Actually, in the USA anyway, one is under zero obligation to have warranty work done by the manufacturer. Here, we have a free marker philosophy that goes back to the Anti-trust laws of 1890. The idea was to encourage small shops to flourish. Apple knows this (because they have been in court over "restraint of trade" before). If they refuse to supply OEM parts to other shops, they then cannot do what they have just done: force people to use Apple to repair their phones. This has nothing to do with technology. Though Apple wants you to think that. If this were just about tech, why would they completely nuke the phone? And everything on it? Irredeemably? You can brick a Blackberry 10 phone by violating its security credentials. But Blackberry gives you the option of sending them the phone, with proof of ownership, and they will unbrick it. Apple, with it's many store fronts, could easily do the same.
I haven't seen anything that says the repair parts weren't from Apple, however, just having repair parts doesn't mean the repair shops knew how to install them properly. As for Blackberry being able to fix a bricked system, if it's truly bricked, it can't be fixed. Apple made sure that tampering with the security aspects of the iPhone will brick the phone making it impossible to recover any data. That's how a truly secure system operates. Government laptops were required to be encrypted when taking them off-site because employees taking laptops with them on travel would have them (sometimes secretly) taken apart, hard drive removed and copied, then put back together without the employee knowing it. Once the hard drive was properly encrypted, it didn't matter if those spies copied the disk because they couldn't crack them. Apple is doing the responsible thing and providing a device when a non-owner is unable to steal the data off that phone. It has nothing to do with warranty or restraint of trade but all to do with properly repairing an iPhone while protecting the data on that phone. I understand that the phone costs money but losing the information on most people's phones to someone else (a criminal) can cost them a whole lot more. This is why you perform an encrypted backup of your phone on a regular basis so you end up losing the least amount of data possible. Of course, I bet most people don't backup any of their computer devices then turn around and blame Apple for that.
I don't think you will throw the book at Apple when your iPhone is compromised after a trip to the repair shop to fix the Touch ID sensor. I believe Apple handled this very unprofessionally and perhaps this experience will help them to be more transparent in their dealing with their customers.
Without a doubt Apple totally mishandled this by pulling the stunt out of the blue and should pay the piper for it. But to say this is a ploy to promote Apple's repair service is a stretch. It appears, the only repairs affected are those that tamper with the Touch ID system. Insisting that any outfit should be able to repair the Touch ID system is like allowing any Tom Dick and Harry to service the local ATM. Or allowing an unlicensed, unbonded "security contractor" to set up or repair your home security system. If you do the latter, then you deserve the burglary that happens the next day.
You make no sense. First you say pulled a stunt and mishandled it. Then you defend not allowing just anyone to do repairs and the proprietary aspect of this issue. Could you decide where you stand on this so the readers here know whether or not you are quite as ridiculous as you project yourself to be.
It's about disclosure. If a repair that worked fine is suddenly going to brick a phone after a software update, then Apple has an obligation to warn people about that when they release the update. And don't hide behind the EULA provision about unauthorized repairs. That's untested in the courts and EULA provisions are automatically invalid if they are against the laws, statutory and case law. It is one thing to say your warranty is voided because of an unauthorized repair, a totally different thing to say we are making your phone permanently inoperable because of an unauthorized repair. There are too many Apple apologists. I'm a big Apple fan but I don't let that affect my ability to distinguish right from wrong.
Just to make it clear to you then, the 'stunt' was bricking phones through a software update without warning people who might be affected that their phones will die, and furthermore not coming up with a remedy for said people once they present their bona fides. (e.g. prove that the phone isn't stolen.)
And by the way, I haven't heard of any law that says a company can get away with intentionally and permanently disabling a product because of an unauthorized repair. Have you?
I'm still not clear quite what this measure is protecting. Most of the assertions and analogies being thrown around look flawed to me, based on what is known about Apple's Secure Enclave implementation of ARM's TrustZone system. The TouchID module doesn't store anything - it just passes the scanned fingerprint information to the Secure Enclave, which is part of the main processor. The Secure Enclave compares the scanned data to the encrypted stored information to determine whether authentication succeeds. I cannot see how replacing the TouchID module can compromise the device or its data. What am I missing?
