Apple bricking iPhones

[Muxr]

So as far as I can tell, the bricking is to prevent an attack vector that only exists in Muxr's head (because in reality your fingerprint data is not backed up in the iCloud or anywhere else).....

The justification (and even plaudits!) for this bricking has moved from "it prevents a thief getting access to all your personal data", which was proven to be false, to "it means a stolen iPhone is useless".  I'm sure eventually we'll end up with "good on Apple, it will put 3rd party repair places out of business, thus resulting in better service for Apple customers".....

If the patent office is in my head then I guess it is in my head. 

But that's besides the point. On what planet does it not make sense to authenticate the biometric peripheral? The implementation is just that, the implementation, but the principle is still sound. And entirely justified. It's Apple's product and they get to design it and implement it however they like.

It was not designed for hardware replacements in mind, nor was it designed for users to replace components on the phone, no smartphone is. The TouchID has one purpose, and it's only natural it would be a pain for a 3rd party to temper with. As a user I am glad it is.

If this was the screen or the battery we're talking about then I might have a different opinion about it.

[tooki]

Limiting freedom of speech can be beneficial if it stops LGBT or even pedophile propaganda from spreading.

Wow.  Pot calling the kettle black: You've been the victim of deceptive propaganda.

It's widely documented that in ex-Soviet states (especially Russia), anti-gay activists (with support of the government) spread propaganda making all kinds of untrue, outrageous claims about LGBT people, and equating homosexuality with pedophilia (for those who don't know, this is done in Russia to an extent that defies belief to those of us in civilized countries). It's unambiguously established that pedophilia (sexual abuse of children) is not a homosexual phenomenon, that in fact it is committed almost exclusively by men who identify as straight.

Soviet anti-gay propaganda is what has led to gay men in Russia being baited, tortured and murdered by groups of homophobic thugs, with law enforcement turning a blind eye to those heinous crimes. So just remember that if you support or believe that propaganda, you've got blood on your hands. 

[wraper]

So as far as I can tell, the bricking is to prevent an attack vector that only exists in Muxr's head (because in reality your fingerprint data is not backed up in the iCloud or anywhere else).....

The justification (and even plaudits!) for this bricking has moved from "it prevents a thief getting access to all your personal data", which was proven to be false, to "it means a stolen iPhone is useless".  I'm sure eventually we'll end up with "good on Apple, it will put 3rd party repair places out of business, thus resulting in better service for Apple customers".....

If the patent office is in my head then I guess it is in my head. 

Now go and check how many patents Apple have and how many of them are actually implemented in some kind of device. They register tons of useless (from engineering point of view) patents just in case, so they can use them against competitors if something like it will be actually implemented someday.

[tooki]

You know, it could also be a side effect and not the intention of apple at all. It's easy to think it all one big conspiracy.

Do you really believe it could be the case?

"Never attribute to malice that which is adequately explained by stupidity." -- Robert J. Hanlon in some form or another

It's far more likely to have been an unintended side effect than deliberate sabotage. They aren't stupid enough to try that, because if someone did sue, the paper trail would come out in discovery, which would be devastating.

A couple of really lame things Apple did:

1. Making the touch sensor part of the security module.  Match the fingerprints in the main CPU -> problem solved.

2. Not giving the Apple stores the key reset software.  If people could just go in and get their phones fixed, it wouldn't be a big deal.

No, those are not lame, they're incredibly smart. No offense, but you clearly know nothing about security design.

Those things are critical to the security of Touch ID, which in turn is critical to the enhanced security of Apple Pay (which far exceeds that of a physical card, providing the issuing bank actually performs its due diligence when linking to an account). If you do fingerprint sensing in the main CPU, it can be hacked. This completely eliminates that attack vector.

As for not sharing the keys with Apple: If Apple has them, then Apple can be compelled by law enforcement to produce them. By never having the keys, Apple eliminates their ability to rat me out to the government. (Apple's stance on privacy/encryption is clear, and viewed with those principles in mind, these design decisions make total sense.) Strictly speaking, you said "key reset software" -- but that implies that a back door exists by which the keys could be changed. That's horrible design security. The best systems destroy the keymaking device, such that it becomes impossible to recover or reset keys.

But there is more, for instance consider this:
Your backup has your fingerprint biometric. Isn't your fingerprint worth protecting?

No, it does not.

http://www.geek.com/apple/apple-wants-to-store-touch-id-fingerprints-in-the-icloud-1613633/

Patent != intent.

The only reason this is news is because it's Apple.

Spot on.

Tamper resistance = brick your phone.  Sorry - that doesn't work for me.

I don't have a problem with the philosophy, just the execution.

Devil's advocate: What if someone managed to transplant a Touch ID sensor (complete with its Secure Enclave) to another phone and succeeded in using it to log into an account that wasn't theirs? We both know damned well that Apple would be crucified by the media.

But that's besides the point. On what planet does it not make sense to authenticate the biometric peripheral? The implementation is just that, the implementation, but the principle is still sound. And entirely justified. It's Apple's product and they get to design it and implement it however they like.

