Of course apple can make such an error if you repair stuff at 3d party repair companies or whatever so that you then can still get it (homebutton etc) replaced by original apple hardware and then your phone is unlocked again. But it's absolutely not ok to shut down your phone forever without warning you in advance. That is even against the law in many countries and shows how how little they give on their customers. It's like this with every product. If there's something that can damage your product, that you may not know about, a company has to warn customers in advance else the company can succesfully be sued (at least in europe). Plus not every country has an apple store. So it's normal people get their stuff repaired at third party companies. Apple should have authorized theid party comapnies repairing stuff for them in every country without apple stores. Anyways this development is very sad. Since steve jobs died apple is doing more and more crappy stuff. And I say that as an apple fan and user. And everyone who's saying here that it's totally ok what they're doing, never encountered any serious problems or is just pretty careless in general.
The article says, "The problem renders an iPhone unusable however, and affected owners will likely have no choice but to buy a new phone." But Apple's response in the article says "Touch ID, including for Apple Pay use, is disabled." It's possible to use an iPhone without Touch ID, so what's the problem here; why is the iPhone unusable?
After reading a bunch of other articles on this situation, it seems to be less than clear if the iPhone is actually being "bricked" at all. It's certainly not clear that it's bricked in all situations. This is likely another one of those times when everyone on the web is freaking out about something that may not actually be a fact.
In any case, I think any reasonable person can agree that having some kind of shutdown of TouchID services is appropriate in this situation, and that it doesn't violate the Magnuson-Moss Warranty Act to do so (duh).
Since shutting down the entire phone ("bricking" it), is really the only thing that can be construed as a violation or even unreasonable, I wouldn't be surprised to find out a few days from now that it was all a mistake and that phones actually aren't being bricked in this way.
All the videos I have seen of people with this issue directly state or imply that they are iPhone re-sellers that have multiple phones that have been essentially resurrected from multiple parts. It's not out of the realm of possibility that those phones are experiencing multiple issues related to having different parts from different sources. I also don't see how shutting down that kind of "service" (the dodgy guy in your neighbourhood who does this), is either a bad thing or any violation of the law. Those guys basically feed off of stolen phones for the most part despite protestations to the contrary.
If it's as you say i agee with it. But not if phones are really shut down forever. Let's see and hope the best.
How does this not violate the Magnuson-Moss Warranty Act, which applies to all US products, and prohibits warrantors from refusing service if there are third party parts involved (which is why you can buy auto parts from other aftermarket vendors without requesting permission from Ford, or Chevy)?
"Warrantors cannot require that only branded parts be used with the product in order to retain the warranty.[7] This is commonly referred to as the "tie-in sales" provisions,[8] and is frequently mentioned in the context of third-party computer parts, such as memory and hard drives."
I think if you read it closely you will find that the manufacturer does have the right to enforce that replacement parts need to be "verified" (or similar language) however.
At least that's the language found in laws like this in my country and a few others that I'm aware of. The parts have to come up to a minimum spec that the manufacturer controls and any alternate parts must be demonstrably "the same" as the "branded" parts they replace. The idea of the law is to prevent the manufacturer from forcing the user to buy parts from them alone, not to allow anyone to swap anything for anything and still have the warranty apply.
If this wasn't true, then your auto warranty would still be in effect even if you were driving on cheap bald tires made out of old sandal rubber that you bought at a boot sale. Your home insurance would still be in effect even if you replaced your front door with a beaded curtain. Your TV would still be returnable even if you've unscrewed the back and replaced the internal speakers with some made out of a breakfast cereal box, etc. etc. There are limits and in this case, security is one of them.
First off, what kind of "reporter" only has a single phone? Especially when covering something as critical as the refugee crisis? Does he also travel with a single camera and lens, and if that craps out he can't complete his assignment?
Second, as someone else pointed out, a quick search shows there are lots of places in Macedonia where you can buy a new iPhone if you needed one. There is also an Apple authorized repair provider there as well. I find it hilarious that a "professional" like him acts like a little girl when his iPhone gets damaged and reacts as if he's 1,000 miles from nowhere in a desert somewhere.
But the worst is this little gem of yours: "Apple need to have a fail-safe approach to this that gives the legitimate owner of the phone a way to continue to use it and to access their data." Absolute garbage.
Does this also apply to someone who loses the keys to their car? How dare manufacturers leave a motorist stranded in the middle of the night with no way to get home, simply because the car doesn't have a "fail-safe" backup way for them to drive their car. I'm the legitimate owner of the car, and I better be able to drive it even if I'm stupid.
Having a "fail-safe" is another way to say "lower the security for everyone so the rare few who have an issue aren't left with a non-functioning device". Kinda sounds like the government wanting a back door into Apple encryption and have Apple lower the security for hundreds of millions of users on the off chance it "might" help law enforcement with a few cases.
Yes he should've been prepaired better. But you can't compare losing your keys with an error that shuts down your phone without warning you. That's a seriously bad analogy. Apple should've warned customers before or given them the chance to unlock the phone later. Taking it to your comparison it's like you lose sour car's keys and then your car will be locked forever and you have to buy a new car.
First off, what kind of "reporter" only has a single phone? Especially when covering something as critical as the refugee crisis? Does he also travel with a single camera and lens, and if that craps out he can't complete his assignment?
Second, as someone else pointed out, a quick search shows there are lots of places in Macedonia where you can buy a new iPhone if you needed one. There is also an Apple authorized repair provider there as well. I find it hilarious that a "professional" like him acts like a little girl when his iPhone gets damaged and reacts as if he's 1,000 miles from nowhere in a desert somewhere.