"based on what is known"
Did you miss the part where the Touch ID sensor is paired to the processor? If it "only" does what you stated (scans prints and forwards data for comparison), then why would it even "need" to be paired in the first place?
You're assuming the Touch ID sensor is a "basic" sensor (like a camera, touchscreen, proximity, acceleration and so on) and has no "smarts" of its own or does anything other than just read some form of data from the environment.
No - I didn't miss that part. The pairing requirement is interesting, and the reason for it is not described in any of the patent or briefing documents that I have seen, but it would make sense to validate that the TouchID module is not diverting (maybe transmitting) the scanned fingerprint data elsewhere, or storing it for future use to gain unauthorized access. However, that does not explain why simply disabling the TouchID module would not be a perfectly reasonable course of action if the module itself is not authenticated by the pairing process.
I'm still not clear quite what this measure is protecting. Most of the assertions and analogies being thrown around look flawed to me, based on what is known about Apple's Secure Enclave implementation of ARM's TrustZone system. The TouchID module doesn't store anything - it just passes the scanned fingerprint information to the Secure Enclave, which is part of the main processor. The Secure Enclave compares the scanned data to the encrypted stored information to determine whether authentication succeeds. I cannot see how replacing the TouchID module can compromise the device or its data. What am I missing?
I believe Apple wants to have a supportable Touch ID module that has some kind of trusted connection between it and the secure enclave. If they made it so any module of any kind could be attached and would work, I don't see how Apple could declare that to be a secure system. I'm pretty sure the Touch ID module has circuitry that validates itself with the secure enclave. If you use a legitimate Touch ID module and re-pair it properly, it will work. It's obvious the repairs done by non-Apple approved repair facilities (I haven't read anything about the repair facilities being Apple approved) were not carried out properly. Maybe Apple doesn't provide repair shops with enough information. I have no way of finding that out.
btw: The secure enclave is included on the main processor but is a separate part of it. Semantics, but it's a separate part all the same.
I don't disagree with any of that. However, it still does not explain why simply disabling the TouchID module would not be a perfectly secure solution.
I said it in the other thread and I'll say it again. I'm glad that Apple takes security seriously and I'm glad that they do not allow any tampering of the Touch ID components. I have zero problems with Apple implementing measures against unauthorized tampering and hacking.
If Apple is too secure for certain people and if certain people think that they ought to be allowed to do whatever the hell they please with their phones, including tampering with the secure Touch ID component, then guess what, Apple is not the right company for them. Go buy another phone next time, and save yourself from some future whining. Apple doesn't need you.
Only a complete moron would continue to stick with Apple if they haven't figured out by this point that Apple is very controlling in certain areas, and in this particular area, I happen to agree with Apple, and I think that it's a good thing that Apple takes this issue seriously.
The data and sensitive info/personal info that I have on my iPhone is most likely worth at least the data of what 50 typical Android users have on their phones, and I appreciate that Apple values security. There are other options out there if somebody doesn't want an iPhone and if somebody doesn't agree with the way that Apple does things.
Apple can't be allowing any unauthorized random bozos out there or ISIS terrorists or even the US government to be manipulating and tampering with the security mechanisms in their phones.
"If your iPhone has been repaired by a third party, please be warned that the current iOS update might disable your phone and render your data permanently irretrievable. As a courtesy to a valued customer, we ask you not to perform this update and instead make an appointment with a genius bar. Upon verifying that you are the valid owner of the iPhone, we will determine if your iPhone is at risk of being disabled, and if it is, we will extract all your data and transfer it to a new phone. The cost to you would be the cost Apple charges for the repair that was done by the 3rd party." Now what's so hard about that?
