Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
Your response just cracks me up. You're advocating anyone breaking/replacing a secure component meant to keep the phone secure in every way and allow them full access to the phone, even if the data on it has been erased?? If someone steals my phone, that phone gets bricked no matter what, even I were able to erase all the data. Period.
Only Apple, and authorized repair facilities should be allowed to do it.
Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
I suggest watching this developers video, Keychain and Authentication with Touch ID, https://developer.apple.com/videos/play/enterprise-711/, which I believe is now available to everyone, to understand what's going one with Touch ID and the secure enclave. There's a whole lot more to Touch ID's use of the secure enclave than just Apple Pay/credit cards and fingerprints.
My analogy to this issue is someone losing their house key, calling a lock repairperson who drills out the lock, replaces the lock with a new lock and calls everything good. The problem is, once that lock is broken, anyone can get in (until it's replaced) and the lock repairperson could keep the key pattern and make new keys to get into your house at a later date. Apple creates a unique pair of keys, both of which need to be present, in order to unlock the phone. If your Touch ID assembly is bad, Apple or one of its authorized repair centers has the ability to re-key or pair the new Touch ID module to the iPhone. If it's done wrong (it doesn't matter who's doing it wrong), the data in the secure enclave, which contains all the passwords and encryption keys necessary to decrypt your phone, should be deleted. No way I want someone being able to get to the data on my phone, which also includes logons and passwords to Safari websites. Like I said, there's more to this security configuration than you're talking about.
One last thing. If you want Apple to expand their presence into the enterprise, health and government environment, the way Apple has configured Touch ID and the secure enclave goes a long way, like a 450-ft home run, towards getting their hardware approved, including for classified operations. Without the ability to keep non-authorized personnel from accessing government or enterprise secure information or medical information (HIPAA) Apple will have a hard time maintaining any presence in these areas. With it, and I believe they're the only manufacturers who can document a secure mobile device, they could rule these businesses. Is it worth a couple bricked iPhones? To me it is.
Excellent response. Of course, it won't be enough to convince the whiners that are posting their know-it-all crap like a few posters from above.
It's frightening to see so many people willing to sacrifice all their consumer rights just so that they can elevate their brand loyalty and corporate allegiances further. I've seen some pretty questionable things posted on this site before in nothing but the name of elevating Apple onto some kind of pedestal, but this is something else. I really do wonder how many people here are posting ironically, or are they posting what they genuinely believe?
If I buy a phone, from any company, or product or whatever, it is mine. It is not Apple's to decide what my interests are, in the name of security or otherwise. It's my phone, and I can do what the hell I damn well please with it. If Apple decides that isn't the case, then it's their duty to refund me, or best case scenario - educate me, as a consumer, and tell me options. See similar cases: Sony removing Linux support from the PS3 for "security", intel being able to brick laptops for "safety" or more recently, Microsoft forcing auto-updates in windows 10 for "security". This is no different.
I don't care for what reason Apple is doing it, claiming it's for security or some hidden agenda, right or wrong, it is not their place to decide what's best for people who purchase their devices, that's up to the users - however misinformed they may be. We don't live in a corporate oligarchy, we live in a free country and Apple getting away with this bullshit is just taking us further down the road doing nothing but harming consumer interests.
If the Touch ID enclave has been compromised AT ALL the phone needs to be bricked.
Why does the entire phone need to be bricked? Would it not make more sense just to disable touch ID if they are worried about it being compromised? There are lots of iOS devices without touch ID that work just fine.
It's frightening to see so many people willing to sacrifice all their consumer rights just so that they can elevate their brand loyalty and corporate allegiances further. I've seen some pretty questionable things posted on this site before in nothing but the name of elevating Apple onto some kind of pedestal, but this is something else. I really do wonder how many people here are posting ironically, or are they posting what they genuinely believe?
If I buy a phone, from any company, or product or whatever, it is mine. It is not Apple's to decide what my interests are, in the name of security or otherwise. It's my phone, and I can do what the hell I damn well please with it. If Apple decides that isn't the case, then it's their duty to refund me, or best case scenario - educate me, as a consumer, and tell me options. See similar cases: Sony removing Linux support from the PS3 for "security", intel being able to brick laptops for "safety" or more recently, Microsoft forcing auto-updates in windows 10 for "security". This is no different.
