yeah, and it is a big problem. due to what i do as my day job, this doesn’t surprise me in the least. but that’s because i am familiar with the domain. most people aren’t, and i can say for sure if my own mother had an iphone that needed repairing, this would probably be the outcome.
The remote refers to the “remote” upgrade, which subsequently bricked the phone. The phone didn’t brick itself until the upgrade, which failed to mention that it would brick the phone. So, while I’m often critical of inaccurate Cory click bait headlines, this one is at least plausible.
Yes, it is. You get your screen repaired, and the phone keeps working. Ten months later it gets bricked by a remotely-pushed software update.
They KNEW full well that 3rd-party screen repairs were not only common, but often the only choice. They remotely bricked the phones regardless, with no warning.
The iOS update is coming from a remote location, but it’s the software running locally that’s involved, not a remote command. The phrase “remotely bricking” implies something that’s not the case at all. It is kind of splitting hairs, but I don’t think if you read “Apple remotely bricks devices” you’d think that means “if you install an update your phone could be bricked.”
For clarity, since this article and headline are as misleading as I expected: the issue ONLY happens when one of two things happens:
- a third party tries to physically tamper with the security locked private biometric information to access it
- the components of the home button (which contains the security fingerprint lock) are replaced with non-Apple products.
It has nothing to do with screen repairs.
I disagree with most of what you’ve written, but since it’s clear you’ve got psychic powers of remote vision and mind reading that I don’t have, I’ll have to defer to you.
The problem here, I think, is not the feature, it’s that the secrecy around it turned it into a misfeature.
If they’d advertised “physical tamper resistance” among the selling points
If they included a warning in the package “tamper resistance feature means that work by non-Apple authorized repair services may be mistaken for tampering attempts, and lead to the phone being disabled”
Then it would be purely a feature. Maybe a feature some customers don’t want, but can make an informed choice about. But by concealing the feature prior to sales, and only even revealing it after being repeatedly pressured over it - Apple turned what could have been a feature, into a landmine.
It’s called “common sense.”
If their software fails for any reason, including an error 53 message, you pay for the repair. I have been a victim of error 53. I work on devices for a company. I had two devices, both needed a screen repair. After the repair, I upgraded the software and both devices bricked. One wouldn’t boot at all, one gave error 53. I had no idea what error 53 was, apple wouldn’t tell me either. They swapped out the iphone that wouldn’t boot and told me they would check and see what the error was for the other and to come back in a few days. After the internet told me that error 53 was directly related to the Fingerprint ID being changed, I realized my mistake. I had accidentally swapped the fingerprint sensor in both phones. When I went back to the Apple store, they explained the fingerprint sensor was tampered and they are individually coded to work only with their original devices. They also said that the only way to get rid of the error 53 message was to put the original sensor back in. I told them that they had it. They said they couldn’t get it back since the phone was already replaced.
Apple Terms and Conditions for iOS 9.1, article 7 paragraph 6 states the following:
“NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE OR AN APPLE AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE iOS SOFTWARE OR SERVICES PROVE DEFECTIVE, YOU ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTOR RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION AND LIMITATIONS MAY NOT APPLY TO YOU.”
Having worked at Apple for a decade, rest assured that your idea of common sense has a major disconnect with what I know of their day to day operations and decision making processes.
He was so angry that he went out and bought another one.
Wow. That’ll show them.
“Waiter, this food is horrible and these portions, so small!”
So what exactly are you claiming?
- They didn’t know that third-party screen repairs were uncommon and often necessary?
- They were UNABLE to warn those customers before pushing an update that would brick their phones?
- They were UNABLE to warn customers when phones with the readers were first released?
- A security measure so Mickey-Mouse that defeating it was demonstrated within 24 hours of its release… needed to be protected to the point of remotely bricking phones… long after those repairs… WITHOUT WARNING?
C’mon. Be serious.
The way I see it, this is not Apple “punishing” customers for using a non-Apple repair shop. It’s just preventing tampering with the Secure Element, which is a FIPS 140-2 and Common Criteria certified crypto module. If you don’t prevent tampering with the Secure Element, app signing is gone, apple pay is done and everything else that relies on the Secure Element goes to hell. That’s a decision made by Apple: data security is more important than the ability to fix your home button on a non-authorized shop. Apple should be more transparent about this (the info is there if you bother to look, but you need to know what you’re looking for), but calling it “punishment” is a bit of a stretch.
