do with 'revenge' or 'retaliation'. The evidence clearly contradicts that.
Apple makes strong promises around security and Touch ID in particular. This is clearly designed to maintain the integrity of that system.
It's certainly a terrible failure mode - the error message should explain what the problem is.
But imputing these bizarre motives just reveals bias on the part of the commenters.
The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
[this was obviously going to be downvoted, but for the record nobody has either made an argument for, or provided evidence for the 'revenge' motivation, while the 'poorly implemented security policy' explanation is clearly supported by the evidence.]
> The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
There would be no such headline. Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
And if you have to know why people come up with theories like that - either Apple didn't think what happens to users who already had this hardware replaced or they thought about that. Maybe those who accuse them of malice simply overestimated their competence - after all, they make big claims about high quality, attention to detail and whatnot.
Not to mention that the first part of this comment makes sense and probably expresses well how people feel about this screwup.
There would be no such headline. Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
And if you have to know why people come up with theories like that - either Apple didn't think what happens to users who already had this hardware replaced or they thought about that. Maybe those who accuse them of malice simply overestimated their competence - after all, they make big claims about high quality, attention to detail and whatnot.
Not to mention that the first part of this comment makes sense and probably expresses well how people feel about this screwup.
> Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
Apple did the right thing in protecting people from this, but did communicate about it poorly.
The only malice in this situation is on the part of the people accusing apple of being motivated by 'revenge'.
This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
Apple did the right thing in protecting people from this, but did communicate about it poorly.
The only malice in this situation is on the part of the people accusing apple of being motivated by 'revenge'.
> This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
... which wouldn't be used after the phone determines it's an aftermarket part. Equally well the attacker may have installed a malicious piece of brick inside.
> Apple did the right thing in protecting people from this
Sure, they protected users from using phone with replaced home button and disabled fingerprint scanner by bricking the phone completely.
Hard to tell in what proportions malice and/or stupidity were involved in this case, but either way it wasn't "doing the right thing".
... which wouldn't be used after the phone determines it's an aftermarket part. Equally well the attacker may have installed a malicious piece of brick inside.
> Apple did the right thing in protecting people from this
Sure, they protected users from using phone with replaced home button and disabled fingerprint scanner by bricking the phone completely.
Hard to tell in what proportions malice and/or stupidity were involved in this case, but either way it wasn't "doing the right thing".
Stop saying they bricked the phone. It's untrue. The phone is producing an error message and the problem can be rectified by visiting an Apple Store.
Maybe something has changed after this article, I'm not going to make such claims anymore without verification.
However, you have to understand that when I posted this, I knew about cases (including TFA) when the problem had indeed been "rectified" by visiting a store (sorry, couldn't resist ;)) but no case when the device had actually been fixed and data recovered, whether this is technically possible or not.
However, you have to understand that when I posted this, I knew about cases (including TFA) when the problem had indeed been "rectified" by visiting a store (sorry, couldn't resist ;)) but no case when the device had actually been fixed and data recovered, whether this is technically possible or not.
>Imagine the same thing happening to your car.
Given that apple is working on an iCar, it's just a matter of time I presume.
Given that apple is working on an iCar, it's just a matter of time I presume.
This whole fiasco makes me wonder if the link between the TouchID sensor and the rest of the phone is so fragile and easily spoofed that they are concerned a fraudulent sensor could be trusted implicitly by the phone, and therefore used to inject malicious data ("here, I am sending you [USERS] thumbprint").
What if that "repair" was done by NSA, CIA, etc? Should the phone boot like nothing happened? Seriously?
Looking at teardowns, like the one at ifixit [1], the touch id sensor seems to be a pretty standard imaging sensor that heads to an NXP chip. I'd be willing to bet that the encryption of the print happens on the nxp chip instead of the imager, so if the NSA/whoever were doing a "repair", they'd probably just put an MiTM chip on that insecure path for later playback. Against a state actor, Touch ID is a triviality.
[1] https://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383
[1] https://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383
Maybe they want to move encryption onto the sensor chip in future generations, because the scheme you described is indeed a joke.
But to be honest, it's not like fingerprints are such a hard to obtain secret in the first place.
But to be honest, it's not like fingerprints are such a hard to obtain secret in the first place.
Fingerprint scanner disabled due to unauthorized modification. Please contact support or type "I want hackers to steal my data" 10 times to reenable.
Hell, they could, on boot, display a message with something like "This phone contains contains a non genuine apple part"
Then the question is, could the NSA/CIA/etc trick the phone into thinking the repair was valid?
Then the question is, could the NSA/CIA/etc trick the phone into thinking the repair was valid?
Almost certainly so. Decap the chip, pull the flash contents out to get the key, etc, flash a new backdoored chip, you're done. Hobbyists have been decapping chips and pulling flash for a while, so this is certainly not beyond the abilities of the NSA/CIA/etc. You wouldn't need the exact same make of chip, just one that presents itself as the same.
On boot? Many naive users never boot their phones after the first time they open the box.
So then, what, if not on boot, show it all the time, with no option to suppress? If you offer a way to suppress it, that will be used by the bad guys.
So then, what, if not on boot, show it all the time, with no option to suppress? If you offer a way to suppress it, that will be used by the bad guys.
I say show a message whenever Touch ID is activated. Then again that would be really freakin' annoying. Still better than bricking the phone.
LOL, given how those organizations work they wouldn't do the "repair" they would ask Apple to install it for them.
I'm sure they already did that assuming they don't have better ways.
I'm sure they already did that assuming they don't have better ways.
My thoughts exactly.
Remember the woman who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model? [0]
Apple is in the business of selling (overpriced/overengineered) hardware. Their tactics make that very clear.
The only problem with that is that there is no real competition in mobile phones anymore, it's just a giant duopoly. Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company) is just as bad.
My only hope is for Ubuntu to make the right moves soon.
[0] A source: http://www.dailymail.co.uk/sciencetech/article-2709502/Does-...
Apple is in the business of selling (overpriced/overengineered) hardware. Their tactics make that very clear.
The only problem with that is that there is no real competition in mobile phones anymore, it's just a giant duopoly. Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company) is just as bad.
My only hope is for Ubuntu to make the right moves soon.
[0] A source: http://www.dailymail.co.uk/sciencetech/article-2709502/Does-...
Remember the woman who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model?
No, because that never was a fucking thing.
Seriously, this is supposed to be a community of reasonably well-informed tech-oriented people. Step back for a second, take a deep breath, and think before you spread nonsense like this. Jesus.
No, because that never was a fucking thing.
Seriously, this is supposed to be a community of reasonably well-informed tech-oriented people. Step back for a second, take a deep breath, and think before you spread nonsense like this. Jesus.
Thank you! This shit is getting out of hand.