But the worst is this little gem of yours: "Apple need to have a fail-safe approach to this that gives the legitimate owner of the phone a way to continue to use it and to access their data." Absolute garbage.
Does this also apply to someone who loses the keys to their car? How dare manufacturers leave a motorist stranded in the middle of the night with no way to get home, simply because the car doesn't have a "fail-safe" backup way for them to drive their car. I'm the legitimate owner of the car, and I better be able to drive it even if I'm stupid.
Having a "fail-safe" is another way to say "lower the security for everyone so the rare few who have an issue aren't left with a non-functioning device". Kinda sounds like the government wanting a back door into Apple encryption and have Apple lower the security for hundreds of millions of users on the off chance it "might" help law enforcement with a few cases.
Yes he should've been prepaired better. But you can't compare losing your keys with an error that shuts down your phone without warning you. That's a seriously bad analogy. Apple should've warned customers before or given them the chance to unlock the phone later. Taking it to your comparison it's like you lose sour car's keys and then your car will be locked forever and you have to buy a new car.
Apple should warn customers how, exactly? How does Apple know you let some hack "repair" your iPhone?
And my car analogy has nothing to do with the actual repair bricking your iPhone. It was directed specifically at the "fail-safe" comment suggesting Apple should have backup plans for people who do stupid things. I don't think they should.
Why is it that everyone thinks that Touch ID, Apple Pay, your PIN or on-device encryption of your data are all individual and completely separate items? They're not - they are woven together to form the entire security of the device.
A better analogy would be if your house had 3 doors and they all took the SAME key. If you lose your key you have to barricade all the doors as a crook could get in anywhere. This is what disabling your iPhone is when one key aspect of its security is compromised. But even that's not accurate.
The best analogy would be this:
You have a house and all the locks are electronic with PIN pads to enter. Every door has a 5 digit PIN number, where the first 4 are the same and the last digit is unique. A crook gets access to the PIN for one door. Now they have a much easier time to get into the other doors because they know 4 of the 5 digits.
Apple found a discrepancy with the security of your device and locked it.
You are delusional. My analogy is perfect and yours is fantasy.
Touch ID and your fingerprint are not related in any way to your password. They are two completely separate entrance mechanisms. It really bugs me when people like you come along and start spewing nonsense as if it were fact. There's already too many that misunderstand how this all works without you adding to their confusion.
I don't know where you're getting your information - but I promise you (and everyone else) that it's nowhere close to accurate and I restart that my analogy is spot on. I'm sorry if it simplifies things too much and makes you feel sheepish or silly for not realizing it before reading my analogy - but it really is that simple conceptually. Honest!
No, still a stupid analogy that only proves you know nothing about the secure enclave and how it works.
The secure enclave is used for device encryption, your passcode, your fingerprint, access controls lists (things like application passwords and private keys).
You seem to think it's only used for Touch ID, and there's nothing to worry about if a piece of hardware that works with the secure enclave has been swapped out. And then have the nerve to tell others they are delusional or morons.
Apple on Friday publicly acknowledged an unusual "Error 53" message, triggered by updating an iPhone 6 to iOS 9 or later after having the phone's Touch ID sensor fixed by an unofficial technician. [Updated]
"We protect fingerprint data using a Secure Enclave, which is uniquely paired to the Touch ID sensor," a spokeswoman explained to The Guardian. "When [an] iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the Touch ID sensor, the pairing is re-validated."
With an unofficial repair, the representative warned, that pairing can go unvalidated and lead to Error 53 once iOS is updated, or even restored. People running into the glitch should contact Apple support, the spokeswoman suggested.
The problem renders an iPhone unusable however, and affected owners will likely have no choice but to buy a new phone, since an unofficial repair violates Apple's warranty terms.
The Guardian observed that many regions lack Apple Stores, which can sometimes make it hard to find a place to get authorized repairs done in a timely manner.
When Apple launched Touch ID it went to great lengths to assure people that the associated data couldn't be leaked online, or even captured by installed apps. The need to re-validate appears to be a defense against thieves (or other parties) extracting fingerprint data via hardware modifications.
Update: Apple has issued a separate statement to AppleInsider.
"We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers," the company said. "iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device's other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support."
APPLE UPGRADE VIOLATES SOFTWARE LEGISLATION.
Is it possible to mount a legal challenge to this error 53 problem under the Digital Content paragraph in the new Consumer Rights Legislation?
Under this bill' traders are obliged to provide additional information concerning the functionality of the digital content and any relevant information about its compatibility with other hardware My Ipad worked perfectly until the upgrade software was installed. We should have been told that a device with a replacement screen or button could rendered unusable if the software was upgraded.
The bill states that the software has to be of satisfactory quality and must meet a given description. Any software that renders a device unusable could not be of satisfactory. quality especially when it prevents the user from returning to its original software.
You are delusional. My analogy is perfect and yours is fantasy.
Touch ID and your fingerprint are not related in any way to your password. They are two completely separate entrance mechanisms. It really bugs me when people like you come along and start spewing nonsense as if it were fact. There's already too many that misunderstand how this all works without you adding to their confusion.
I don't know where you're getting your information - but I promise you (and everyone else) that it's nowhere close to accurate and I restart that my analogy is spot on. I'm sorry if it simplifies things too much and makes you feel sheepish or silly for not realizing it before reading my analogy - but it really is that simple conceptually. Honest!
No, still a stupid analogy that only proves you know nothing about the secure enclave and how it works.
The secure enclave is used for device encryption, your passcode, your fingerprint, access controls lists (things like application passwords and private keys).
You seem to think it's only used for Touch ID, and there's nothing to worry about if a piece of hardware that works with the secure enclave has been swapped out. And then have the nerve to tell others they are delusional or morons.
