News comes from The Guardian that the iPhone 6 will break because of software updates due to non-authorized hardware replacements. Several thousand iPhone 6 users are claiming their phones have been bricked thanks to software updates if the home button – and the integrated TouchID fingerprint sensor – were replaced by non-Apple technicians.
For the last few iPhone generations, the TouchID fingerprint sensor has been integrated into the home button of every iPhone. This fingerprint sensor provides an additional layer of security for the iPhone, and like everything on smartphones, there is a thriving market of companies who will fix broken phones. If you walk into an Apple store, replacing the TouchID sensor will cost about $300. This part is available on Amazon for about $10, and anyone with a pentalobe screwdriver, spudger, and fine motor control can easily replace it. Doing so, however, will eventually brick the phone, as software updates render the device inoperable if the TouchID sensor is not authorized by Apple.
According to an Apple spokeswoman, the reason for the error 53 is because the fingerprint data is uniquely paired to the touch ID sensor found in the home button. If the TouchID sensor was substituted with a malicious TouchID sensor, complete and total access to the phone would be easy, providing a forehead-slapping security hole. Error 53 is just Apple’s way of detecting devices that were tampered with.
In fairness to Apple, not checking the authenticity of the touch ID would mean a huge security hole; if fingerprint data is the only thing keeping evil balaclava-wearing hackers out of your phone, simply replacing this sensor would grant them access. While this line of reasoning is valid, it’s also incredibly stupid: anyone can get around the TouchID fingerprint sensor with a laser printer and a bit of glue. If you ever get ahold of the German Defense Minister’s iPhone, the fingerprint sensor isn’t going to stop you.
This is a rare case where Apple are damned if they do, damned if they don’t. By not disabling the phone when the TouchID sensor is replaced, all iPhones are open to a gaping security hole that would send the Internet into a tizzy. By bricking each and every iPhone with a replacement TouchID sensor, Apple gets a customer support nightmare. That said, the $300 replacement cost for the TouchID sensor will get you a very nice Android phone that doesn’t have this problem.
For anyone concerned about this on their own phone, turn off the use of Touch ID before replacing the module.
It’s not entirely clear from the articles I’ve read so far that that is sufficient. It sounds like some part of the upgrade process results in the touch ID functionality getting totally bricked, which basically puts the kibosh entirely on third party repairs of the touch ID sensor.
While I do see and appreciate Apple’s point about the ability to trust the sensor, in general cryptographic authentication of replacement parts and consumables is a new and pernicious anti-competitive maneuver that threatens every marketplace from automobile repair all the way down to coffee machines. The trend must be confronted and some consensus reached as to how to outlaw it.
Hmm, there has to be a way to pair up new button with a phone. If I had iPhone and another button I would start by sniffing the interface it uses (I2C? SPI?) cycling the power, pulling the pins up/down on power up, fuzzing it etc.
The best solution would be to reassess the repair pricing. If parts are so cheap and it’s a quick fix, then I’d hope that $50 was enough of an Apple Tax to pay.
I imagine the other 250 is for the free replacement if they break it, as opposed to the “sorry” you’ll be lucky to get from a corner-shop.
Plus presumably their time to verify you’re the real owner and not using Apple service to get illegal access to a phone.
Why can’t I verify with the apple account that’s tied to my itunes/mac/etc when I replace it myself? I assume they are just doing a apple id and or creditcard number check. I mean if it’s that big of a deal let me go to the store and they can verify my id and unlock the device.
The high cost is most likely to give you a incentive to just buy a new phone. If the phone is no longer under warranty it’s probably a few years old, throw a $300 repair fee and just buying a new idevice sounds appealing. If it’s really old they may just say “sorry we don’t repair these models anymore” which leaves you out of luck.
That’s standard MO, $300 is right about where a new subsidized contract would land.
Apple did just replace my 2011 macbook’s motherboard for free (there was a long-standing graphics card problem). That program ends this month. They would have charged me over $600 to replace the motherboard for any other reason.
Argument I’ve seen that’s kind of valid, if someone steals your phone, an ex-spouse who knows your AppleID password but not passcode let’s say, they replace the TouchID with a 3rd party one that will validate anything. They can then get in to your phone. Not *super* likely, or even a high chance. Or even someone steals it, and can do enough social engineering to get your password reset. All the training in the world will still leave the social engineering chances a non-zero number.