That does sound ridiculous.
But please don't comment like this and https://news.ycombinator.com/item?id=11047606 on HN. That just makes the threads worse. Instead, please stay civil even when some people are being silly.
But please don't comment like this and https://news.ycombinator.com/item?id=11047606 on HN. That just makes the threads worse. Instead, please stay civil even when some people are being silly.
You are, as ever, totally right; there's no reason to be rude. Sorry.
> You are, as ever, totally right
Good lord no. But thank you for the polite response and intention to change. It really is a collective effort.
Good lord no. But thank you for the polite response and intention to change. It really is a collective effort.
That was frankly horribly researched. They started off with a supposition, and ignored any data that didn't help prove it.
They completely ignored that a new handset release tends to come in lockstep with a new OS release. This is relevant because it means many, many people are changing the operating characteristics of their existing handsets at the same time - leaving their phone not only not a "known constant", but potentially creating the same results even if a new generation of phone hadn't just appeared at the same time.
Seriously, if you take their graph and replace the labels for each 3g, 3gs, 4, 4s etc, with ios2, 3, 4, 5 .. the data is still accurate, but the take-away assumptions change entirely.
They ignored that geekbench scores show that scores for any given generation stay roughly constant over the phone's lifetime. That's a fantastic set of data that isn't coloured by changing expectations over time.
And they were quite happy to brush off that the samsung numbers showed exactly the same changes over time, as they didn't spike around releases. Completely ignoring that Android has entirely different update strategies (having to wait until your telco 'blesses' the update, etc).
If you look at their graphs, and think of each label as an OS release rather than coinciding with a new handset (which is still accurate), the story it now tells is that ios updates receive much larger adoption in hurry, when compared to adoption of android updates.
Which we already knew. Apple's update strategy is that every compatible handset is able to update "today", whereas android updates are staggered by various levels of support from different mffrs and different providers.
They completely ignored that a new handset release tends to come in lockstep with a new OS release. This is relevant because it means many, many people are changing the operating characteristics of their existing handsets at the same time - leaving their phone not only not a "known constant", but potentially creating the same results even if a new generation of phone hadn't just appeared at the same time.
Seriously, if you take their graph and replace the labels for each 3g, 3gs, 4, 4s etc, with ios2, 3, 4, 5 .. the data is still accurate, but the take-away assumptions change entirely.
They ignored that geekbench scores show that scores for any given generation stay roughly constant over the phone's lifetime. That's a fantastic set of data that isn't coloured by changing expectations over time.
And they were quite happy to brush off that the samsung numbers showed exactly the same changes over time, as they didn't spike around releases. Completely ignoring that Android has entirely different update strategies (having to wait until your telco 'blesses' the update, etc).
If you look at their graphs, and think of each label as an OS release rather than coinciding with a new handset (which is still accurate), the story it now tells is that ios updates receive much larger adoption in hurry, when compared to adoption of android updates.
Which we already knew. Apple's update strategy is that every compatible handset is able to update "today", whereas android updates are staggered by various levels of support from different mffrs and different providers.
> Remember the woman who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model?
No. Story linked from daily mail (that's not a "source") is more nuanced.
http://www.nytimes.com/2014/07/27/upshot/hold-the-phone-a-bi...
No. Story linked from daily mail (that's not a "source") is more nuanced.
http://www.nytimes.com/2014/07/27/upshot/hold-the-phone-a-bi...
From the link: "The important distinction is of intent. In the benign explanation, a slowdown of old phones is not a specific goal, but merely a side effect of optimizing the operating system for newer hardware"
When we try to judge intent we do judge the context. So let's look at the context: people do know that iPhone updates will probably slow their device(even though Apple doesn't tell them that). And there's no way to stop the nagging update notification (aside from jailbreaking).
So let's not be naive. Maybe it's hard to prove at the legal level, but there's a pretty decent chance that this is intentional by Apple.
EDIT: if you upvote, please explain why you think this is wrong.
When we try to judge intent we do judge the context. So let's look at the context: people do know that iPhone updates will probably slow their device(even though Apple doesn't tell them that). And there's no way to stop the nagging update notification (aside from jailbreaking).
So let's not be naive. Maybe it's hard to prove at the legal level, but there's a pretty decent chance that this is intentional by Apple.
EDIT: if you upvote, please explain why you think this is wrong.
Software getting slower with updates is a fact of life. It's been an obvious and expected thing since I started being aware of computers and updates in the late 1980s and I'm sure it was a thing even before that. The odds that Apple is doing this on purpose, rather than as a standard side effect of cramming ever more features into their stuff, are so low it doesn't bear more than a moment's consideration.
What's next, people say Apple deliberately destroys batteries after a few years, rather than being a natural consequence of battery chemistry? Apple deliberately makes their screens shatter when dropped?
What's next, people say Apple deliberately destroys batteries after a few years, rather than being a natural consequence of battery chemistry? Apple deliberately makes their screens shatter when dropped?
I'm not arguing against the update making the device slower. But the fact it's built so people would upgrade(via irremovable nagging), even when it's clearly not what's best for them.
Huh? Of course you're not arguing against the update making the device slower. You're arguing that the update not only makes the device slower, but that this is a deliberate action by Apple to make older devices slower. And I'm saying that's ridiculous since it happens to pretty much all software anyway and all Apple would have to do to make this happen is just develop updates the same way everyone else does.
"Remember the guy who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model?"
No, I don't, but I'd like to read more about it. Got a source?
No, I don't, but I'd like to read more about it. Got a source?
>> Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company)
While on the iPhone: Do you use Google search ? Do you use Google maps ?
Well, if you do , there's not much sense in hiding from Google. And if you use Android, you could use tools like cyanogen's "privacy guard" to hide your data from all/most app authors , which i don't think you can do in iOS.
Also , unless they target you specifically, so long that you use an alternative keyboard - i don't think Google on Android collects your key press data - so you can use anonymity apps for special circumstances, But i could be wrong about that. Same goes for encryption keys, unless your targeted.
While on the iPhone: Do you use Google search ? Do you use Google maps ?
Well, if you do , there's not much sense in hiding from Google. And if you use Android, you could use tools like cyanogen's "privacy guard" to hide your data from all/most app authors , which i don't think you can do in iOS.
Also , unless they target you specifically, so long that you use an alternative keyboard - i don't think Google on Android collects your key press data - so you can use anonymity apps for special circumstances, But i could be wrong about that. Same goes for encryption keys, unless your targeted.
With Microsoft shutting down Windows Phone, Blackberry giving up on making it's own OS, Palm's WebOS now just a TV interface and Firefox OS rightfully shut down, the market has very clearly proven that there is no room for a third mobile OS.