Seems pretty clear who the "delusional moron" is.
I've explained it to you twice. It's not my job to make you understand why you're wrong. In your latest reply you're trying to change the question to one that makes you less wrong but the extra detail you provide has nothing to do with my analogy or this discussion.
I don't know exactly what conversation you are trying to participate in, but the conversation that I'm in is about the error that is generated when a third party replacement of the home button/Touch ID sensor take place - the secure enclave is NOT being replaced. The secure enclave and everything in it remains intact, but the new Touch ID sensor is not able to communicate with it because the technician is unable to initialize it like Apple does.
In the above case, the only thing that need fail is Touch ID authentication - for anything - logins, Apple Pay, app unlocks, etc. Touch ID would be completely unusable - but every other feature and function within the phone - can and should continue to operate - 100% SECURELY - using just your password/passcode. This includes device encryption, passcodes, etc. Everything except Touch ID and fingerprint data.
Touch ID is an OPTIONAL feature that can be turned on and off. After a replacement of the sensor - until the new sensor is properly initialized by Apple - the phone CAN AND SHOULD FUNCTION AS IF TOUCH ID WERE SIMPLY TURNED OFF in settings.
Its frustrating trying to educate you. Two things are obvious. One is that you think you're right - and the other is that you're not. I've given up trying to show you exactly where and why you're wrong. At this point I'm only replying so that the great many forum readers who are smarter than you will understand why you're wrong - although to be honest - most of them probably understood after reading my initial analogy - or even before I posted it.
If you still don't get it - I'm sorry, I can't make it any clearer. You'll just have to continue forward in life remaininghl ignorant of how this stuff actually works.
I don't have the time or energy to reply to all of you individually - so this comment is directed to all of those who have blindly sided with Apple's approach of bricking the phone in response to this type of "tampering".
First of all - you don't even know for sure whether bricking the phone in these circumstances are what Apple intended to do. By calling it a "glitch", they are acknowledging that it is in fact NOT working exactly as intended.
As many of the smarter forum members have opined, there are a number of responses that could have been applied in this situation that are less severe YET STILL 100% SECURE! But since you don't understand how any of this stuff actually works - or what needs to be protected - you blindly over react. You're the same people that welcome "perceived security" over "real security" and probably think that all of the security measures in place at the airport actually make your flights more secure - even though they've been proven time and time again to be a waste of time and money whose ONLY value is to provide the PERCEPTION of security!
It's people like you - people that welcome extreme over reactions to perceived threats (real or not) that are going to be responsible for giving away ALL of our privacy and freedoms in the not so distant future.
Should Apple protect my data? Yes! Absolutely! Should they do so by bricking my device? ONLY IF NECESSARY!!! And in this case - ITS NOT!!! There are several levels of response/reaction that could be applied here that would protect your data while still allowing you to use your device! If you lack the intelligence to know what those responses should be - just shut the hell up - or go ahead and demand a solution that protects your data APPROPRIATELY. Don't pretend you know what the solution is and demand specific things when it's so very obvious you are responding solely out of fear and ignorance and that you don't have a clue what *should* be done.
What an amount of BS.... you don't really understand how Apple has to enforce security measures like this, on a device where financial transactions are implemented and Apple Pay still have to gain trust worthiness amongst many banks worldwide. you are trying to switch the responsibility from an unwise customer to Apple. use an authorized service center: problem solved.
It is not for you or Apple to decide for other people what they 'want' to have happen to their property and data. There are probably lots of people who would rather they still had a working phone until some more permanent solution to the security issue could be enacted.
"Freelance photographer and self-confessed Apple addict Antonio Olmos
says this happened to his phone a few weeks ago after he upgraded his
software. Olmos had previously had his handset repaired while on an
assignment for the Guardian in Macedonia. “I was in the Balkans covering
the refugee crisis in September when I dropped my phone. Because I
desperately needed it for work I got it fixed at a local shop, as there
are no Apple stores in Macedonia. They repaired the screen and home
button, and it worked perfectly.”http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair
Do you think that person, or many other professionals who have to work in places with little or no access to Apple approved repair would want what might be a vital tool to be rendered useless an so potentially compromise them?
Have you heard of the concept 'fail-safe'. Apple need to have a fail-safe approach to this that gives the legitimate owner of the phone a way to continue to use it and to access their data. Reverting to a password, for instance.
More crap from our resident troll.
First off, what kind of "reporter" only has a single phone? Especially when covering something as critical as the refugee crisis? Does he also travel with a single camera and lens, and if that craps out he can't complete his assignment?
Second, as someone else pointed out, a quick search shows there are lots of places in Macedonia where you can buy a new iPhone if you needed one. There is also an Apple authorized repair provider there as well. I find it hilarious that a "professional" like him acts like a little girl when his iPhone gets damaged and reacts as if he's 1,000 miles from nowhere in a desert somewhere.
But the worst is this little gem of yours: "Apple need to have a fail-safe approach to this that gives the legitimate owner of the phone a way to continue to use it and to access their data." Absolute garbage.
Does this also apply to someone who loses the keys to their car? How dare manufacturers leave a motorist stranded in the middle of the night with no way to get home, simply because the car doesn't have a "fail-safe" backup way for them to drive their car. I'm the legitimate owner of the car, and I better be able to drive it even if I'm stupid.
Having a "fail-safe" is another way to say "lower the security for everyone so the rare few who have an issue aren't left with a non-functioning device". Kinda sounds like the government wanting a back door into Apple encryption and have Apple lower the security for hundreds of millions of users on the off chance it "might" help law enforcement with a few cases.