Plus, a screen replacement for the normal 6 with Apple is $109, not sure where this $299 is coming from as that’s water damage. I think it’s $149 for the 6S+.
I do agree that Apple should allow you to turn it off wholesale if they say “we can’t trust this it’s insecure”, but *maybe* it’s entwined too far in the OS, and a malicious TouchID could mess with things. Should fix that, but still.
surely the actual touch-id should not be doing the validation? and if it is, it should be paired using some form of encryption., so if its replaced, the touch id doesn’t work but the backup pin should until the replacement touch id is re-synced…
There’s less hassle involved in getting a replacement key for my car. Please.
Try replacing a lost keyfob on a Lexus car you’ll be in for a “nice” surprise.
Really? Lost key for my honda civic $350.00
Lost key for my BMW $250
chinese magic box that clones bmw keys – $50
Lost key for 1973 Dodge Dart, ~$2.
@Tom
+1
I said less hassle, not less money.
For everything else, there’s visa… wait… actually visa is good for those too.
Wow to the key fob thingies. If my key fob becomes inactive, I pop the push to start button and insert the key that is integrated into the key fob. It just means all the cool features like remote start, remote door open, and remote lift gate don’t work. Ahh man…I better look into the cost of a new key fob…lol…
Lost key to corolla, < $10. Although it did require several hours of reverse engineering the challenge-response authentication used by the toyota software to perform a reset of the immobilizer (I could have just bought a dongle on DX for $20 but this way seemed more fun)
The button should not be breaking in the first place and should have a better warranty. Apple should be replacing free of charge, they have enough margin to cover the costs. If the failure rate is too high then they part should not be in use.
Customer abuse is not a defect.
So you’re justifying the absurd repair price? Do you work for Apple? I replace iPhone screens all the time and never have issues because I use the existing home button/sensor. And it doesn’t cost the customer even close to Apple’s ridiculous repair cost.
Seems like the ID of the touch-sensor really shouldn’t matter for data-pairing… but I could definitely see some 3rd-party module being a security risk if it could save the fingerprint data or re-direct it to some nefarious data-store online. I don’t know if the fingerprint sensor has enough connectivity (hardware/software wise) to enable stealing fingerprint data… but that was my first thought.
I think it isn’t so much as stealing fingerprint data, but more of a way around the fingerprint sensor.
A simple hack would be to open the device up, replace the sensor with a toggle switch, and you can get peoples data they thought was protected.
If you replace the sensor with one that just outputs a fingerprint code of all zeros regardless of what finger you touch, then you might be able to defeat the concept of touch ID.
Your mark might figure that the initial failures would be some sort of calibration necessity and re-train the phone. After doing so, any fingerprint would unlock it. I can imagine Apple feeling it necessary to insure against that happening.
Last sentence earns my praise.
Actually the last sentence is kind of a dumb argument because it logically states that either Android phones do have this “huge security hole” as the article says or don’t offer this technology at all.
“In fairness to Apple, not checking the authenticity of the touch ID would mean a huge security hole;”
In all fairness to the consumers, if someone did replace the sensor with a malicious one, they would already know that the fingerprint is paired with the sensor, and clone the sensor to get around the fact.
Besides, the insecurity of fingerprint sensors isn’t the sensor, but the fingerprint itself. It’s too easy to duplicate and fake a finger.
(Sorry, accientally hit report not reply)
Presumably replacing the touch sensor would allow access if you didn’t have a copy of the finger.
How would the replaced touch sensor reproduce the signature when the fingerprint is unknown?
The security is in the software, not in the sensor. The software knows the fingerprint signature and compares it against the sensor data.
The “security” here is that different sensors won’t produce the same signature for the same fingerprint, because Apple being Apple they didn’t actually put that much effort into it, so the sensor has to have the same ID. A different sensor with a different ID isn’t guaranteed to giver the right signature, so they check both.
If your malicious sensor always output a constant fingerprint regardless of what finger touched it, the user will likely retrain the phone to that after discovering that touch ID didn’t work for him. He’d likely conclude that with the replacement of the sensor that retraining the phone was a reasonable step after the sensor replacement.
>This fingerprint sensor provides an additional layer of security for the iPhone, and like everything on smartphones, there is a thriving market of companies who will fix broken phones.
No it doesn’t. It is an _alternative_ means of auth, which by definition worsens security.
I fully agree, biometrics for security is flawed by design. If you loose a password you can always change it, but if you loose a copy fingerprint and it is not like you can change it.