Hell, there's barely any room for a third manufacturer, let along operating systems http://www.theverge.com/2016/2/3/10894200/android-smartphone...
Hell, there's barely any room for a third manufacturer, let along operating systems http://www.theverge.com/2016/2/3/10894200/android-smartphone...
No, it doesn't -- It just shows that people google "iPhone slow" more when new models come out / Apple releases major versions.
> No matter how suggestive, he says, the data alone doesn't allow anyone to determine conclusively whether their phone is any slower.
> There are other explanations for why an older model iPhone may slow down, he claims.
> For instance, the latest version of the Apple operating system, iOS, is always tailored to the newest device and may therefore not work as efficiently on older models.
> No matter how suggestive, he says, the data alone doesn't allow anyone to determine conclusively whether their phone is any slower.
> There are other explanations for why an older model iPhone may slow down, he claims.
> For instance, the latest version of the Apple operating system, iOS, is always tailored to the newest device and may therefore not work as efficiently on older models.
Do you have a source for that? Curious to read it.
Well, regarding hardware and UI styles you actually have a lot of choices on the Android side.
And it is really hard to argue that Google intentionally slows down old Android phones.
The source is available for everyone to study and you can root most devices and install Android versions that don't even use any Google software.
And it is really hard to argue that Google intentionally slows down old Android phones.
The source is available for everyone to study and you can root most devices and install Android versions that don't even use any Google software.
[deleted]
I could maybe see as a good thing from a security point of view, although I'm not sure if bricking is the right solution here. If my self-driving car gets hacked (whether physically or its software), I'd rather it stopped working than let it drive hacked.
Where did the hacked self driving car come from?
This is still not as bad as the newer laptops in which TPM is soldered onto motherboard and the OS won't boot if it's damaged. You can't even get it repaired, even by the manufacturer without getting a brand new motherboard.
Hardware level security is important, but one must know that whenever you involve hardware into the equation you must allow for collateral damage.
Trusting trust is hard. You can't expect the verifier to verify the security module you got changed from the guy in a basement. Might as well get the OS and kernel from the same guy too.
The reason this disables your phone is the same reason you see a red page when using self signed certificates. The guy vetting you isn't vetted himself. Now there is a case to be made that Apple should just show you a warning and let you use the phone. But this isn't about protecting your privacy, this is about protecting privacy of the guy whose phone you found.
Hardware level security is important, but one must know that whenever you involve hardware into the equation you must allow for collateral damage.
Trusting trust is hard. You can't expect the verifier to verify the security module you got changed from the guy in a basement. Might as well get the OS and kernel from the same guy too.
The reason this disables your phone is the same reason you see a red page when using self signed certificates. The guy vetting you isn't vetted himself. Now there is a case to be made that Apple should just show you a warning and let you use the phone. But this isn't about protecting your privacy, this is about protecting privacy of the guy whose phone you found.
How often do you damage a chip on your motherboard? Or need to replace non-capacitor parts on it?
This is such a problem because it's stuck to the screen, and people need to replace screens all the time.
This is such a problem because it's stuck to the screen, and people need to replace screens all the time.
This only affects the home button. If you replace the screen and keep your original home button, there is no issue.
I co-own a repair shop. We have known about this for a while. We won't replace home buttons for this reason. But we replace hundreds of screens a month with no issues.
I co-own a repair shop. We have known about this for a while. We won't replace home buttons for this reason. But we replace hundreds of screens a month with no issues.
Apologies if this sounds rude, because that's not the intent. How can you be sure that people whose screens you've replaced don't then get an "error 53" when they later come to do a software upgrade? Because that's the only time it shows up. Would they know to come back to you about it (possibly shaking fist)?
Sorry for the late response--I just now saw this. We've fixed thousands of screens at this point--we'd have an angry mob if screen replacements caused the issue!
Yes, we have had people come back with Error 53; that's how we knew it existed a while ago. All of them had either had their home button replaced or water damaged. We were able to successfully recover one of them after the Apple Store told the guy there was nothing they could do. It was a water damaged home button and we were able to clean the corrosion off of it by soaking it overnight in a special solution. It came back the next day. If your original home button stops working, though, you are screwed.
Yes, we have had people come back with Error 53; that's how we knew it existed a while ago. All of them had either had their home button replaced or water damaged. We were able to successfully recover one of them after the Apple Store told the guy there was nothing they could do. It was a water damaged home button and we were able to clean the corrosion off of it by soaking it overnight in a special solution. It came back the next day. If your original home button stops working, though, you are screwed.
Out of three things -- thin phone, hardware level security, and cheapness of repairs -- you get to pick two.
FWIW, I've lost 2 chromebooks to TPM failure in 18 months.
FWIW, I've lost 2 chromebooks to TPM failure in 18 months.
I was under the impression that it wasn't hard to keep the old module when replacing a screen, just that people hadn't always done it.
[deleted]
Alternative: Apple stops NSA, China, crooks meddling with TouchID during repair.
https://twitter.com/charlesarthur/status/695709113964195840
https://twitter.com/charlesarthur/status/695709113964195840
Alternative alternative: Apple wants you to pay Apple a premium to repair your device.
The stated rationale is that it's reasonable for a security-critical device to self-destruct if it thinks it may have been tampered with. Unfortunately this is a phone which costs a lot of money and has much of the user's life stored on it. I wouldn't be surprised to see Apple sued over this; I don't know what the interaction of the Sale of Goods Act and remote-bricking is.
I was thinking along similar lines recently when someone sent me an email to an old PGP key - I was able to dig up the key, but had long since forgotten the password. Do you want your computer security system to fail-open (leaking your stuff and potentially exposing you to fraud) or fail-closed (losing data which may be irreplaceable and of emotional significance)?. It's not obvious. But if you store your photos on your phone, you should probably back them up to the cloud - and to a different system that is not under the same account, either locally or another cloud. User-friendly crypto may be possible, but user-friendly key management is a total nightmare.
I was thinking along similar lines recently when someone sent me an email to an old PGP key - I was able to dig up the key, but had long since forgotten the password. Do you want your computer security system to fail-open (leaking your stuff and potentially exposing you to fraud) or fail-closed (losing data which may be irreplaceable and of emotional significance)?. It's not obvious. But if you store your photos on your phone, you should probably back them up to the cloud - and to a different system that is not under the same account, either locally or another cloud. User-friendly crypto may be possible, but user-friendly key management is a total nightmare.
Apple have been accused of copper-bottoming the rules when relatives want to get access to a dead person's phone.
Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
So I'm not sure if SOGA etc will affect Apple here.
Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
So I'm not sure if SOGA etc will affect Apple here.
> Apple have been accused of copper-bottoming the rules when relatives want to get access to a dead person's phone.
> Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
Huh? Why should next of kin automatically be entitled to all someone's personal information?
> Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
Huh? Why should next of kin automatically be entitled to all someone's personal information?
> has much of the user's life stored on it
Stores life in fragile device
Fragile device breaks
Dies
Stores life in fragile device
Fragile device breaks
Dies
You may not like it, but this is how non-techy users use computers and phones.
We techy people have let them down, in that case. It should be safe to crush any of my terminals under a tyre and lose nothing.
I learned 15+ years ago that the OS should have that as standard, with no privacy issue either. It is crazy that it is not baked in already. It's not even difficult.
I learned 15+ years ago that the OS should have that as standard, with no privacy issue either. It is crazy that it is not baked in already. It's not even difficult.
Albeit necessary to check the authenticity of components such as the TouchID sensor for security reasons, bricking the phones seems extreme. Why not simply disable Touch ID? This is them asking for a lawsuit.
I wonder if it's really bricked -- could a downgrade to the previous OS version help? (Admittedly, it's not that straightforward for normal consumers.)
[deleted]
It is frustrating the the language of MA 'right to repair' doesn't extend to devices.
https://en.m.wikipedia.org/wiki/Massachusetts_Right_to_Repai...
All these comparisons to car warranties, and more specifically how in some countries there may be a question of legality. The U.S. has similar laws that car dealers can't deny warranty coverage because of third party repairs. IANAL, but it would be interesting to see how this translates to phones (or any other similar asset).
http://www.consumer.ftc.gov/articles/0138-auto-warranties-ro...
http://www.consumer.ftc.gov/articles/0138-auto-warranties-ro...
Later updates from Apple have said that they'll replace the touch sensor and other hardware if necessary.
I'm curious; although auto makers can't decline warranty coverage, does an "authorized maintenance" shop change the dynamics?
I'm curious; although auto makers can't decline warranty coverage, does an "authorized maintenance" shop change the dynamics?
Has someone made unintentional medical joke with this error? It reminds me of https://en.m.wikipedia.org/wiki/P53, which is responsible for apoptosis - programmed death of cell.
Could be intentional.
The way they've reported on this seems a bit misleading. Isn't it just that the third-party repairers haven't reset the security mechanism after replacing the home button?
If third-party repairers can reset the security mechanism, then the security mechanism won't protect against actual attackers.
The problem is, Apple refuses to reset the security mechanism after such repairs have happened.
Ergo, Apple is bricking phones as some sort of misplaced revenge-like behavior.
Ergo, Apple is bricking phones as some sort of misplaced revenge-like behavior.
This doesn't follow. Apple refuses to reset the security mechanism because it can't verify the integrity of the repair.
Call it revenge like behavior is just you attacking Apple. It's certainly incompetent or unanticipated and poorly handled, but it's an attempt to maintain their security promises.
Call it revenge like behavior is just you attacking Apple. It's certainly incompetent or unanticipated and poorly handled, but it's an attempt to maintain their security promises.
The phone is still useful without the finger print reader, it should just degrade.
I don't know anyone who uses the fingerprint reader or the purchasing functionality.
I don't know anyone who uses the fingerprint reader or the purchasing functionality.
Should it matter?
Wouldn't a better idea be to simply display an error message to the effect of "your phone has undergone untrusted changes, please bring to your nearest Apple store" rather than bricking the whole thing?
People in the US should be complaining to the FTC. In the very least, for phone's under warranty, Magnuson-Moss should apply if Apple isn't fixing these problems for free.
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...
I think it's utterly reasonable for the device to shut down if it detects what looks like tampering with a high-security component. It's frustrating, sure, and the error message is beyond poor, but the behavior makes sense. It's not about preventing third party repairs.
It is unfortunate but true that high levels of security ultimately require trust, and that means that some things we used to take for granted will fall by the wayside. Third party repair of what are now secure components may be one of those things.
It is unfortunate but true that high levels of security ultimately require trust, and that means that some things we used to take for granted will fall by the wayside. Third party repair of what are now secure components may be one of those things.
I guess "iPhone 'disabled' if Apple detects key security component replaced with unauthorized version" wouldn't get as many clicks.
I'm not sure I understand what exactly happened here. Was it previously possible for non-apple engineers to replace the home button or was it not? The guardian's article seems to suggest it was: "Indeed, the phone may have been working perfectly for weeks or months since a repair or being damaged."
If that is the case and it was possible to replace these sensors before, apple's narrative that the "error 53" code was introduced for security reasons doesn't seem to make a lot of sense: If the hardware sensor wasn't designed with secure authorization (e.g. via asymmetric cryptography) in the first place, all they could do now in a software update would be to add some kind of cosmetic device ID check.
However, any such newly introduced check in software could not actually prevent "malicious sensor" attacks but would only add a (possibly trivial) additional step to the attack where you have to spoof the correct device id.
Or maybe my reading of the guardian article is imprecise and replacing the home button has always meant loosing access to at least some security-relevant features?
If that is the case and it was possible to replace these sensors before, apple's narrative that the "error 53" code was introduced for security reasons doesn't seem to make a lot of sense: If the hardware sensor wasn't designed with secure authorization (e.g. via asymmetric cryptography) in the first place, all they could do now in a software update would be to add some kind of cosmetic device ID check.
However, any such newly introduced check in software could not actually prevent "malicious sensor" attacks but would only add a (possibly trivial) additional step to the attack where you have to spoof the correct device id.
Or maybe my reading of the guardian article is imprecise and replacing the home button has always meant loosing access to at least some security-relevant features?
You can get the button exchanged, but since each one is coupled with the secure enclave co-processor, touch ID doesn't work anymore. But home button still works, so does the phone encryption, you just can't identify yourself with the fingerprint anymore. If you go and try to add a fingerprint, it behaves like you have a muddy finger and can't scan it. But this ain't an issue since encryption is done by a PIN code first, then fingerprints are used as a more convenient way to unlock.
Frankly the device bricking is BS, since the encryption PIN code is still there and unknown to a possible attacker. You just can't use the victims fingerprints to unlock it anymore, or attach a hacked fingerprint reader, because it still won't be able to access the secure enclave to open and get the PIN code.
Frankly the device bricking is BS, since the encryption PIN code is still there and unknown to a possible attacker. You just can't use the victims fingerprints to unlock it anymore, or attach a hacked fingerprint reader, because it still won't be able to access the secure enclave to open and get the PIN code.
Third-party repair shops have never been able to correctly replace the TouchID sensor.
Now might be a good time to make a donation to the EFF.
https://www.eff.org/issues/right-to-repair
https://www.eff.org/issues/right-to-repair
Could this be a protection against selling stolen iPhones? As I remember a "broken TouchID" rates pretty high as a shady phone. Does anyone know how does this work? Can you reset a stolen phone or do they just sell those as parts nowdays?