You do love resorting to illogical arguments and desperate reaching.
A reporter should have two phones, he probably did, however, he might have had information on the iPhone that he needed access to that was not duplicated on his backup. Save me a stupid reply about if he was a professional he would have ensured they were mirrored. That sort of stuff is for perfect peters, such as yourself, sitting safe and comfy behind a desk pontificating about how a real man in the field would do things.
As for managing to locate an authorised repairer in Macedonia - clap......clap.....clap - perfect peter strikes again. Maybe he had a job to do that was time critical - I mean he was only a reporter covering an unfolding situation - and the official repairer was in the capital city and he wasn't? If that was the case he would likely lose two days minimum to get an official repair vs an hour or two for an unofficial one from the local phone chop shop.
When I fitted the brake pads to my car, it didn't render the car inoperable. And you know what else, peter? - the manufacturer saw fit to supply two sets of keys. Yes, two sets - can you imagine?
Failing-safe and falling back on password authentication is equivalent to government backdooring? - R E A C H I N G M U C H ? You could get a great job picking fruit.
Failing-safe and falling back on password authentication is equivalent to government backdooring? - R E A C H I N G M U C H ?
Falling back on password authentication would make the phone no less secure as Apple already regards the fingerprint as subordinate to a PIN/password for authentication. It designed iOS to trust only your passcode but not your PIN fingerprint in certain circumstances (such as at startup) but never the other way around.
Failing-safe and falling back on password authentication is equivalent to government backdooring? - R E A C H I N G M U C H ?
Falling back on password authentication would make the phone no less secure as Apple already regards the fingerprint as subordinate to a PIN/password for authentication. It designed iOS to trust only your passcode but not your PIN in certain circumstances (such as at startup) but never the other way around.
But isn't TouchID subordinate to the passcode? ____edit- sorry my bad- please ignore- will learn how to read when I am older__________
If someone were able to add their own fingerprints to your device through a malicious touchID sensor, they wouldn't be able to do anything on the device unless you enter the passcode on reboot. Sure they could steal it from you after it has rebooted and would seemingly have free reign to what they want until the next iOS update, which I guess that they would decline anyway.
Wouldn't a better solution be to have the phone mention (on first reboot) that stored finger prints have been changed recently and then disable the touchID until the owner enters their passcode(or appleID/passsword/etc)? Apple could go one step further and even tell you each of the occasions that the device has been opened.
I don't have the time or energy to reply to all of you individually - so this comment is directed to all of those who have blindly sided with Apple's approach of bricking the phone in response to this type of "tampering".
First of all - you don't even know for sure whether bricking the phone in these circumstances are what Apple intended to do. By calling it a "glitch", they are acknowledging that it is in fact NOT working exactly as intended.
As many of the smarter forum members have opined, there are a number of responses that could have been applied in this situation that are less severe YET STILL 100% SECURE! But since you don't understand how any of this stuff actually works - or what needs to be protected - you blindly over react. You're the same people that welcome "perceived security" over "real security" and probably think that all of the security measures in place at the airport actually make your flights more secure - even though they've been proven time and time again to be a waste of time and money whose ONLY value is to provide the PERCEPTION of security!
It's people like you - people that welcome extreme over reactions to perceived threats (real or not) that are going to be responsible for giving away ALL of our privacy and freedoms in the not so distant future.
Should Apple protect my data? Yes! Absolutely! Should they do so by bricking my device? ONLY IF NECESSARY!!! And in this case - ITS NOT!!! There are several levels of response/reaction that could be applied here that would protect your data while still allowing you to use your device! If you lack the intelligence to know what those responses should be - just shut the hell up - or go ahead and demand a solution that protects your data APPROPRIATELY. Don't pretend you know what the solution is and demand specific things when it's so very obvious you are responding solely out of fear and ignorance and that you don't have a clue what *should* be done.
What an amount of BS.... you don't really understand how Apple has to enforce security measures like this, on a device where financial transactions are implemented and Apple Pay still have to gain trust worthiness amongst many banks worldwide. you are trying to switch the responsibility from an unwise customer to Apple. use an authorized service center: problem solved.
All I can say is re-read my previous messages. The house analogy I use is accurate. I can't point to the statement in your message that is wrong because all of it is wrong.
The fundamental flaw in your argument is that you incorrectly assume that the solution I described lessens the security of the data that resides on the device. It doesn't - and I don't know why you don't understand that! When Touch ID is operational - but turned off - is the data on my device secure? Yes - it's as secure as the password I created.
We can't discuss this until you understand what security is and how to implement it effectively. Currently, you don't - so you panic and overreach with a solution that secures your data - but also prevents authorized access to it! That's a fail - unless it's necessary to ensure security. But in this case - it's NOT necessary.
Instead of blindly claiming that my analogy is wrong - and not offering any reasons for making that claim - why don't you point out WHERE the security hole is in the "passcode only" approach? I'll tell you why you can't do that - it's because it doesn't exist! There is no security hole! LOL! Your objections are centered around the fact that the data stored on the phone is extremely sensitive...and so the solutions requires more security.... That's an invalid argument. The data is in fact - just as protected and secure in my analogy as it is in a device where the user has chosen to disable Touch ID.
Enabling Touch ID on a device actually decreases the security of the device as a whole because it creates a new entry point that didn't previously exist - one that could be used by anyone with access to your fingers - either while you're sleeping, after they've roofied you, or after they've chopped off the appropriate finger!
This argument isn't worth any more of my time. The smart people here already get it. The rest of you will never get it because you lack a basic understanding of security - and that's fine. I'm sure this is not the only thing you've ever been wrong about. By now - you must be used to it.