But by making it more convenient, touch ID encourages using it in place of a much worse state of affairs – turning the passcode completely off.
And the fingerprint sensor guards against the most common attack – someone targeting the phone for theft rather than targeting the owner specifically to steal *their* phone. If you steal a random phone, the likelihood that you’re going to be able to acquire and dummy the fingerprint for it is close to zero.
if one steal a phone this phone has owner fingerprints all over it. Not hard to get them.
I encourage you to dust your phone for prints and tell us how many of them are actually useful. Your results will likely surprise you.
Coffee cups, door handles, papers, disk cases….. sure you get alot of bad reads but follow someone long enough and its not hard.
If someone is THAT determined, no amount of security will help you.
TouchID is in a whole other league than no passcode. You can’t just grab the phone out of someone’s hand and run directly to a pawn shop. Needing to tail the user, lifting the correct fingerprint in a sufficient resolution, grabbing the phone etc. is waaay above a normal criminal’s expertise.
Pure overkill.
So, is the actual finger print analysis done in the sensor and sends an encrypted message to the phone saying pass/fail??
I thought the sensor basically took a picture of the fingerprint and passed it to the phone for authentication? If so, then the sensor itself doesn’t need ANY security, just as the glass over the top doesn’t.
Good point, that means there’s code on the touch sensor that someone obviously figured out a while ago, so their security scheme is already hosed.
I don’t believe there is, I think the iSheep leader is just full of iShit and trying to cover their iAss.
My best guess is that each fingerprint sensor sends a unique key along with the fingerprint scan. If that key doesn’t match the key stored on the phone main board, it rejects any fingerprint data. I highly doubt the sensor stores the fingerprint data. It merely passes data on to the main board. Everyone who has a bricked phone simply needs to remember to delete any TouchID’s and disable the option before replacing the sensor. When you start the touchID back up it should remarry the sensor to the main board. I highly doubt they have special tools to write the touch sensor iD into the main board system.
Unfortunately, that does not actually work. You can completely wipe an iPhone, than replace the touch ID and it will still be hosed. The key in the ID is paired with one on the CPU. When you take it to Apple, they swap the screen assembly/touch ID and than flash a new, corresponding key to the main board.
@McNugget
Kinda my point. The unique ID has absolutely nothing to do with security and everything to do with stopping unauthorized repairs. Why reject the fingerprint data if the module is not the original one??? The fingerprint itself still has to be authenticated by the processor.
Performing crypto work on a sub $3 sensor instead of the $200 plus processing core….
shame on you apple, shame.
IIRC It is engineered so that the fingerprint data never leaves the sensor module, so that a compromised applications processor (malware, etc.) won’t be able to get the fingerprint data easily. The sensor module just sends an encrypted/signed pass/fail message instead of the actual fingerprint.
It’s really not a case of “damned if they do/damned if they don’t.” This is punitive. In the iPhone 5s, replacing the home button simply rendered the touchID functions of the phone useless. This is an appropriate response. Bricking the phone without warning is not. That is a transparent ploy to force repair shops out of business and cause aging handsets to leave the market when their home buttons fail.
Bingo.
Especially bricking the phone at some later date (next time a software patch is installed). That does nothing for the user’s security for the window of time between when the replacement is installed and the next patch roll-out. This is clearly about control and nothing else.
Reason #23460982345 why you shouldn’t be an iSheep.
By becoming an Android sheep? The childish “Pepsi or Coke” debate is worthless.
Agreed, the fools that use the iSheep thing simply prove to everyone they don’t know anything at all.
I am betting that this same thing will hit Samsung phones eventually. their fingerprint sensor is also paired to the processor on the board. This in fact could be a major problem across all phones that use this kind of sensor.
Hardly. Android is not sheep. You don’t see people camping out for weeks to get the new Android whatever phone, no that distinction is held solely by the iSheep. Android is utilized by many manufacturers for a multitude of functions, beyond phones and tablets. Apple is, well, highly proprietary and expensive, and used only by apple.
Assuming you believe there is some magic that happens in the sensor that only apple knows about, other than they aren’t getting the repair money, or the money from the purchase of a new phone when the customer gets the $300 sticker shock to fix what should be a $10 part.
Apple is a ruthless company that has a fantastic marketing strategy for the weak minded. I fall for fantastic marketing of products that don’t lock me into a singular manufacture of all my accessories and actions.