This would be a great theft deterrent, if you could remotely brick your iPhone.
One more proof that you don't own your device?
I love the sentence:
>He had to pay £270 for a replacement and is furious.
He was so furious that he bought a second iPhone which had the same fundamental design decisions and would fail in the same way if he got it repaired by a non-Apple repairer. No wonder Apple doesn't give a damn about this - everyone is just buying a new phone from them.
He was so furious that he bought a second iPhone which had the same fundamental design decisions and would fail in the same way if he got it repaired by a non-Apple repairer. No wonder Apple doesn't give a damn about this - everyone is just buying a new phone from them.
I don't see why people are upset or surprised about this. Apple is a pioneer in making electronics difficult to open up and play with.
It has always been their approach to control every interaction that every customer has with every part of their business and every product produced by it.
Accept it or use something else.
It has always been their approach to control every interaction that every customer has with every part of their business and every product produced by it.
Accept it or use something else.
upset or surprised
suprised maybe not so much, but it seems pretty obvious one would get upset if his/hers go-to device is suddenly rendered practically useless?
suprised maybe not so much, but it seems pretty obvious one would get upset if his/hers go-to device is suddenly rendered practically useless?
I accept your correction. In fact, now I think about it, essentially 0% of apple customers would likely be aware of this possibility at the time they make their purchase. I should have considered that most consumers won't follow stories like this as closely as the tech crowd.
I do stand by my assertion that it is legitimate for apple to behave in this way though. They get to present their business as they choose to just like any other company and the customer get to choose whether to accept their terms. Personally I don't but, empirically, most other people seem to.
I would however support requirements (as legislation) that consumers should be made aware of such practices at the point of purchase such that they can factor it into their buying decision.
I do stand by my assertion that it is legitimate for apple to behave in this way though. They get to present their business as they choose to just like any other company and the customer get to choose whether to accept their terms. Personally I don't but, empirically, most other people seem to.
I would however support requirements (as legislation) that consumers should be made aware of such practices at the point of purchase such that they can factor it into their buying decision.
Yeah, Apple are evil geniuses. They are prodigies at making money and expanding their business, at the expense of their users. It also seems like a majority of people on this site have some kind of Stockholm syndrome with regard to Apple. I guess making people reliant and locked in to their system is part of their genius. Of course people in that situation will find ingenious logical contortions to go through to justify their continued faith.
Also, mass downvoting of this comment in 3. 2. 1 ...
Also, mass downvoting of this comment in 3. 2. 1 ...
https://news.ycombinator.com/newsguidelines.html
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
You will, of course, be down voted – because of your childish insistence that anybody who thinks differently from you is suffering from some kind of illness.
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
You will, of course, be down voted – because of your childish insistence that anybody who thinks differently from you is suffering from some kind of illness.
I feel like a hypocrite criticising this one. Security has always been a tradeoff against convenience. I've been, overall, happy that Apple's starting to take the security of personal data on a very losable device seriously.
I mean, not to gloss over it. I just got stung €320 for a screen repair, and I won't pretend I'm at all happy with that. But I have to accept we can't have it both ways - if we're demanding tough encryption, we have to accept the inconvenience that comes with it.
I mean, not to gloss over it. I just got stung €320 for a screen repair, and I won't pretend I'm at all happy with that. But I have to accept we can't have it both ways - if we're demanding tough encryption, we have to accept the inconvenience that comes with it.
The problem here is not so much that the devices are being bricked as the fact that it's coming as a nasty surprise. People needed to be warned about this, and the warning needed to happen before they bought the phone.
So much for owning something you thought you owned. This has happened again and again, and will increasingly happen in the future under whatever disguise, security-wise or not.
Something suspiciously like this happened to me on a second-hand iPhone 6 I bought a few weeks ago. Talk about crappy timing.
Everything pointed to a software issue, but every repair person I took it to (both apple and non-apple) kept saying it was a hardware fault.
Touch ID stopped working and the phone drains super quickly despite not being in use. Hoping Apple can provide a "fix", not gonna hold my breath though.
Everything pointed to a software issue, but every repair person I took it to (both apple and non-apple) kept saying it was a hardware fault.
Touch ID stopped working and the phone drains super quickly despite not being in use. Hoping Apple can provide a "fix", not gonna hold my breath though.
I got a second-hand 5S last year with faulty Touch ID, the seller admitted that it didn't work and didn't even notice because he never used it (at the time also many Touch IDs stopped working after iOS 8 updates). I got a lower price and a friend took it to Apple Store in Germany (had couple months warranty left), where they tried to change the display first, then swapped it for a new unit without issues.
I'll take it as a positive that there is a good chance if someone tampered with my device my information is still secure.
I feel for both sides of this issue. As a consumer I am upset that I am essentially being forced to either buy a new iPhone or do my repair via Apple (do they even do all repairs?).
Although, as a business I understand not wanting third party repairs as those can damage your brand if done incorrectly.
I think it is a design flaw, putting a security component in a common fail assembly, a fragile glass cover.
Sony chose to put their touch ID sensor in a side button. I wonder if they thought of this, it sure looks like a smart design decision in light of this.
I feel for both sides of this. On one hand, as a consumer, I think it's unfair to force users to either buy a new iPhone or do repairs via Apple (do they even do them all?).
As a business, I understand how non-Apple repairs can damage a brand.
This is just the beginning.
High prices and resale values have spawned a substantial and apparently growing 3rd party repair and refurbishment market for Apple mobile devices. Beyond the dodgy corner unlock shops, multiple national chains have sprung up over the last 2 years where I live that advertise heavily on broadcast TV.
Apple clearly sees this as money left on the table and they're concerned about the emergence of a comprehensive parallel supply chain for repair parts. Bricking end-user devices is one of the few levers they've got to try and shut down this industry, since there's no way to effectively identify and pursue the upstream suppliers in mainland China.
Sucks for the users, though. I wonder if Apple will still be selling devices at all in 5 years, or if they'll only rent them out for €25/$25/£25 per month. Ultimately that'll probably be the only way to get the control they want.
High prices and resale values have spawned a substantial and apparently growing 3rd party repair and refurbishment market for Apple mobile devices. Beyond the dodgy corner unlock shops, multiple national chains have sprung up over the last 2 years where I live that advertise heavily on broadcast TV.
Apple clearly sees this as money left on the table and they're concerned about the emergence of a comprehensive parallel supply chain for repair parts. Bricking end-user devices is one of the few levers they've got to try and shut down this industry, since there's no way to effectively identify and pursue the upstream suppliers in mainland China.
Sucks for the users, though. I wonder if Apple will still be selling devices at all in 5 years, or if they'll only rent them out for €25/$25/£25 per month. Ultimately that'll probably be the only way to get the control they want.