I won't be replying again on this chain unless you or someone else can post an actual example of a real thing that makes this method less secure. (you can't do it because there isn't one)
^ No, you won't be replying again because you're wrong and won't admit it. And you lack the basic knowledge to prove your side right. In fact, you have posted literally NOTHING about how the security on an iPhone (secure enclave, encryption, Touch ID) works. You're just throwing arond a bunch of theories about how you THINK it works and expect s to believe you.
Dont get so upset when people call you out when you're wrong.
Edited: Can't believe I forgot this as I just assumed the basic concept would be simple for anyone to understand. Apparently not.
I work for BMW (as I've posted here before). They do the EXACT same thing. If you replace the access module on a BMW (the one that decides if it should unlock the doors with the remote key) then the entire car is bricked. That's right, it won't even work. You'll need to get towed to BMW and they'll have to order in a brand-new module direct from BMW which they will then code (pair) to the vehicle. It's impossible for dealers or anyone to buy a used module and code (pair it).
According to your logic, BMW should allow the car to start so you can drive it, and turn off the feature for unlocking the doors (just like you claim Touch ID should be turned off and the rest of the iPhone should continue to work).
Sound familiar? Sort of like using a Touch ID sensor that hasn't been coded (paired) and the entire phone stops working. Now for the others who clearly don't comprehend the Magnusson Moss act (and think it applies here), how is BMW able to get away with this? If you have the right to repair your car at a third party shop, then how can this situation arise?
^ No, you won't be replying again because you're wrong and won't admit it. And you lack the basic knowledge to prove your side right. In fact, you have posted literally NOTHING about how the security on an iPhone (secure enclave, encryption, Touch ID) works. You're just throwing arond a bunch of theories about how you THINK it works and expect s to believe you.
Dont get so upset when people call you out when you're wrong.
Edited: Can't believe I forgot this as I just assumed the basic concept would be simple for anyone to understand. Apparently not.
I work for BMW (as I've posted here before). They do the EXACT same thing. If you replace the access module on a BMW (the one that decides if it should unlock the doors with the remote key) then the entire car is bricked. That's right, it won't even work. You'll need to get towed to BMW and they'll have to order in a brand-new module direct from BMW which they will then code (pair) to the vehicle. It's impossible for dealers or anyone to buy a used module and code (pair it).
According to your logic, BMW should allow the car to start so you can drive it, and turn off the feature for unlocking the doors (just like you claim Touch ID should be turned off and the rest of the iPhone should continue to work).
Sound familiar? Sort of like using a Touch ID sensor that hasn't been coded (paired) and the entire phone stops working. Now for the others who clearly don't comprehend the Magnusson Moss act (and think it applies here), how is BMW able to get away with this? If you have the right to repair your car at a third party shop, then how can this situation arise?
Does the BMW have an alternative authentication method to open the doors and start the engine?
Think of it as one of those steering wheel locks. Renders the item unusable until security is ensured.
Oh oh and the only "moron" here is the one insisting the phone is permanentlyt disabled aka "bricked" when it so obviously isn't since Apple has a process for restoring the security elements synchronization after replacement.
Not the best analogy since the intent is not to protect the phone from theft but rather to protect the contents. Your analogy does nothing to protect the contents of the vehicle.
....
I disagree. A steering wheel lock renders the central function of the vehicle, being able to drive it somewhere, unusable. Similarly accessing the data contained within an iPhone is a central function of the phone (I certainly use mine more as a computer than a communication device for example) and that function is blocked with an Error 53.
In in the early days of these hysteria-fests we never get the full picture so whether this is something that does actually render the phone permenantly unusable? Well I'll wait for more than a few heavy breathing anecdotes. That's been the pattern far too many times to be taken very seriously.
My niece had her home button replaced and Touch ID was disabled, even DFU restore it wouldn't enable, it is on the latest iOS update and is fine apart from that. Apple just advised that Touch ID won't work and that they won't repair it because it has 3rd party parts in it now. No biggie, she just can't use Touch ID or Apple Pay.
maybe it's just certain parts that cause the 53 error?
^ No, you won't be replying again because you're wrong and won't admit it. And you lack the basic knowledge to prove your side right. In fact, you have posted literally NOTHING about how the security on an iPhone (secure enclave, encryption, Touch ID) works. You're just throwing arond a bunch of theories about how you THINK it works and expect s to believe you.
Dont get so upset when people call you out when you're wrong.
Edited: Can't believe I forgot this as I just assumed the basic concept would be simple for anyone to understand. Apparently not.
I work for BMW (as I've posted here before). They do the EXACT same thing. If you replace the access module on a BMW (the one that decides if it should unlock the doors with the remote key) then the entire car is bricked. That's right, it won't even work. You'll need to get towed to BMW and they'll have to order in a brand-new module direct from BMW which they will then code (pair) to the vehicle. It's impossible for dealers or anyone to buy a used module and code (pair it).
According to your logic, BMW should allow the car to start so you can drive it, and turn off the feature for unlocking the doors (just like you claim Touch ID should be turned off and the rest of the iPhone should continue to work).
Sound familiar? Sort of like using a Touch ID sensor that hasn't been coded (paired) and the entire phone stops working. Now for the others who clearly don't comprehend the Magnusson Moss act (and think it applies here), how is BMW able to get away with this? If you have the right to repair your car at a third party shop, then how can this situation arise?
I lied. I will continue to reply - only to make sure that people aren't left with your misguided and incorrect information.