So people standing lines to get tickets for a baseball, football game or a music concert are sheep too? How about all those idiots, who wait hours to get into the Statue of Liberty or climb up the Eiffel tower.
Its always those knowing that the device they own is inferior who are the loudest in similar discussions and can’t offer any comment of value.
The iPhone has been available almost 10 years. F’ing get over it already.
So people *not* lining up for a product shows its obvious superiority. Brilliant.
You two are a special kind of stupid, aren’t you?
The baseball comparison is especially ‘special’… Those are time sensitive events, like if you don’t get there for that game, uh, you miss it. I’m pretty sure 3 weeks after the iCrap is released, it will still be available… oh, and extra bonus, they’ll probably find a few bugs and make some work arounds for them too, so they sorta work better than the did on their first release.
Statue of Liberty or Eiffel Tower, are singular location items, with a specific amount of people per day that can view them. But guess what, you can go there the day after or the day after that and it will still be there.
My device is inferior… lol Pop you don’t even know what I own. But I’ll tell you what I own:
YOU
You sit and bash away at your keyboard with your pseudo-superiority, yet you never countered any statement I’ve made previously and only come back with lame tired hyperbole.
Yes, they iphone has been available for 10+ years, you fanboys have been falling for the hype for a long time… and sadly will continue to do so for a longer time to come.
I feel bad for you. Really.
Next…
Waiting in line for a product that will be available for months to come shows a disturbing lack of priority in one’s life. I don’t know what these people do as a profession that allows them to takes days at a time off work to stand in line and make enough money to pay for that apple wants for their stuff. I suppose one could burn vacation time, but again, I refer you to my previous statement about life priorities.
FYI: there are people happy with a Nokia 3310.
I just picked up a Nokia X3-02. Took a bit to reacquaint myself with the T9 keyboard, but I don’t hate my phone anymore, so there’s that…
I’ve tried iPhone, Android, Windows, Blackberry. Interesting thing about smart phones… Every single brand has things about them that are just SHOCKINGLY bad. Individuals tastes tend to gravitate to the brand with the gotchas that present the least negative for their use case.
Personally, I don’t do social networking or games or any weirdness. All I wanted was phone, text, email, browser, and calendar. After playing with smartphones for most of a decade I figured out that a standard feature phone fit me perfectly, with the added benefit of remarkably improved battery life. Plus the X3-02 has has wifi, so bonus.
Apple has very capable people, so of course they thought about how to make their devices reasonably secure. But they also have very capable people thinking of how to get their customers to buy new phones, and this is the effect of these people at work.
Reasonable security works like this: Use some unique encrypted data from the sensor to encrypt your device. If you exchange the sensor for something else, the encrypted data on your device will no longer be decryptable. In this situation, if you exchange the fingerprint sensor, your phone will require a factory reset. This is rather annoying, but the phone will still work. However, if you want people to buy new phones, make repairs ridiculously expensive and then write software that blocks unsolicited components, citing security reasons. If I understand correctly, in the current situation you can’t get to your data, because your phone throws an error, but you also can’t use your phone, because it throws an error. Given that there is a clear way of doing it in a way that does not render the phone useless, but is otherwise identical in outcome (data not recoverable) to the current situation, one must ask oneself if this might be completely deliberate on Apple’s part.
“evil balaclava-wearing hackers”
Seriously?
Of course. How other than headgear would you tell the good guys from the bad guys?
In old times we used hats in different colors…
WE USED ROLLERBLADES AND WE LIKED IT
Hack the planet!
Yeah i bought a grey hat by purpose to confuse people!
I have not bought an Apple product since the late 80s. As you can clearly see, I have made the correct choice and regret nothing.
zero fucks were given that day… and rightly so.
Same here, my Apple ][ Plus is the only piece of Apple equipment I (care to) own, and love.
Regarding the price of a TouchID sensor replacement from Apple direct: If I’m not mistaken, replacement of the TouchID sensor would be accomplished by the replacement of the whole screen assembly which would be the cheaper $109-$149 price. On my iPhone 6, I had the front camera’s microphone go bad which required the screen assembly to be replaced. After doing that, I had to re-enter my fingerprints which I’m reasonably certain means they changed the TouchID sensor as well. So definitely not $10 but also not $300.
or more likely they took your phone in, grabbed another refurb, copied your data over to it, and sent yours off to be some other schlubs refurb.