I don't care for what reason Apple is doing it, claiming it's for security or some hidden agenda, right or wrong, it is not their place to decide what's best for people who purchase their devices, that's up to the users - however misinformed they may be. We don't live in a corporate oligarchy, we live in a free country and Apple getting away with this bullshit is just taking us further down the road doing nothing but harming consumer interests.
Then buy an Android based phone and go troll somewhere else.
Without a doubt Apple totally mishandled this by pulling the stunt out of the blue and should pay the piper for it. But to say this is a ploy to promote Apple's repair service is a stretch. It appears, the only repairs affected are those that tamper with the Touch ID system. Insisting that any outfit should be able to repair the Touch ID system is like allowing any Tom Dick and Harry to service the local ATM. Or allowing an unlicensed, unbonded "security contractor" to set up or repair your home security system. If you do the latter, then you deserve the burglary that happens the next day.
You make no sense. First you say pulled a stunt and mishandled it. Then you defend not allowing just anyone to do repairs and the proprietary aspect of this issue. Could you decide where you stand on this so the readers here know whether or not you are quite as ridiculous as you project yourself to be.
It's frightening to see so many people willing to sacrifice all their consumer rights just so that they can elevate their brand loyalty and corporate allegiances further. I've seen some pretty questionable things posted on this site before in nothing but the name of elevating Apple onto some kind of pedestal, but this is something else. I really do wonder how many people here are posting ironically, or are they posting what they genuinely believe?
If I buy a phone, from any company, or product or whatever, it is mine. It is not Apple's to decide what my interests are, in the name of security or otherwise. It's my phone, and I can do what the hell I damn well please with it. If Apple decides that isn't the case, then it's their duty to refund me, or best case scenario - educate me, as a consumer, and tell me options. See similar cases: Sony removing Linux support from the PS3 for "security", intel being able to brick laptops for "safety" or more recently, Microsoft forcing auto-updates in windows 10 for "security". This is no different.
I don't care for what reason Apple is doing it, claiming it's for security or some hidden agenda, right or wrong, it is not their place to decide what's best for people who purchase their devices, that's up to the users - however misinformed they may be. We don't live in a corporate oligarchy, we live in a free country and Apple getting away with this bullshit is just taking us further down the road doing nothing but harming consumer interests.
Then buy an Android based phone and go troll somewhere else.
It's not about owning an android or an iphone, it's about companies having respect for the free will of their consumers.
Then buy an Android based phone and go troll somewhere else.
It's not about owning an android or an iphone, it's about companies having respect for the free will of their consumers.
We are talking about the integral security built into the device. I see no issues with self repairs but this part seems to have had a lot of thought put into it for a high level of security and that is a good thing.
My point stands, if someone does not like how Apple makes their hardware, they can get a phone from another manufacturer. Now that I know more about the Touch ID sensor since this issue came up, the more I like what Apple has done.
I suggest watching this developers video, Keychain and Authentication with Touch ID, https://developer.apple.com/videos/play/enterprise-711/, which I believe is now available to everyone, to understand what's going one with Touch ID and the secure enclave. There's a whole lot more to Touch ID's use of the secure enclave than just Apple Pay/credit cards and fingerprints.
My analogy to this issue is someone losing their house key, calling a lock repairperson who drills out the lock, replaces the lock with a new lock and calls everything good. The problem is, once that lock is broken, anyone can get in (until it's replaced) and the lock repairperson could keep the key pattern and make new keys to get into your house at a later date. Apple creates a unique pair of keys, both of which need to be present, in order to unlock the phone. If your Touch ID assembly is bad, Apple or one of its authorized repair centers has the ability to re-key or pair the new Touch ID module to the iPhone. If it's done wrong (it doesn't matter who's doing it wrong), the data in the secure enclave, which contains all the passwords and encryption keys necessary to decrypt your phone, should be deleted. No way I want someone being able to get to the data on my phone, which also includes logons and passwords to Safari websites. Like I said, there's more to this security configuration than you're talking about.