Again - you are trying to confuse the issue and the conversation by making some weak vehicular analogy. I'm not going to dispute anything you said about BMW or how their system works - but I will point out that it's a silly comparison to make. The system you are describing is designed to prevent theft. The iPhone security system we are discussing is designed to protect your data. That's a huge difference - and at least now I know why you're thoughts are so far from accurate - you're speaking about what you know - which is vehicle theft protection. Your mistake is in assuming that the security required to protect data is (or should be) similar. It's not - and you clearly have no experience or knowledge about those types of systems!
If you want to pull out credentials, sure - let's play! I have a Masters in Computer Science and have worked as a consultant in the IT industry for more than 20 years including 6 years of architecting, engineering and implementing secure systems. Sorry, I've never worked on automotive security systems.
So - rather than comparing cars to smartphones, why don't you look at the exact items in question and then point out to all of us exactly where and how the phone with the uninitialized Touch ID sensor is more vulnerable to unauthorized data access or unauthorized use than the system which has Touch ID disabled via the settings app. And remember, we want to compare Apples to Apples here - so for the devices we're going to compare - the ONLY difference between the 2 devices should be that one has all of the original parts and the other has an aftermarket Touch ID sensor that is not able to communicate with the secure enclave.
My assertion is that if Apple (iOS) detects that the Touch ID sensor cannot communicate with the secure enclave, the "Use Touch ID" setting should be turned off and grayed out - and the phone should operate as if it had never been activated in the first place.
Your claim is that by doing so, some portion of the users data would potentially be exposed and the only "secure" thing to do is to temporarily brick the phone - yet you offer no explanation as to how this could possibly happen.
By now, I'm sure you can see where you went wrong. Whether you misunderstood the proposed alternative to bricking, whether you honestly believed that "securing a vehicle from theft" and "securing access to private data on a computing device" were the same thing and should be treated the same way - or whether you are just an Apple apologist and blindly defend Apple and assume that if they do something a particular way, it's the best way (or the only way)...
Anyhow - no matter why you initially disputed the assertion, I'm certain that you now see that you were wrong. I'm also equally certain that you'll never admit it. You've slung too many names and insults to back down and apologize at this point. I'm quite sure that you will go to your grave still claiming to be right - even if Apple releases an update that makes the system work EXACTLY as I've described - which I see as a *very* likely possibility...!
^ No, you won't be replying again because you're wrong and won't admit it. And you lack the basic knowledge to prove your side right. In fact, you have posted literally NOTHING about how the security on an iPhone (secure enclave, encryption, Touch ID) works. You're just throwing arond a bunch of theories about how you THINK it works and expect s to believe you.
Dont get so upset when people call you out when you're wrong.
Edited: Can't believe I forgot this as I just assumed the basic concept would be simple for anyone to understand. Apparently not.
I work for BMW (as I've posted here before). They do the EXACT same thing. If you replace the access module on a BMW (the one that decides if it should unlock the doors with the remote key) then the entire car is bricked. That's right, it won't even work. You'll need to get towed to BMW and they'll have to order in a brand-new module direct from BMW which they will then code (pair) to the vehicle. It's impossible for dealers or anyone to buy a used module and code (pair it).
According to your logic, BMW should allow the car to start so you can drive it, and turn off the feature for unlocking the doors (just like you claim Touch ID should be turned off and the rest of the iPhone should continue to work).
Sound familiar? Sort of like using a Touch ID sensor that hasn't been coded (paired) and the entire phone stops working. Now for the others who clearly don't comprehend the Magnusson Moss act (and think it applies here), how is BMW able to get away with this? If you have the right to repair your car at a third party shop, then how can this situation arise?
I lied. I will continue to reply - only to make sure that people aren't left with your misguided and incorrect information.
Again - you are trying to confuse the issue and the conversation by making some weak vehicular analogy. I'm not going to dispute anything you said about BMW or how their system works - but I will point out that it's a silly comparison to make. The system you are describing is designed to prevent theft. The iPhone security system we are discussing is designed to protect your data. That's a huge difference - and at least now I know why you're thoughts are so far from accurate - you're speaking about what you know - which is vehicle theft protection. Your mistake is in assuming that the security required to protect data is (or should be) similar. It's not - and you clearly have no experience or knowledge about those types of systems!
If you want to pull out credentials, sure - let's play! I have a Masters in Computer Science and have worked as a consultant in the IT industry for more than 20 years including 6 years of architecting, engineering and implementing secure systems. Sorry, I've never worked on automotive security systems.
So - rather than comparing cars to smartphones, why don't you look at the exact items in question and then point out to all of us exactly where and how the phone with the uninitialized Touch ID sensor is more vulnerable to unauthorized data access or unauthorized use than the system which has Touch ID disabled via the settings app. And remember, we want to compare Apples to Apples here - so for the devices we're going to compare - the ONLY difference between the 2 devices should be that one has all of the original parts and the other has an aftermarket Touch ID sensor that is not able to communicate with the secure enclave.
My assertion is that if Apple (iOS) detects that the Touch ID sensor cannot communicate with the secure enclave, the "Use Touch ID" setting should be turned off and grayed out - and the phone should operate as if it had never been activated in the first place.
Your claim is that by doing so, some portion of the users data would potentially be exposed and the only "secure" thing to do is to temporarily brick the phone - yet you offer no explanation as to how this could possibly happen.
By now, I'm sure you can see where you went wrong. Whether you misunderstood the proposed alternative to bricking, whether you honestly believed that "securing a vehicle from theft" and "securing access to private data on a computing device" were the same thing and should be treated the same way - or whether you are just an Apple apologist and blindly defend Apple and assume that if they do something a particular way, it's the best way (or the only way)...