I don’t think that’s the case. It was just as dirty and with the same case crud on it as the one I handed them. It’s possible they don’t clean refurbs and a lot of cases probably have similar openings so it’s not out of the question that this is a different phone, but it seems unlikely.
There are so many sane ways to deal with this that don’t involve bricking the device.
It sounds like a scare tactic, even if this ‘feature’ is removed folks will now think twice before going to a cheaper non apple repair shop.
Lot-o-whining (whinging for across the pond) here. Seems like a problem in need of a good hack that can clone the switch/sensor correctly. So quick whinging and get hacking!
(Buying an Android phone is not a hack, though will likely become one.)
“Doing so, however, will EVENTUALLY brick the phone, as software updates render the device inoperable if the TouchID sensor is not authorized by Apple.”
I call BS on Apple. If the intention is to steal data, rather than fix the phone, you seem to have a window within which to steal the data anyway. I think they are plugging a hole that leaks money.
Could we be viewing this the wrong way? How often does the Home button fail? I wasn’t aware it was a problem (my spouse owns the Apple products, I’m an Android user).
Theft is a big problem though. Our phones have been stolen outright once each (and recovered. Thank you Lookout). I understand stolen phones, especially Apples, make their way to Asian countries where they’re sold on the cheap. The very market likely to avoid paying $300+exchange rate for Apple stuff.
Could this be a not-so-subtle-tactic to stem the flow of stolen phones to other countries?
Maybe I’m misunderstanding this. What viable reason would one want to shell out $300 to replace said home button?
No. When the owner reports the phone stolen the IMEI number is blacklisted. You also have the option to ERASE the phone.
^ Deterrent from stealing. Bricking after replacing fingerprint sensor is a great way to please your shareholders.
That assumes the respective carrier in that country even uses the IMEI blacklist. I can see U.S. Canada and Europeans using said list but places like China? Their scammers sell 8 million plus tons of fake rice a year, I doubt their “honest” cell carriers give a rats ass about IMEI numbers for a phone stolen elsewhere.
How the hell do you fake rice? This seems as if it would be tediously inefficient.
Counterfeit rice is great if you’re really hungry and want to fake two thousand of something.
The Home button has always been one of the more common components to fail, I believe.
It’s apple I feel sorry for, they’re the real victims in this. People counterfeiting their touch sensors and protocols. The end user takes the hit, sure, but at least it will put the counterfeiters out of business in China, making their counterfeit fingerprint sensors. Probably making use of apple’s protocols and drivers too, perfectly within their rights to brick stuff.
/sarcasm
These aren’t counterfeit sensors, if I’m reading the article correctly. They’re spare parts collected from phones that broke in other ways. That means they’re genuine Apple, but they’re not the *same* component that was paired with *that* phone.
That puts it in the same league as checking IDs at the airport. It’s ostensibly a security precaution, but its actual purpose is to put the kibosh on a secondary market for airline tickets, which allows the airlines to retain pricing power. In any other industry, this would be correctly seen as anti-competitive, but for the “security” fig-leaf.
Apple could completely defuse this argument by documenting a re-pairing process for this sensor for third-party repair shops. Such a process could involve the user authenticating in some way to authorize the repair. That would completely neuter all of the complaints while still preserving whatever security benefits Apple asserts require this process.
Won’t happen. My company uses Apple phones and this block on third party repairs is seen as a security feature. Of course, we’re categorized alongside other companies like WalMart and Costco so money isn’t much of an issue I guess.
the last time i took a idevice to a repair shop they asked for the lock codes. so they’d have access anyway.
does the finger sensor send a ye/nay to the phone, or an image. if the latter, how would a compromised sensor work?
Isn’t the real problem that damned button interface? Should take only one press to an application. Should only take a tap on the display to fully close an application. Seems like Apple wants us to leave applications running in the background or wear out that damned button.
Louis Rossmann discussed this months ago on his youtube channel.
Ah, a fellow follower :) I like his channel!
How I hate Apple Computer, let me count the ways…
…Crap, integers just don’t go that high.
Consider this, they now have a finger print scan of almost everyone with a modern iphone.
Which is exactly why I don’t use it. When you look at the data the facebook app collects about you, or many phone apps collect from you, it’s downright scary.
Android 5+ or Cyanogen lets you to put some limits about what data an app can read and do. With root you can even stop things and blacklist like backgroung processes doing data gathering.
Or so they let you think. An apple can’t change it’s stripes.