I also hope that the error is a bug. To my mind there should be some definite warning and furthermore Apple should just disable the TouchId functions. As has already been said, there are millions of iPhones out there that work perfectly without TouchId. If affected people can still use their iPhone (with the password they once typed in) they at least can call an Apple shop and make an appointment with a Genius there to discuss how this has to be handled.
I also hope that the error is a bug. To my mind there should be some definite warning and furthermore Apple should just disable the TouchId functions. As has already been said, there are millions of iPhones out there that work perfectly without TouchId. If affected people can still use their iPhone (with the password they once typed in) they at least can call an Apple shop and make an appointment with a Genius there to discuss how this has to be handled.
All Apple has stated error 33 does IS disable Touch ID and Apple Pay so there's that. And there are reports of that error only doing just testcard well. So how much of this is the usual nut jobs going all hyper over not much?
If iOS detects that the TouchId sensor is modified (as it is apparently able to do, with this Error 53 business) then it should ignore the TouchId sensor, and fall back to 6 digit PIN. No loss of security there, no need to brick anything, and no cryptic error messages.
If iOS detects that the TouchId sensor is modified (as it is apparently able to do, with this Error 53 business) then it should ignore the TouchId sensor, and fall back to 6 digit PIN. No loss of security there, no need to brick anything, and no cryptic error messages.
Question is "is the bricking intentional or an unexpected response"
Nonsense... most people will have their iPhones repaired by Apple. That's a no-brainer.
I never even thought about the issues of repairing the TouchID system. It's nice that Apple put a lot of thought into the security system and to me, it makes total sense that replacing TouchID by some stranger should brick the phone. Honestly, I think its a great idea. They did it to keep us - the consumers - safe, and not some conspiracy ploy.
Honestly, why is this even an issue? Makes perfect sense to me why it works the way it does, and if it is explained properly to any customer affected, I'm sure they would be completely understanding by it. Take it to an authorized repair facility and be done with it. If there is not one near you, too effin bad!
Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
That seems like a good idea, but the phone would have to erase the secure enclave with military-level number of passes. How likely would it function properly especially if something was malfunctioning.
Why do people still (incorrectly) say this is a "new" problem with iOS 9? It's not, and has been around since at least iOS 8 (and possibly sooner, though I didn't see any in a quick search).
This guy went from iOS 8.3 to 8.4 and it happened. Another Apple Support thread has someone with it on 8.2. So clearly this is not new or unique to the latest version of iOS 9.
As to why it only occurs when updating, a little common sense/logic needs applying. When you repair an iPhone you obviously turn it off. When turned back on, it "knows" the Touch ID sensor is different. At this point is when your authorized repair person would connect your iPhone to their system and perform the pairing procedure.
If your iPhone bricked immediately upon power up, how could you ever properly repair (and then pair) Touch ID. When you do an update to a newer iOS version is when it bricks. At this point Apple realizes this was an unauthorized repair and no technician is going to do any pairing. The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
I believe that Apple discloses the complex workings of iOS Security in a white paper. The latest is for iOS 9 http://www.apple.com/business/docs/iOS_Security_Guide.pdf. Read what it says about the Secure Boot Chain and System Software Authorization.
This is not about preventing third party repairs. This is about security, plain and simple. If people can't see that, perhaps they should trade in their iPhone for a less secure product.
Why do people still (incorrectly) say this is a "new" problem with iOS 9? It's not, and has been around since at least iOS 8 (and possibly sooner, though I didn't see any in a quick search).
This guy went from iOS 8.3 to 8.4 and it happened. Another Apple Support thread has someone with it on 8.2. So clearly this is not new or unique to the latest version of iOS 9.
As to why it only occurs when updating, a little common sense/logic needs applying. When you repair an iPhone you obviously turn it off. When turned back on, it "knows" the Touch ID sensor is different. At this point is when your authorized repair person would connect your iPhone to their system and perform the pairing procedure.