Anyhow - no matter why you initially disputed the assertion, I'm certain that you now see that you were wrong. I'm also equally certain that you'll never admit it. You've slung too many names and insults to back down and apologize at this point. I'm quite sure that you will go to your grave still claiming to be right - even if Apple releases an update that makes the system work EXACTLY as I've described - which I see as a *very* likely possibility...!
Note that it appears, from looking at Apple's statement and user reports, that the system originally did function exactly as you propose, simply disabling TouchID - until the iOS update. And that did not change the security posture (at least not intentionally) - it simply failed to load properly, leaving an iPhone with an error number.
Whether or not temporarily bricking the phone (permanently seems silly) is a reasonable security measure, it really doesn't look as if this version of iOS is doing it intentionally.
Comments
I think if you read it closely you will find that the manufacturer does have the right to enforce that replacement parts need to be "verified" (or similar language) however.
At least that's the language found in laws like this in my country and a few others that I'm aware of. The parts have to come up to a minimum spec that the manufacturer controls and any alternate parts must be demonstrably "the same" as the "branded" parts they replace. The idea of the law is to prevent the manufacturer from forcing the user to buy parts from them alone, not to allow anyone to swap anything for anything and still have the warranty apply.
If this wasn't true, then your auto warranty would still be in effect even if you were driving on cheap bald tires made out of old sandal rubber that you bought at a boot sale. Your home insurance would still be in effect even if you replaced your front door with a beaded curtain. Your TV would still be returnable even if you've unscrewed the back and replaced the internal speakers with some made out of a breakfast cereal box, etc. etc. There are limits and in this case, security is one of them.
Apple should warn customers how, exactly? How does Apple know you let some hack "repair" your iPhone?
And my car analogy has nothing to do with the actual repair bricking your iPhone. It was directed specifically at the "fail-safe" comment suggesting Apple should have backup plans for people who do stupid things. I don't think they should.
No, still a stupid analogy that only proves you know nothing about the secure enclave and how it works.
The secure enclave is used for device encryption, your passcode, your fingerprint, access controls lists (things like application passwords and private keys).
You seem to think it's only used for Touch ID, and there's nothing to worry about if a piece of hardware that works with the secure enclave has been swapped out. And then have the nerve to tell others they are delusional or morons.
Seems pretty clear who the "delusional moron" is.
APPLE UPGRADE VIOLATES SOFTWARE LEGISLATION.
Is it possible to mount a legal challenge to this error 53 problem under the Digital Content paragraph in the new Consumer Rights Legislation?
Under this bill' traders are obliged to provide additional information concerning the functionality of the digital content and any relevant information about its compatibility with other hardware My Ipad worked perfectly until the upgrade software was installed. We should have been told that a device with a replacement screen or button could rendered unusable if the software was upgraded.
The bill states that the software has to be of satisfactory quality and must meet a given description. Any software that renders a device unusable could not be of satisfactory. quality especially when it prevents the user from returning to its original software.I don't know exactly what conversation you are trying to participate in, but the conversation that I'm in is about the error that is generated when a third party replacement of the home button/Touch ID sensor take place - the secure enclave is NOT being replaced. The secure enclave and everything in it remains intact, but the new Touch ID sensor is not able to communicate with it because the technician is unable to initialize it like Apple does.
In the above case, the only thing that need fail is Touch ID authentication - for anything - logins, Apple Pay, app unlocks, etc. Touch ID would be completely unusable - but every other feature and function within the phone - can and should continue to operate - 100% SECURELY - using just your password/passcode. This includes device encryption, passcodes, etc. Everything except Touch ID and fingerprint data.
Touch ID is an OPTIONAL feature that can be turned on and off. After a replacement of the sensor - until the new sensor is properly initialized by Apple - the phone CAN AND SHOULD FUNCTION AS IF TOUCH ID WERE SIMPLY TURNED OFF in settings.
Its frustrating trying to educate you. Two things are obvious. One is that you think you're right - and the other is that you're not. I've given up trying to show you exactly where and why you're wrong. At this point I'm only replying so that the great many forum readers who are smarter than you will understand why you're wrong - although to be honest - most of them probably understood after reading my initial analogy - or even before I posted it.
If you still don't get it - I'm sorry, I can't make it any clearer. You'll just have to continue forward in life remaininghl ignorant of how this stuff actually works.
you don't really understand how Apple has to enforce security measures like this, on a device where financial transactions are implemented and Apple Pay still have to gain trust worthiness amongst many banks worldwide.
you are trying to switch the responsibility from an unwise customer to Apple.
use an authorized service center: problem solved.
A reporter should have two phones, he probably did, however, he might have had information on the iPhone that he needed access to that was not duplicated on his backup. Save me a stupid reply about if he was a professional he would have ensured they were mirrored. That sort of stuff is for perfect peters, such as yourself, sitting safe and comfy behind a desk pontificating about how a real man in the field would do things.
As for managing to locate an authorised repairer in Macedonia - clap......clap.....clap - perfect peter strikes again. Maybe he had a job to do that was time critical - I mean he was only a reporter covering an unfolding situation - and the official repairer was in the capital city and he wasn't? If that was the case he would likely lose two days minimum to get an official repair vs an hour or two for an unofficial one from the local phone chop shop.
When I fitted the brake pads to my car, it didn't render the car inoperable. And you know what else, peter? - the manufacturer saw fit to supply two sets of keys. Yes, two sets - can you imagine?
Failing-safe and falling back on password authentication is equivalent to government backdooring? - R E A C H I N G M U C H ?
You could get a great job picking fruit.
If someone were able to add their own fingerprints to your device through a malicious touchID sensor, they wouldn't be able to do anything on the device unless you enter the passcode on reboot. Sure they could steal it from you after it has rebooted and would seemingly have free reign to what they want until the next iOS update, which I guess that they would decline anyway.