Was not aware of that. I’ll look into it. Thanks for the tip!
An apple can’t change it’s stripes… I almost spit out my coffee on that one! :)
No, they don’t.
1. What they get at the end of the process is a hex byte array. You can’t “turn guacamole into avocados” in the sense that you can’t turn that number into a fingerprint pattern useful in any other context.
2. They don’t have it because it doesn’t leave the phone. Apple makes money selling hardware. They don’t benefit from monetizing your privacy the way Google does.
Consider that nobody has contradicted Apple’s declaration of such. Apple has a closed ecosystem, but that doesn’t imply that it’s in any way inscrutable. There are lots of haters with decompilers that would like nothing more than to catch Apple fibbing, but nothing has come of it. In addition, it’s unlikely that the credit card companies would sign off on biometric authentication for ApplePay if it was exploitable in the way you suggest.
Inverting various fingerprints (in the perceptual hashing sense) was a popular research topic a few years back (http://web.mit.edu/vondrick/ihog/, http://arxiv.org/pdf/1506.02753.pdf). I bet someone could generate plausible fingerprints from the minutiae information that would pass police scrutiny. There may be a cryptographic hash applied afterwards which would make it more difficult but designing such a system to be both secure and robust would be difficult.
Go for it. I’ll put up US$100 for the first person to demonstrate taking an iPhone and using either the data from the secure element or captured data from the fingerprint scanner and turning that into some sort of prosthetic capable of authenticating with another iPhone trained for the same finger.
I rather suspect that my $100 wouldn’t be the sum reward for doing so.
Am i missing something or doesn’t it matter if the hardware of the scanner is different, because it still needs the correct finger to authenticate access? Is the “registered” fingerprint stored inside the sensor hardware or what?
Yes, the sensor passes the info to the phone and the phone authenticates the print. I assume one could hook up say an arduino and try brute forcing fingerprints to the phone.
Either way, Apple isn’t doing it to protect the consumer, but to appease the shareholder.
If I had a device that’s intended to keep Bad Guys(TM) out of my ayePhone, I’d be very disappointed if they could work around the lockout by replacing the device somehow. So in this case I’d say points for Appole, and your argument is invalid.
Someone who is fun to hang out with at Starbucks did the QA..
Crap, I own a brick.
iBrick™
Having a fingerprint sensor on the home button reminds me of why I don’t buy Apple products.
Because your reactionary paranoia keeps you from making reasonable decisions?
Well…it sounds like everyone should…(puts on dark sunglasses…)
Give apple the finger…
HEEEEYAH!
LOL! Awesome!
I don’t think Jobs would find this practice acceptable. Maybe disable the TouchID feature, maybe a nag screen, but not brick the phone, especially for a part that can be swapped out (not soldered to the motherboard). He’d probably have a fit. He was a compete ass, but he did focus a lot on the customer’s experience, and doing whatever it took to keep the customer wanting to come back to apple. Tim Cook just doesn’t care about that aspect. Apple is just another device company now.
Funny how every. Single. Person. Who asserts publicly what Steve would or wouldn’t do or condone is someone who has never likely been within 20 meters of him.
Funny how every. Single. Person. is someone who has never likely been within 20 meters of the previous commenter.
Probably just as well.
Still, I’ll bite. Please describe your personal relationship with Steve Jobs so that we can understand that you weren’t completely talking out of your ass.
Here’s how seriously other mfg’s took finger scanner security: http://www.popsci.com/how-samsung-and-htcs-fingerprint-security-was-hacked
“At the most conservative estimate, 12 million phones were open to having their fingerprints stolen—that’s the last reliable number of Samsung S5’s that were sold. Numbers are shaky on the HTC One Max, and if researchers found the same vulnerability on other phones, they didn’t mention the names.”
And the tech community goes haywire over a solution to deter tampering with the sensors? You do realize people literally have wallets in their phones now?
You do realise that the Apple “feature” in question doesn’t brick your phone until the next time you happen to install a software update after it’s been tampered with, right? If it was really necessary for security purposes (which it isn’t) then Apple would be leaving your precious fingerprint data exposed and vulnerable for months – but fortunately it isn’t and they aren’t.
How much bending over will Apple customers take, and keep bending over again, is beyond belief.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
The actual problem is that the home button is not built to a specification where it should *never* fail in at least 5 years. So much for Apple “quality”.