One last thing. If you want Apple to expand their presence into the enterprise, health and government environment, the way Apple has configured Touch ID and the secure enclave goes a long way, like a 450-ft home run, towards getting their hardware approved, including for classified operations. Without the ability to keep non-authorized personnel from accessing government or enterprise secure information or medical information (HIPAA) Apple will have a hard time maintaining any presence in these areas. With it, and I believe they're the only manufacturers who can document a secure mobile device, they could rule these businesses. Is it worth a couple bricked iPhones? To me it is.
Excellent response. Of course, it won't be enough to convince the whiners that are posting their know-it-all crap like a few posters from above.
You mean like the "smart people" from the other thread who think anyone who agrees with Apple on this are stupid, morons or delusional?
I would imagine Apple pushes an update that has to be loaded through iTunes that allows the affected devices to function with several features disabled like Touch ID, Apple Pay, etc. This is how iOS and the phones acted before the latest release of iOS 9. I really think Error 53 is a bug.
Also, the issue is not only for iPhones that have crappy replacement parts, OEM parts could be affected too. Technicians have to complete a process that identifies the Touch ID hardware to the secure enclave. If this is not done properly regardless if it's Apple's actual hardware or crappy 3rd party hardware the user will have issues.
Like most if these issues, in a few weeks we will have already moved onto the next ambulance.
Wait! No comments from sog35 AND rogifan? OMG, Tim Cook and Eddy Cue should be fired for this fiasco that will tarnish the value of AAPL!! How dare they go to the Super Bowl and act... Human. /s
Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
I suppose it all comes down to your definition of "appropriate HW"... As it was said, just because the chip responds as expected, doesn't mean it's not doing extra duty and compromising your security. Security-related hardware is perhaps the one, and only, area where forced-OEM makes sense.
I'm still not clear quite what this measure is protecting. Most of the assertions and analogies being thrown around look flawed to me, based on what is known about Apple's Secure Enclave implementation of ARM's TrustZone system. The TouchID module doesn't store anything - it just passes the scanned fingerprint information to the Secure Enclave, which is part of the main processor. The Secure Enclave compares the scanned data to the encrypted stored information to determine whether authentication succeeds. I cannot see how replacing the TouchID module can compromise the device or its data. What am I missing?
Actually, in the USA anyway, one is under zero obligation to have warranty work done by the manufacturer. Here, we have a free marker philosophy that goes back to the Anti-trust laws of 1890. The idea was to encourage small shops to flourish. Apple knows this (because they have been in court over "restraint of trade" before). If they refuse to supply OEM parts to other shops, they then cannot do what they have just done: force people to use Apple to repair their phones. This has nothing to do with technology. Though Apple wants you to think that. If this were just about tech, why would they completely nuke the phone? And everything on it? Irredeemably? You can brick a Blackberry 10 phone by violating its security credentials. But Blackberry gives you the option of sending them the phone, with proof of ownership, and they will unbrick it. Apple, with it's many store fronts, could easily do the same.
I'm still not clear quite what this measure is protecting. Most of the assertions and analogies being thrown around look flawed to me, based on what is known about Apple's Secure Enclave implementation of ARM's TrustZone system. The TouchID module doesn't store anything - it just passes the scanned fingerprint information to the Secure Enclave, which is part of the main processor. The Secure Enclave compares the scanned data to the encrypted stored information to determine whether authentication succeeds. I cannot see how replacing the TouchID module can compromise the device or its data. What am I missing?
"based on what is known"
Did you miss the part where the Touch ID sensor is paired to the processor? If it "only" does what you stated (scans prints and forwards data for comparison), then why would it even "need" to be paired in the first place?
You're assuming the Touch ID sensor is a "basic" sensor (like a camera, touchscreen, proximity, acceleration and so on) and has no "smarts" of its own or does anything other than just read some form of data from the environment.
It's not about owning an android or an iphone, it's about companies having respect for the free will of their consumers.
We are talking about the integral security built into the device. I see no issues with self repairs but this part seems to have had a lot of thought put into it for a high level of security and that is a good thing.
My point stands, if someone does not like how Apple builds their hardware...
I applaud Apple for the security they're trying to build into their devices. The problem is that a *lot* of their customers don't have the technical know-how to differentiate what can/should be third-party replacable. After all, if third parties can replace their screen cheaper than Apple, why not this TouchID "thingamajig"? Should their phone be bricked because of it? From what I understand, this error didn't start showing up until the user upgraded to iOS 9. I'd so, the iOS 9 upgrade should have put up a warning or refused to install with the error message that this device has been compromised. This way, the user at least still has use of their device! Better yet, the device should have failed to boot as soon as the Touch ID was replaced - this way the user knows who to blame: the unauthorized repair shop.