If your iPhone bricked immediately upon power up, how could you ever properly repair (and then pair) Touch ID. When you do an update to a newer iOS version is when it bricks. At this point Apple realizes this was an unauthorized repair and no technician is going to do any pairing. The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
This is from the Apple iOS Security White Paper:
During an iOS upgrade, iTunes (or the device itself, in the case of OTA software
updates) connects to the Apple installation authorization server and sends it a list of
cryptographic measurements for each part of the installation bundle to be installed
(for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce),
and the device’s unique ID (ECID).
The authorization server checks the presented list of measurements against versions for
which installation is permitted and, if it nds a match, adds the ECID to the measurement
and signs the result. The server passes a complete set of signed data to the device as
part of the upgrade process. Adding the ECID “personalizes” the authorization for the
requesting device. By authorizing and signing only for known measurements, the server
ensures that the update takes place exactly as provided by Apple.
The boot-time chain-of-trust evaluation veri es that the signature comes from Apple
and that the measurement of the item loaded from disk, combined with the device’s
ECID, matches what was covered by the signature.
These steps ensure that the authorization is for a specific device and that an old iOS
version from one device can’t be copied to another. The nonce prevents an attacker
from saving the server’s response and using it to tamper with a device or otherwise
alter the system software.
The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
I think reasonable people, even Apple fans who are not mindless devotees, would agree that Apple should be faulted not for the bricking per se but for not adequately informing the owners of the phones. It doesn't matter weather the EULA warns about this or not, when you are going to render an $600 piece of equipment useless, you better warn the owner first. If not for legal reasons, you should nevertheless do it for good customer relations.
Why does the entire phone need to be bricked? Would it not make more sense just to disable touch ID if they are worried about it being compromised? There are lots of iOS devices without touch ID that work just fine.
-kpluck
Your argument here seems to support the desires of thieves, not anyone really interested in PREVENTING THEFT. There is no conceivable reason to expect a third party to access highly secure components in the iPhone without consequences. Screw 'em!
If iOS detects that the TouchId sensor is modified (as it is apparently able to do, with this Error 53 business) then it should ignore the TouchId sensor, and fall back to 6 digit PIN. No loss of security there, no need to brick anything, and no cryptic error messages.
Question is "is the bricking intentional or an unexpected response"
As I stated earlier, there are numerous reports of this happening to out of warranty phones which have never had a repair of any kind, which suddenly fail after a specific update. That tells me all I need to know -- Apple does not have control of the manufacture chain, and manufacturing defects are creeping into the chain for which Apple was previously unaware. But now thanks to their poor oversight, the customer is the one who pays for Apple's mistakes.
You make no sense. First you say pulled a stunt and mishandled it. Then you defend not allowing just anyone to do repairs and the proprietary aspect of this issue. Could you decide where you stand on this so the readers here know whether or not you are quite as ridiculous as you project yourself to be.
It's about disclosure. If a repair that worked fine is suddenly going to brick a phone after a software update, then Apple has an obligation to warn people about that when they release the update. And don't hide behind the EULA provision about unauthorized repairs. That's untested in the courts and EULA provisions are automatically invalid if they are against the laws, statutory and case law. It is one thing to say your warranty is voided because of an unauthorized repair, a totally different thing to say we are making your phone permanently inoperable because of an unauthorized repair. There are too many Apple apologists. I'm a big Apple fan but I don't let that affect my ability to distinguish right from wrong.
Just to make it clear to you then, the 'stunt' was bricking phones through a software update without warning people who might be affected that their phones will die, and furthermore not coming up with a remedy for said people once they present their bona fides. (e.g. prove that the phone isn't stolen.)
And by the way, I haven't heard of any law that says a company can get away with intentionally and permanently disabling a product because of an unauthorized repair. Have you?
PayPal will permanently lock access to an account if evidence of fraud or hacking are discovered. No different. This isn't a bloody vacuum cleaner we're talking about. It's a bank vault.