Can you sell me this magical production technology? One that can produce 25+ million perfect units that won’t fail in 5 years?
Eeasy forging aside, in this one decision I’m with Apple on that. If you have a security relevant part in your system, make sure it can’t be tampered with.
If they would care for their customers, they should lower the cost of a home button repair.
All in all it’s not entirely clear if it only invalidates your stored fingerprints, disables fingerprint capability or renders the phone inoperable…
ok, after reading a few things it seems to really “break” the phone after an software update…
that’s a bit… harsh…
Personally I think it’s bullshit, its not about security, its about Apple getting paid. If it were about security, well, I really don’t see bricking a device a security feature, thats some drastic steps, mission impossible type crap, especially if that part was relaced several months in advance. So, it was insecure the entire time? Sorry, but what’s next, if users don’t enter the correct password on the macs, in three tries, it wipes the hard drive? If someone uses a non compliant USB cable, it locks down? What’s the other hidden error codes? Using better earbuds not built by Apple results in wiping my music?
And from what I’ve read, a few are plugging away at this with a bricked iPhone, trying to unbrick it.your data is still there, you can’t get to it through the phone. Doesn’t sound like security to me.
This kinda falls into the same camp as the ftdi driver fing up cheap nock offs. Hey, if ts not yours, you don’t have to support it, but breaking it crosses a line. I think Apple should have simpy not allowed those phones to upgrade.
Back to this stupid car key comparision, my vehicle has an expensive key that has to be programmed. Dealership charges $100 for key, $50 to program. I can get the same key online cheaper and program myself.
So, should the automaker update my firmware in my vehicle to f up my car forever if I don’t use the stealership?
I’m pretty sure someone will find a way to “unbrick” these toys, then we will see how secure they were.
Me, eh, I don’t use that crap, so really, it doesn’t matter to me, for those who do, god luck using Apple products.
Bingo. Right on target.
Is this a user option? If you don’t use the fingerprint scanner (which is a stupid form of “security” anyway), can you replace it and just do without the feature?
Is the fingerprint scanner module itself responsible for authenticating, and accepting, the fingerprint? Or does it just send the finger image to the CPU? In the latter case, this is bullshit. Pretty much bullshit anyway, most owners don’t need high security like that.
Iphones sell to people who want expensive trinkets, and don’t know the value of money. I’m not particularly impressed by this development, but I wouldn’t expect any better from Apple. A sort of smiley, hip, kind of evil corporation.
1 fingerprint, or any biometrics for security is PURE BS. You leave fingerprints ALL OVER YOUR PHONE, using it instead of pass-phrase actually helps to break into your device.
2 Apple’s argument about security is also BS, if they are doing it for sec reasons then how come wrong/fake/cheap knockoff buttons work in the first place???? Apple lets you use cheaply fixed phone for 6 months, and then all of a sudden brick it because they care? They care so much about your data they ERASE IT PERMANENTLY :DDD
3:
https://www.youtube.com/watch?v=IMbE8Uaiq3w
As I said earlier, I invite you to dust your phone for prints and see how useful your results are. I strongly suspect you will be surprised by the results.
This has reached critical mass, by definition. The Macalope has chimed in: http://www.macworld.com/article/3030637/ios/fury-road-error-53-is-more-a-feature-than-a-bug.html
>Apple handles a disconnect when they repair a device by re-pairing the two
apple doesnt repair, they replace, say goodbye to your data if you didnt back it up
They do repair – how do you think they get piles of refurbished phones to swap them out when you come to the Genius Bar?
4 weeks ago , I replaced my battery in my iPhone 4s. Looked the same, same markings and such. I went to update the phone and boom. Error 29 from Itunes and my iPhone was bricked. I ordered a new battery from a different source that stated OEM. I installed it , updated/restored the phone and now I am back up and running. Wish i had money for an Android.
The More You Know…
You can get Androids, even 8-core, pretty cheap. Especially the lesser-known ones, Hua Wei make some impressively specced phones cheap, I think they’re trying to break into the market. They’re a huge Chinese electronics corp. Sell the Iphone, buy a better Android, and have some money left over. Plus no bloody Apple trying to dominate your life.
Re-make “1984” with hipsters, only swap every other page with one from “Wall Street”. Wouldn’t be a lot different from “Steve Jobs: My Struggle”.
Surely the best solution is to ask for further user authentication (possibly via a user’s Apple account) when the phone detects a change in hardware identifiers?