Broken 5s screen - took it to a local repair shop in town. He indicated that they just replace the whole screen unit - takes about 8-10 minutes. He shared some numbers too.
The conversation was from last... sep I think, and he was referring to a change a few months back. They had been able to buy the whole screen units for around $25-$30/piece, and his shop (owned a few) bought a lot of them - always kept a lot in stock. Earlier in 2015, he said, Apple started putting the screws on their parts suppliers, requiring them to destroy any overages or extras that didn't pass QA. This overage supply was where he and others would get their replacement parts.
He said that almost overnight, the prices on those screens went to $40 or more. They had a several month supply, but were already having to replenish at the higher price point.
So... Apple knowing about "third party repair" stuff, isn't all that new, but they seem to be taking more steps to actively prevent competition here. :/
re: "renting" - they'll probably still sell them, but all but force an icloud-style service for storage (probably still be selling 16g models when they provide 16mp cameras, and use up 6g for the OS). That or perhaps they'll just buy a carrier and you can be paying them $100/month for voice/data service directly, on top of $700 for a device.
The conversation was from last... sep I think, and he was referring to a change a few months back. They had been able to buy the whole screen units for around $25-$30/piece, and his shop (owned a few) bought a lot of them - always kept a lot in stock. Earlier in 2015, he said, Apple started putting the screws on their parts suppliers, requiring them to destroy any overages or extras that didn't pass QA. This overage supply was where he and others would get their replacement parts.
He said that almost overnight, the prices on those screens went to $40 or more. They had a several month supply, but were already having to replenish at the higher price point.
So... Apple knowing about "third party repair" stuff, isn't all that new, but they seem to be taking more steps to actively prevent competition here. :/
re: "renting" - they'll probably still sell them, but all but force an icloud-style service for storage (probably still be selling 16g models when they provide 16mp cameras, and use up 6g for the OS). That or perhaps they'll just buy a carrier and you can be paying them $100/month for voice/data service directly, on top of $700 for a device.
People buy a high-end watch, like a Rolex. They can repair it if they have then knowledge. The problem is Rolex, and 99 percent of watch manufactures won't sell your, or your Watch Repair person the parts.
You need to send the watch to the factory for service, at factory prices.
So, when you buy a Rolex, your are actually leasing it? You don't truely own it, if you can't get the parts to fix it?
It's just another way to make money.
I didn't think Apple would irritate their customers at this particular point in time?
And yes, I too believe, "This is just the beginning."
You need to send the watch to the factory for service, at factory prices.
So, when you buy a Rolex, your are actually leasing it? You don't truely own it, if you can't get the parts to fix it?
It's just another way to make money.
I didn't think Apple would irritate their customers at this particular point in time?
And yes, I too believe, "This is just the beginning."
Actually a majority of the watches, besides Rolex, in the <$5000 range use standard unmodified Swiss ETA movements, which can be repaired by any competent watchmaker. Very few watches in this price range use in-house movements.
I think IPhone owners intend their device to last longer than the typical Android. Making it harder to repair could undermine that. Apple need to make users believe that an IPhone is not just a disposable thing that lasts for 1 year in order to justify the high price.
I'm fairly certain that's illegal in Australia. It's called third line forcing.
Looks like Apple is, yet again, going to be investigated by the ACCC.
Looks like Apple is, yet again, going to be investigated by the ACCC.
So basically you do not own your hardware.
The iPhone6 and F-35 share the same problem trying to detect approved or faulty parts. Funny.
Isn't this piece core to the virtual wallet/payment tech installed on the phone? Should apple's engineers have to put in friendly error messages if you exchange components in what's supposed to be a closed system?
Don't use smart phones. Just don't. It works for me.
Could someone explain what is the legal basis for this?
This type of move can't work now, because Apple is losing its mojo in a very fast pace.
yet another thing that anti-iphone people rile and iphone users don't care. The bricked owners will buy the next gen iphone and won't repeat the mistake of third party repair. what's the fuss about? yawn...
This is just to protect customers. </irony>
Wow, Apple hate like on /r/technology.
Lawsuit time, which Apple will lose
Correct me if I'm wrong, but from what I understand this is done to protect the customers from tampered with Touch ID sensors.
It may be overly paranoid but I can at least understand the motivation behind this. Changing the display also involves disconnecting the Touch ID sensor so technically a malicious person might have done something that exposes the user of the device in some way.
Statement from an Apple spokeswoman:
“We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”
http://www.macrumors.com/2016/02/05/error-53-home-button-iph...
It may be overly paranoid but I can at least understand the motivation behind this. Changing the display also involves disconnecting the Touch ID sensor so technically a malicious person might have done something that exposes the user of the device in some way.
Statement from an Apple spokeswoman:
“We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”
http://www.macrumors.com/2016/02/05/error-53-home-button-iph...
Yes, but instead of disabling authentication with the non-authenticated TouchID sensor it bricks the phone.
... until the old sensor is replaced.
Which is a good thing.
This is like complaining that forgetting your encryption password "bricks" your hard drive.
Yeah, apple deserves some flack for not making this known to 3rd party repair shops, but it's not a problem itself.
Which is a good thing.
This is like complaining that forgetting your encryption password "bricks" your hard drive.
Yeah, apple deserves some flack for not making this known to 3rd party repair shops, but it's not a problem itself.
Did you really believe them when they said that?
Just like all other similar decisions made by other companies under the guise of 'protect[ing] the customers', it should be clear that this is no more than a guise. If protection is what they had in mind they'd simply disable any functionality which could be impacted by a dodgy part. Disabling the whole device has the single, self-serving purpose of channelling the cash flow from the repair businesses into Apple's coffers.
Just like all other similar decisions made by other companies under the guise of 'protect[ing] the customers', it should be clear that this is no more than a guise. If protection is what they had in mind they'd simply disable any functionality which could be impacted by a dodgy part. Disabling the whole device has the single, self-serving purpose of channelling the cash flow from the repair businesses into Apple's coffers.
It sounds plausible, but none of us can know for sure as we don't have the source code and internal access at Apple. (maybe they can't just deactivate TouchID on its own, maybe they can but they want to protect the already existing fingerprint data on the device)
I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
It's easy to say that they'll just earn more from repairs and sell more devices, but customer satisfaction is also important and I believe Apple takes issues that essentially brick devices very seriously.
It is also well known that they take privacy very seriously (although implementations might not be perfect), so I am inclined to believe that in this case privacy concerns have won against customer satisfaction concerns.
Edit: Apple Pay is also a _very_ important product for Apple, I imagine they simply cannot afford any issues that might make this seem unsafe to customers.