It was not designed for hardware replacements in mind, nor was it designed for users to replace components on the phone, no smartphone is. The TouchID has one purpose, and it's only natural it would be a pain for a 3rd party to temper with. As a user I am glad it is.

If this was the screen or the battery we're talking about then I might have a different opinion about it.

This. It's an unfortunate side effect of encryption that it hampers interoperability. But there's simply no way around it. As our devices store more and more highly personal, confidential information on them, the need for extreme security continues to grow. And this security relies on the fact that the mechanisms cannot be circumvented, disabled, or reset. Otherwise, you may as well not have them at all.

Now go and check how many patents Apple have and how many of them are actually implemented in some kind of device. They register tons of useless (from engineering point of view) patents just in case, so they can use them against competitors if something like it will be actually implemented someday.

Absolutely true, as I said above. That said, if you follow how much time hackers spend reverse-engineering all the security in iOS devices already, you'll know that Apple must go to extreme measures if it is to maintain the level of security that consumers demand of a device that holds their entire digital life.

[edavid]

A couple of really lame things Apple did:

1. Making the touch sensor part of the security module.  Match the fingerprints in the main CPU -> problem solved.

2. Not giving the Apple stores the key reset software.  If people could just go in and get their phones fixed, it wouldn't be a big deal.

No, those are not lame, they're incredibly smart. No offense, but you clearly know nothing about security design.

Those things are critical to the security of Touch ID, which in turn is critical to the enhanced security of Apple Pay (which far exceeds that of a physical card, providing the issuing bank actually performs its due diligence when linking to an account). If you do fingerprint sensing in the main CPU, it can be hacked. This completely eliminates that attack vector.

I don't know about the Apple Pay requirements, but why should people who never use it be inconvenienced by it?
 

As for not sharing the keys with Apple: If Apple has them, then Apple can be compelled by law enforcement to produce them. By never having the keys, Apple eliminates their ability to rat me out to the government. (Apple's stance on privacy/encryption is clear, and viewed with those principles in mind, these design decisions make total sense.) Strictly speaking, you said "key reset software" -- but that implies that a back door exists by which the keys could be changed. That's horrible design security. The best systems destroy the keymaking device, such that it becomes impossible to recover or reset keys.

This makes no sense to me.  Apple service centers must have a simple way to reset the keys when they install a new button.  They could just provide that to the Apple Stores.

[Muxr]

So as far as I can tell, the bricking is to prevent an attack vector that only exists in Muxr's head (because in reality your fingerprint data is not backed up in the iCloud or anywhere else).....

The justification (and even plaudits!) for this bricking has moved from "it prevents a thief getting access to all your personal data", which was proven to be false, to "it means a stolen iPhone is useless".  I'm sure eventually we'll end up with "good on Apple, it will put 3rd party repair places out of business, thus resulting in better service for Apple customers".....

If the patent office is in my head then I guess it is in my head. 

Now go and check how many patents Apple have and how many of them are actually implemented in some kind of device. They register tons of useless (from engineering point of view) patents just in case, so they can use them against competitors if something like it will be actually implemented someday.

Arguing with people about Apple is like arguing with children, seriously.

I have never claimed I know exactly why they are doing it. Do I work for Apple? Do you? How the fuck am I supposed to know why, I didn't work on it?

I only know that it makes sense, why they'd want to do it. Authenticating a biometric peripheral is a good security practice.

The patent establishes that they thought about storing fingerprint metrics in the backups at the very least (which if you go back is exactly what I said), so it's a good example of why they might be doing it.

Your theory is that is malice towards 3rd party repair services. Which proof or source do you have?

I have demonstrated a potential intent which points in a different direction, what have you demonstrated?

[Alexei.Polkhanov]

You guys are absolutely wrong about security and you don't understand how it works. To be secure system has to be OPEN, PROVEN and VERIFIABLE or in other words black box security does not work. So in order for me to call any computer system secure I need to be able to

1. Have full and complete access to source code of security system in question. Hardware should be open too. As soon as I know all details of all parts of the system only then I can be sure it is secure. Since Apple does not provide code and hardware/IC designs - it is absolutely insecure. I hope it will be hacked to their embarrassment and they would deserve it.

2. Have it tested by many attack vectors. In other words if I DO WANT hackers and other people attacking it day and night. This is the only way to ensure it is reliable.

[Muxr]

You guys are absolutely wrong about security and you don't understand how it works. To be secure system has to be OPEN, PROVEN and VERIFIABLE or in other words black box security does not work. So in order for me to call any computer system secure I need to be able to

1. Have full and complete access to source code of security system in question. Hardware should be open too. As soon as I know all details of all parts of the system only then I can be sure it is secure. Since Apple does not provide code and hardware/IC designs - it is absolutely insecure. I hope it will be hacked to their embarrassment and they would deserve it.

2. Have it tested by many attack vectors. In other words if I DO WANT hackers and other people attacking it day and night. This is the only way to ensure it is reliable.

Yes peer review is good for security. But how is that relevant to the topic? Apple isn't going to open source iTunes, iCloud and iOS. Google's Android OS is but Google isn't going to open source their services either. Open hardware is an even bigger pipe dream. But that's an entirely different topic.