I'm still not clear quite what this measure is protecting. Most of the assertions and analogies being thrown around look flawed to me, based on what is known about Apple's Secure Enclave implementation of ARM's TrustZone system. The TouchID module doesn't store anything - it just passes the scanned fingerprint information to the Secure Enclave, which is part of the main processor. The Secure Enclave compares the scanned data to the encrypted stored information to determine whether authentication succeeds. I cannot see how replacing the TouchID module can compromise the device or its data. What am I missing?
I believe Apple wants to have a supportable Touch ID module that has some kind of trusted connection between it and the secure enclave. If they made it so any module of any kind could be attached and would work, I don't see how Apple could declare that to be a secure system. I'm pretty sure the Touch ID module has circuitry that validates itself with the secure enclave. If you use a legitimate Touch ID module and re-pair it properly, it will work. It's obvious the repairs done by non-Apple approved repair facilities (I haven't read anything about the repair facilities being Apple approved) were not carried out properly. Maybe Apple doesn't provide repair shops with enough information. I have no way of finding that out.
btw: The secure enclave is included on the main processor but is a separate part of it. Semantics, but it's a separate part all the same.
Comments
Excellent response. Of course, it won't be enough to convince the whiners that are posting their know-it-all crap like a few posters from above.
If I buy a phone, from any company, or product or whatever, it is mine. It is not Apple's to decide what my interests are, in the name of security or otherwise. It's my phone, and I can do what the hell I damn well please with it. If Apple decides that isn't the case, then it's their duty to refund me, or best case scenario - educate me, as a consumer, and tell me options. See similar cases: Sony removing Linux support from the PS3 for "security", intel being able to brick laptops for "safety" or more recently, Microsoft forcing auto-updates in windows 10 for "security". This is no different.
I don't care for what reason Apple is doing it, claiming it's for security or some hidden agenda, right or wrong, it is not their place to decide what's best for people who purchase their devices, that's up to the users - however misinformed they may be. We don't live in a corporate oligarchy, we live in a free country and Apple getting away with this bullshit is just taking us further down the road doing nothing but harming consumer interests.
-kpluck
It's not about owning an android or an iphone, it's about companies having respect for the free will of their consumers.
My point stands, if someone does not
like how Apple makes their hardware, they can get a phone from another manufacturer. Now that I know more about the Touch ID sensor since this issue came up, the more I like what Apple has done.
You mean like the "smart people" from the other thread who think anyone who agrees with Apple on this are stupid, morons or delusional?
Also, the issue is not only for iPhones that have crappy replacement parts, OEM parts could be affected too. Technicians have to complete a process that identifies the Touch ID hardware to the secure enclave. If this is not done properly regardless if it's Apple's actual hardware or crappy 3rd party hardware the user will have issues.
Like most if these issues, in a few weeks we will have already moved onto the next ambulance.
Actually, in the USA anyway, one is under zero obligation to have warranty work done by the manufacturer. Here, we have a free marker philosophy that goes back to the Anti-trust laws of 1890. The idea was to encourage small shops to flourish. Apple knows this (because they have been in court over "restraint of trade" before). If they refuse to supply OEM parts to other shops, they then cannot do what they have just done: force people to use Apple to repair their phones. This has nothing to do with technology. Though Apple wants you to think that. If this were just about tech, why would they completely nuke the phone? And everything on it? Irredeemably? You can brick a Blackberry 10 phone by violating its security credentials. But Blackberry gives you the option of sending them the phone, with proof of ownership, and they will unbrick it. Apple, with it's many store fronts, could easily do the same.
"based on what is known"
Did you miss the part where the Touch ID sensor is paired to the processor? If it "only" does what you stated (scans prints and forwards data for comparison), then why would it even "need" to be paired in the first place?
You're assuming the Touch ID sensor is a "basic" sensor (like a camera, touchscreen, proximity, acceleration and so on) and has no "smarts" of its own or does anything other than just read some form of data from the environment.
btw: The secure enclave is included on the main processor but is a separate part of it. Semantics, but it's a separate part all the same.