I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
It's easy to say that they'll just earn more from repairs and sell more devices, but customer satisfaction is also important and I believe Apple takes issues that essentially brick devices very seriously.
It is also well known that they take privacy very seriously (although implementations might not be perfect), so I am inclined to believe that in this case privacy concerns have won against customer satisfaction concerns.
Edit: Apple Pay is also a _very_ important product for Apple, I imagine they simply cannot afford any issues that might make this seem unsafe to customers.
> I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
Limiting the availability of repair services to the captive audience of apple-users probably increases sales. Those who have bought into the apple world are (for now) unlikely to step outside of the garden, so they'll replace their broken iThingy with a new one instead of 'just getting an Android this time'. Just look at this comment for an example of that attitude: https://news.ycombinator.com/item?id=11061800
> "... I've got better things to do with my time. I'd rather walk into the Apple store and replace my MBA or my iPhone when I've got a problem. That saves me time for my wife or my hobbies. Trade money for things that save you time, to spend that time on what's important to you (if you've got the money). ..."
This is the attitude apple would like to cultivate: solve problems by throwing more money at them.
Limiting the availability of repair services to the captive audience of apple-users probably increases sales. Those who have bought into the apple world are (for now) unlikely to step outside of the garden, so they'll replace their broken iThingy with a new one instead of 'just getting an Android this time'. Just look at this comment for an example of that attitude: https://news.ycombinator.com/item?id=11061800
> "... I've got better things to do with my time. I'd rather walk into the Apple store and replace my MBA or my iPhone when I've got a problem. That saves me time for my wife or my hobbies. Trade money for things that save you time, to spend that time on what's important to you (if you've got the money). ..."
This is the attitude apple would like to cultivate: solve problems by throwing more money at them.
> "the device remains secure."
A non functioning bricked device is more secure than a functioning device. Yes.
A non functioning bricked device is more secure than a functioning device. Yes.
Url changed from http://www.bbc.com/news/technology-35502030, which points to this.
There is a strong bias, and the amazing thing is that its very difficult for the people who have this bias to realize it. As far as they can tell it is fact, and this is in large part because they live in a filter bubble where they only see things that confirm their bias.
For example: Articles bashing Steve Jobs get upvoted a lot more than ones praising him. Exactly the opposite for bill Gates.
Now if you look at Slashdot a decade before Hacker news the results for bill gates would have been the opposite of what you see here.
Effectively, Bill Gates' millions in spending to improve his PR have changed people's perceptions (they will argue that its because he's such a generous benefactor, because that's politically correct, alas, they won't look too close at the activities of the Bill and Melinda Gates foundation lest they notice he isn't.)
Google Good, Apple Bad, Leftism Good, Socialism Good, Basic Income! Global Warming is FACT, and anything you post that goes against this narrative risks getting you slow banned or hellbanned.
Hell, I was once banned from here for relating how I met Grace Hopper as a kid (in a comment on an article about Grace Hopper.)
I have no clue why that was hell ban worthy, after all she was the original "GRrrl in tech!!11!"
Welcome to hacker news where there are no hackers.
For example: Articles bashing Steve Jobs get upvoted a lot more than ones praising him. Exactly the opposite for bill Gates.
Now if you look at Slashdot a decade before Hacker news the results for bill gates would have been the opposite of what you see here.
Effectively, Bill Gates' millions in spending to improve his PR have changed people's perceptions (they will argue that its because he's such a generous benefactor, because that's politically correct, alas, they won't look too close at the activities of the Bill and Melinda Gates foundation lest they notice he isn't.)
Google Good, Apple Bad, Leftism Good, Socialism Good, Basic Income! Global Warming is FACT, and anything you post that goes against this narrative risks getting you slow banned or hellbanned.
Hell, I was once banned from here for relating how I met Grace Hopper as a kid (in a comment on an article about Grace Hopper.)
I have no clue why that was hell ban worthy, after all she was the original "GRrrl in tech!!11!"
Welcome to hacker news where there are no hackers.
> Hell, I was once banned from here for relating how I met Grace Hopper as a kid (in a comment on an article about Grace Hopper.)
I don't believe anyone was ever banned from HN for that. How about let's see a link?
There's a cottage industry of HN users who go on about why they were banned ("because I supported Bradley Manning!" "because of my unpopular opinions!"). Pay attention and you'll notice that these complaints are always linkless. They never supply links to their allegedly innocent and suppressed contributions. Why not? Because then people could see what they really did do, and make up their own minds.
We make mistakes, and we're happy to correct them. But no way do we ban people for "relating how I met Grace Hopper as a kid".
We detached this subthread from https://news.ycombinator.com/item?id=11048013 and marked it off-topic.
I don't believe anyone was ever banned from HN for that. How about let's see a link?
There's a cottage industry of HN users who go on about why they were banned ("because I supported Bradley Manning!" "because of my unpopular opinions!"). Pay attention and you'll notice that these complaints are always linkless. They never supply links to their allegedly innocent and suppressed contributions. Why not? Because then people could see what they really did do, and make up their own minds.
We make mistakes, and we're happy to correct them. But no way do we ban people for "relating how I met Grace Hopper as a kid".
We detached this subthread from https://news.ycombinator.com/item?id=11048013 and marked it off-topic.
[deleted]
For me, the real question is where have all the hackers gone? Years ago, there were high quality contributors here. They all had to go somewhere. When slashdot was dying, it was clear where everyone went (HN and Digg). This time around, it's not clear at all.
The culture changed.
Tech now mostly attracts (post)collegiate millennials chasing the startup wave (don't blame them, it's where there's chance of an actual job). You only have to look at the dwindling state of open-source right now to see proof of this. Add to that the post-Snowden cynicism that killed off what was left of cyber-utopianism and the free web, and it's that pretty clear that the hackers of yore grew up and weren't replaced by the next generation.
Tech now mostly attracts (post)collegiate millennials chasing the startup wave (don't blame them, it's where there's chance of an actual job). You only have to look at the dwindling state of open-source right now to see proof of this. Add to that the post-Snowden cynicism that killed off what was left of cyber-utopianism and the free web, and it's that pretty clear that the hackers of yore grew up and weren't replaced by the next generation.
they just left.
arguing with kids is boring
I wonder if that isn't the case. If that's true, that would be a shame, but I can't blame them.
I wish I knew, I would go there too.
minikites(5)
That's how desperate Apple is.
The wonder of closed source
More reasons for not to be in Apple ecosystem.
Has anyone read full Terms and Conditions?
I think most of the people clicked / tapped / pressed "AGREE".
So here you go.
I think most of the people clicked / tapped / pressed "AGREE".
So here you go.
What really surprised me, and what most people don't seem to know, is that repairs at an Apple store are way cheaper than third party repairs.