[wraper]

I have demonstrated a potential intent which points in a different direction, what have you demonstrated?

Too many times you demonstrated a complete lack of understanding how Touch id works and how the bricking happens.

[Muxr]

I have demonstrated a potential intent which points in a different direction, what have you demonstrated?

Too many times you demonstrated a complete lack of understanding how Touch id works and how the bricking happens.

So your response to my call for you to provide some supporting evidence for your claims is an ad hominem? It figures. Have a nice day.

[tooki]

This makes no sense to me.  Apple service centers must have a simple way to reset the keys when they install a new button.  They could just provide that to the Apple Stores.

I don't see any keys being reset, just some method of triggering a handshaking.

Does Apple actually do button replacements? For many repairs, Apple only does a device swap, followed by complete refurbishment somewhere else, which always includes a new housing (including screen) and serial number.

[edavid]

This makes no sense to me.  Apple service centers must have a simple way to reset the keys when they install a new button.  They could just provide that to the Apple Stores.

I don't see any keys being reset, just some method of triggering a handshaking.

OK, then they should provide the handshake triggering tool to the stores.

Does Apple actually do button replacements?

Yes.

[tooki]

OK, then they should provide the handshake triggering tool to the stores.

Apple has provided similar tools (e.g. Mac motherboard serial number programmers, thermal calibration software, etc.) to Apple Authorized Service Providers (AASPs) in the past. In fact, they may already have such a tool available now, we just don't know. I think the issue may be that the repairs triggering this error are repairs performed by unauthorized service providers (like our loudmouthed New Yorker), who do not have access to the official tools and resources Apple makes available to authorized service providers.

Does anyone know whether AASPs can do home button replacement on iPhone 6/6s? The answer to this question would conclusively establish whether such a tool exists. It'd also be interesting to know what the official AASP button replacement procedure is.

[dannyf]

Sounds more like those independent repair shops trying to keep their business going.

[Delta]

Muxr: if the home button is replaced by a 3rd party, does touchID then fail to work?

[Muxr]

Muxr: if the home button is replaced by a 3rd party, does touchID then fail to work?

It does. The fingerprint unlock functionality no longer works. My guess is the aftermarket button is just a previous non TouchID button or  just a fake made to look like the original.

[gnavigator1007]

This thing is becoming quite the soap opera.  The lawyers have begun sniffing for blood.  Kind of surprised its taken this long

http://www.theguardian.com/business/2016/feb/08/apple-under-pressure-lawyers-error-53-codes

http://www.pcvalaw.com/apple-iphone-error-53-lawsuit/

[Jeroen3]

It's a bit like: "If I replace the alarm of my car, the wireless fob stops working"-obvious. As a result the unregistered fix-kid on the corner of the street is the most angry, since people now need to go the dealer to fix the alarm.

[HackedFridgeMagnet]

It's a bit like: "If I replace the alarm of my car, the wireless fob stops working"-obvious. As a result the unregistered fix-kid on the corner of the street is the most angry, since people now need to go the dealer to fix the alarm.

Not many things are more useless than a bad analogy.


A case in point.

Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.

When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.

From this article
http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair

[Delta]

Muxr: if the home button is replaced by a 3rd party, does touchID then fail to work?

It does. The fingerprint unlock functionality no longer works. My guess is the aftermarket button is just a previous non TouchID button or  just a fake made to look like the original.

So where on earth is this security vulnerability that warrants bricking the entire phone?

[Delta]

It's a bit like: "If I replace the alarm of my car, the wireless fob stops working"-obvious. As a result the unregistered fix-kid on the corner of the street is the most angry, since people now need to go the dealer to fix the alarm.

Erm, no.  Let me correct that:  as a result, next time the car is at the dealer for a service, they completely and permanently disable the engine and entire car, for security reasons.  Without telling you first.

[wraper]

It's a bit like: "If I replace the alarm of my car, the wireless fob stops working"-obvious. As a result the unregistered fix-kid on the corner of the street is the most angry, since people now need to go the dealer to fix the alarm.

Not exactly, because the dealer just puts the car under press for "security reasons" and says nothing cane be done about it.

[Muxr]

Muxr: if the home button is replaced by a 3rd party, does touchID then fail to work?

It does. The fingerprint unlock functionality no longer works. My guess is the aftermarket button is just a previous non TouchID button or  just a fake made to look like the original.

So where on earth is this security vulnerability that warrants bricking the entire phone?

Tampering with the Touch ID should brick the phone. Absolutely. In fact it should brick the phone as soon as it's tempered with, so Apple needs to get on that.

The correct question isn't why is Apple bricking the phone on TouchID tampering. The right question is why is Apple not bricking the phone when TouchID is tampered with [in all cases].

[Muxr]

Car analogies are bad, but if you lose or break your car's fob, it can be unbelievably expensive to get it replaced. On luxury German cars they have to be shipped directly from the factory. And they can cost $500+ to get replaced.

[bookaboo]

Car analogies are bad, but if you lose or break your car's fob, it can be unbelievably expensive to get it replaced. On luxury German cars they have to be shipped directly from the factory. And they can cost $500+ to get replaced.

Yeah but at least they don't remotely blow the thing up.