Comments
I haven't seen anything that says the repair parts weren't from Apple, however, just having repair parts doesn't mean the repair shops knew how to install them properly. As for Blackberry being able to fix a bricked system, if it's truly bricked, it can't be fixed. Apple made sure that tampering with the security aspects of the iPhone will brick the phone making it impossible to recover any data. That's how a truly secure system operates. Government laptops were required to be encrypted when taking them off-site because employees taking laptops with them on travel would have them (sometimes secretly) taken apart, hard drive removed and copied, then put back together without the employee knowing it. Once the hard drive was properly encrypted, it didn't matter if those spies copied the disk because they couldn't crack them. Apple is doing the responsible thing and providing a device when a non-owner is unable to steal the data off that phone. It has nothing to do with warranty or restraint of trade but all to do with properly repairing an iPhone while protecting the data on that phone. I understand that the phone costs money but losing the information on most people's phones to someone else (a criminal) can cost them a whole lot more. This is why you perform an encrypted backup of your phone on a regular basis so you end up losing the least amount of data possible. Of course, I bet most people don't backup any of their computer devices then turn around and blame Apple for that.
I believe Apple handled this very unprofessionally and perhaps this experience will help them to be more transparent in their dealing with their customers.
Just to make it clear to you then, the 'stunt' was bricking phones through a software update without warning people who might be affected that their phones will die, and furthermore not coming up with a remedy for said people once they present their bona fides. (e.g. prove that the phone isn't stolen.)
And by the way, I haven't heard of any law that says a company can get away with intentionally and permanently disabling a product because of an unauthorized repair. Have you?
I don't disagree with any of that. However, it still does not explain why simply disabling the TouchID module would not be a perfectly secure solution.
If Apple is too secure for certain people and if certain people think that they ought to be allowed to do whatever the hell they please with their phones, including tampering with the secure Touch ID component, then guess what, Apple is not the right company for them. Go buy another phone next time, and save yourself from some future whining. Apple doesn't need you.
Only a complete moron would continue to stick with Apple if they haven't figured out by this point that Apple is very controlling in certain areas, and in this particular area, I happen to agree with Apple, and I think that it's a good thing that Apple takes this issue seriously.
The data and sensitive info/personal info that I have on my iPhone is most likely worth at least the data of what 50 typical Android users have on their phones, and I appreciate that Apple values security. There are other options out there if somebody doesn't want an iPhone and if somebody doesn't agree with the way that Apple does things.
Apple can't be allowing any unauthorized random bozos out there or ISIS terrorists or even the US government to be manipulating and tampering with the security mechanisms in their phones.
As has already been said, there are millions of iPhones out there that work perfectly without TouchId.
If affected people can still use their iPhone (with the password they once typed in) they at least can call an Apple shop and make an appointment with a Genius there to discuss how this has to be handled.
https://discussions.apple.com/thread/7121903?start=0&tstart=0
This guy went from iOS 8.3 to 8.4 and it happened. Another Apple Support thread has someone with it on 8.2. So clearly this is not new or unique to the latest version of iOS 9.
As to why it only occurs when updating, a little common sense/logic needs applying. When you repair an iPhone you obviously turn it off. When turned back on, it "knows" the Touch ID sensor is different. At this point is when your authorized repair person would connect your iPhone to their system and perform the pairing procedure.
If your iPhone bricked immediately upon power up, how could you ever properly repair (and then pair) Touch ID. When you do an update to a newer iOS version is when it bricks. At this point Apple realizes this was an unauthorized repair and no technician is going to do any pairing. The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
This is not about preventing third party repairs. This is about security, plain and simple. If people can't see that, perhaps they should trade in their iPhone for a less secure product.
This is from the Apple iOS Security White Paper:
During an iOS upgrade, iTunes (or the device itself, in the case of OTA software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed (for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID).
The authorization server checks the presented list of measurements against versions for which installation is permitted and, if it nds a match, adds the ECID to the measurement and signs the result. The server passes a complete set of signed data to the device as part of the upgrade process. Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update takes place exactly as provided by Apple.
The boot-time chain-of-trust evaluation veri es that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.
These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to tamper with a device or otherwise alter the system software.