Why the downvotes?
I got a Macbook Pro repaired recently and the Genius guy took me aside and said I got a great deal because they have a per-model, per-service visit price cap on replacement parts charges for repairs. Meaning that in one visit, you can get your Macbook repaired and replace the screen, the motherboard, the hard drive, the power board, the battery, the keyboard, pretty much the whole thing, and the price (for parts) is capped at around $280 for my particular model. The labor price is not capped but they are good at what they do, so the labor is super fast and ends up being cheap.
I had a similar experience with an iPhone repair, where my camera had dust in it. Apparently the best way to do this is a back cover replacement, and the back cover comes with the camera built in. I was pretty scared until I heard the price, which was I think at the time $30, way less than third party vendors charge for this.
Again the downvotes, for providing useful information, are really baffling here.
I got a Macbook Pro repaired recently and the Genius guy took me aside and said I got a great deal because they have a per-model, per-service visit price cap on replacement parts charges for repairs. Meaning that in one visit, you can get your Macbook repaired and replace the screen, the motherboard, the hard drive, the power board, the battery, the keyboard, pretty much the whole thing, and the price (for parts) is capped at around $280 for my particular model. The labor price is not capped but they are good at what they do, so the labor is super fast and ends up being cheap.
I had a similar experience with an iPhone repair, where my camera had dust in it. Apparently the best way to do this is a back cover replacement, and the back cover comes with the camera built in. I was pretty scared until I heard the price, which was I think at the time $30, way less than third party vendors charge for this.
Again the downvotes, for providing useful information, are really baffling here.
So stupid, it's like they are asking for a class action lawsuit
I haven't experience any error 53 codes on the devices I've repaired, but if this is true... Wow! That's really shady of Apple.
I'm starting to get the feeling that the moves they're making (like charging for Apple radio [not Apple music], and now disabling phones with unauthorized repairs) is their response to their recent report of declining iPhone sales. Disappointing if this is true that these changes are at the expense of their end users and fans (and I am a fan).
This seems like a deliberate move by Apple, since they could've put the secure component ("TPM") on the mainboard, where it won't be as easily damaged, instead of the fingerprint reader. It's like an organism whose brain is in one of its appendages instead of its head...
Either way, if the skills of the Chinese (and other far-East) reverse-engineers continue to be what they are, I think workarounds will be found soon enough - from what I've seen, the repair people in particular are very resourceful and clever, and come up with "tricks" to fix things that the original manufacturer never even thought about. It's their core business; you can bet they'll spend a ton of effort on figuring out how. Apple's proprietary cable authentication chips have been cloned. The infamous Thinkpad BIOS password has been circumvented. Replacements for ink cartridge authentication chips (seriously) have appeared. There is always a crack.
I continue to find it amazing how effective the "security" excuse is; it seems you can get the majority to give up anything if you can turn it into some sort of argument about how it'll make things safer. Who doesn't want to feel safe, even if it ultimately results in society where every little thing you do is controlled by some huge bureaucracy? The old quote on security vs. freedom is so relevant today, but related to what I think will happen, here's a variant on that theme: "I wish for the insecurity that gives us freedom."
Either way, if the skills of the Chinese (and other far-East) reverse-engineers continue to be what they are, I think workarounds will be found soon enough - from what I've seen, the repair people in particular are very resourceful and clever, and come up with "tricks" to fix things that the original manufacturer never even thought about. It's their core business; you can bet they'll spend a ton of effort on figuring out how. Apple's proprietary cable authentication chips have been cloned. The infamous Thinkpad BIOS password has been circumvented. Replacements for ink cartridge authentication chips (seriously) have appeared. There is always a crack.
I continue to find it amazing how effective the "security" excuse is; it seems you can get the majority to give up anything if you can turn it into some sort of argument about how it'll make things safer. Who doesn't want to feel safe, even if it ultimately results in society where every little thing you do is controlled by some huge bureaucracy? The old quote on security vs. freedom is so relevant today, but related to what I think will happen, here's a variant on that theme: "I wish for the insecurity that gives us freedom."
You DO have the right to repair your iPhone; it just has to be done by an official Apple repair centre.
I completely understand the downsides of Apple's particular approach here, and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
But considering just how much of my life, financial and otherwise, is on my phone, I'm actually very glad that Apple has erred on the side of obsessive security!
I completely understand the downsides of Apple's particular approach here, and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
But considering just how much of my life, financial and otherwise, is on my phone, I'm actually very glad that Apple has erred on the side of obsessive security!
Apparently, YOU don't have the right to repair your own iPhone then, only an official Apple repair centre does. You mean: You have the right to pay an official Apple repair center, and nobody else, to repair your iPhone.
> and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
The BBC article talks about someone who was in Macedonia. Apple doesn't have repair centres there. What they did - try to repair their device in a non-Apple-served country - was about all they could reasonably do.
As Apple wants more of our life to be phone-oriented (payment details, wallet, physical data, etc) expecting 100% of people to be within X minutes of official repair centers 100% of the time is not workable, nor reasonable.
I get it - the home button is secure and might have been compromised. This was just horrible design - they failed to account for a failure mode, and default to a brick instead.
A warning bar or message on boot indicating "the touch id may have been compromised - all touch id features are disabled - please contact Apple" - while annoying - would have been reasonable.
The BBC article talks about someone who was in Macedonia. Apple doesn't have repair centres there. What they did - try to repair their device in a non-Apple-served country - was about all they could reasonably do.
As Apple wants more of our life to be phone-oriented (payment details, wallet, physical data, etc) expecting 100% of people to be within X minutes of official repair centers 100% of the time is not workable, nor reasonable.
I get it - the home button is secure and might have been compromised. This was just horrible design - they failed to account for a failure mode, and default to a brick instead.
A warning bar or message on boot indicating "the touch id may have been compromised - all touch id features are disabled - please contact Apple" - while annoying - would have been reasonable.
That's a very disingenuous definition of "the right to repair." In fact, requiring that all repairs be done by the OEM is exactly the opposite of the right to repair.
If the validation fails, the device will function mostly fine, although with Touch ID disabled. However, the device will be prevented from restoring or updating to a new version. Restoring from backup still works. I'm not too sure why restoring or updating is blocked, but my guess is that they want to prevent malicious software from being uploaded in this process.
From the Daily Dot article, if a user encounters this error, Apple's current resolution is a full device replacement. It may be overkill I don't think Apple expected many people to encounter this issue, so it seems reasonable why they chose this option.
This is a great security feature for users, and I'm really glad Apple engineers considered this situation. Unfortunately the media is blowing this and leaving crucial details about what's happening and the reasoning behind it.
Here is Apple's statement on the matter:
We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers. iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device's other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support.