Wouldn't a better solution be to have the phone mention (on first reboot) that stored finger prints have been changed recently and then disable the touchID until the owner enters their passcode(or appleID/passsword/etc)? Apple could go one step further and even tell you each of the occasions that the device has been opened.
The fundamental flaw in your argument is that you incorrectly assume that the solution I described lessens the security of the data that resides on the device. It doesn't - and I don't know why you don't understand that! When Touch ID is operational - but turned off - is the data on my device secure? Yes - it's as secure as the password I created.
We can't discuss this until you understand what security is and how to implement it effectively. Currently, you don't - so you panic and overreach with a solution that secures your data - but also prevents authorized access to it! That's a fail - unless it's necessary to ensure security. But in this case - it's NOT necessary.
Instead of blindly claiming that my analogy is wrong - and not offering any reasons for making that claim - why don't you point out WHERE the security hole is in the "passcode only" approach? I'll tell you why you can't do that - it's because it doesn't exist! There is no security hole! LOL! Your objections are centered around the fact that the data stored on the phone is extremely sensitive...and so the solutions requires more security.... That's an invalid argument. The data is in fact - just as protected and secure in my analogy as it is in a device where the user has chosen to disable Touch ID.
Enabling Touch ID on a device actually decreases the security of the device as a whole because it creates a new entry point that didn't previously exist - one that could be used by anyone with access to your fingers - either while you're sleeping, after they've roofied you, or after they've chopped off the appropriate finger!
This argument isn't worth any more of my time. The smart people here already get it. The rest of you will never get it because you lack a basic understanding of security - and that's fine. I'm sure this is not the only thing you've ever been wrong about. By now - you must be used to it.
I won't be replying again on this chain unless you or someone else can post an actual example of a real thing that makes this method less secure. (you can't do it because there isn't one)
Dont get so upset when people call you out when you're wrong.
Edited: Can't believe I forgot this as I just assumed the basic concept would be simple for anyone to understand. Apparently not.
I work for BMW (as I've posted here before). They do the EXACT same thing. If you replace the access module on a BMW (the one that decides if it should unlock the doors with the remote key) then the entire car is bricked. That's right, it won't even work. You'll need to get towed to BMW and they'll have to order in a brand-new module direct from BMW which they will then code (pair) to the vehicle. It's impossible for dealers or anyone to buy a used module and code (pair it).
According to your logic, BMW should allow the car to start so you can drive it, and turn off the feature for unlocking the doors (just like you claim Touch ID should be turned off and the rest of the iPhone should continue to work).
Sound familiar? Sort of like using a Touch ID sensor that hasn't been coded (paired) and the entire phone stops working. Now for the others who clearly don't comprehend the Magnusson Moss act (and think it applies here), how is BMW able to get away with this? If you have the right to repair your car at a third party shop, then how can this situation arise?
In in the early days of these hysteria-fests we never get the full picture so whether this is something that does actually render the phone permenantly unusable? Well I'll wait for more than a few heavy breathing anecdotes. That's been the pattern far too many times to be taken very seriously.
Again - you are trying to confuse the issue and the conversation by making some weak vehicular analogy. I'm not going to dispute anything you said about BMW or how their system works - but I will point out that it's a silly comparison to make. The system you are describing is designed to prevent theft. The iPhone security system we are discussing is designed to protect your data. That's a huge difference - and at least now I know why you're thoughts are so far from accurate - you're speaking about what you know - which is vehicle theft protection. Your mistake is in assuming that the security required to protect data is (or should be) similar. It's not - and you clearly have no experience or knowledge about those types of systems!
If you want to pull out credentials, sure - let's play! I have a Masters in Computer Science and have worked as a consultant in the IT industry for more than 20 years including 6 years of architecting, engineering and implementing secure systems. Sorry, I've never worked on automotive security systems.
So - rather than comparing cars to smartphones, why don't you look at the exact items in question and then point out to all of us exactly where and how the phone with the uninitialized Touch ID sensor is more vulnerable to unauthorized data access or unauthorized use than the system which has Touch ID disabled via the settings app. And remember, we want to compare Apples to Apples here - so for the devices we're going to compare - the ONLY difference between the 2 devices should be that one has all of the original parts and the other has an aftermarket Touch ID sensor that is not able to communicate with the secure enclave.
My assertion is that if Apple (iOS) detects that the Touch ID sensor cannot communicate with the secure enclave, the "Use Touch ID" setting should be turned off and grayed out - and the phone should operate as if it had never been activated in the first place.
Your claim is that by doing so, some portion of the users data would potentially be exposed and the only "secure" thing to do is to temporarily brick the phone - yet you offer no explanation as to how this could possibly happen.
By now, I'm sure you can see where you went wrong. Whether you misunderstood the proposed alternative to bricking, whether you honestly believed that "securing a vehicle from theft" and "securing access to private data on a computing device" were the same thing and should be treated the same way - or whether you are just an Apple apologist and blindly defend Apple and assume that if they do something a particular way, it's the best way (or the only way)...
Anyhow - no matter why you initially disputed the assertion, I'm certain that you now see that you were wrong. I'm also equally certain that you'll never admit it. You've slung too many names and insults to back down and apologize at this point. I'm quite sure that you will go to your grave still claiming to be right - even if Apple releases an update that makes the system work EXACTLY as I've described - which I see as a *very* likely possibility...!
Whether or not temporarily bricking the phone (permanently seems silly) is a reasonable security measure, it really doesn't look as if this version of iOS is doing it intentionally.