I have the opposite problem; my fingerprints are not reliably the same from day to day. (Except the right index finger, which is a solid hunk of scar tissue from having the tip cut off decades ago. Some touchscreens and fingerprint readers don’t even register that one at all.)
I deal with FIPS 140-2 pretty much every day. Does it mention fingerprint authentication? I would not consider a fingerprint authentication method to be secure, full stop, and I don’t think anyone who has seriously studied the subject would disagree. It’s far too simple to harvest and reproduce them - you can lift a fingerprint off an iPhone case and make a fake fingertip that will unlock the phone using commonly available grocery store materials.
The Internets tell me that our mistaken belief that fingerprints are magically powerful identifiers stems from the work of Francis Galton, the Father of Eugenics, who claimed there was a one in 64 million chance of two people having the same fingerprints.
is that a fair comparison? To get a fingerprint the person would have to access the same space as me, sometime after me, and something something something.
Bad firmware means that access to my fingerprint does not need to be from outside, which is pretty had but rather it becomes an inside job. The physical part is taken care of.
My only objection to the really good idea is the implementation (as maybe not so perfectly described in the post) should be opt-out or opt-in, and not news after the fact.
The issue arises with home button repairs, not screen repairs.
The headline is incorrect in two senses:
First in misleadingly claiming that Apple is remotely bricking phones (which is inaccurate).
Secondly in conspiratorially claiming that Apple’s punishing customers which there’s no evidence for. It’s a crap outcome for customers, but knowing how Apple operates I’d chalk this one up to incompetence/typical poor internal communications rather than malevolence, since, yes, I would assume that the engineers involved with locking down the biometric/cardholder data never realized that customers might have third party repairs of the home button (or they assumed third party repairs would be fine). Those sorts of engineers I’ve know always assumed that all customers are software/hardware engineers working for tech companies in CA until told otherwise, and have no understanding of larger scale operations or service/support unless that’s part of their job. The kind of fantasies of internal machinations to punish customers for using third party service providers are yours and Cory’s paranoid delusions. Feel free to disagree, I would not like to sign up for your newsletter, and I’m afraid I can’t care about your opinions about biometrics.
Much as I love cheap repairs, this is actually a good thing for security. Calling it punishment is being unfair to a company that focuses on your security above all else. (And yes, they make money in the process…)
Your argument that there should be an override in place is dangerous and the source that you site is 13 years old. The system that Schoen was referring to was PC specific at a time when your phone could barely check email, let alone scan your fingerprint. Times have changed, our devices now have far too much private data to be treated like that.
Here’s why, I suspect, Apple implemented it this way. The scenario that they’re worried about is the replacement of the legitimate TouchID sensor with one potentially compromised. If that is the case you have an internet connected device that can scan your fingerprints. That’s bad. If you allow the user to override and enter the phone OS then even after a warning (which would be very confusing), they might touch the sensor. Off goes their biometric data to places unknown. That’s very bad.
If a reporter is detained at a border crossing, held for hours - which happens - you post about these events, and their phone hardware is compromised the phone should self-destruct before booting in order to make sure that information that they have chosen to encrypt is secure. Bravo Apple.
Two minor points. First, as someone who attempted to have an iPad Air 2 repaired at a reputable shop they warned me that the repair would require the full replacement of the TouchID sensor. Second, this should have been implemented from day one. It’s a better experience to have the device refuse to boot immediately so the customer can blame the shady repair company than to push this out with a software update.
Security comes with a price. In this case, that means having your phone serviced by reputable dealers if that repair involves more than changing out some glass.
They had the option to warn people ahead of time. Not just when pushing the update that bricked the phones, but any time since the fingerprint reader was first released.
A simple warning not to install iOS9 is all it would take.
A simple warning to switch from fingerprints to passwords BEFORE you install iOS9, is all it would take.
“Punishment” - killing third-party repairs - seems the only credible explanation for not doing so.
Is not “punishment” in a “Oh, you used a non-apple shop! I shall brick your phone for your petulance!” sense. It’s a shitty outcome that could’ve been prevented with adequate communication.
Feel free to post the emails of the internal communications about the change across organizations and discussions illustrating that they were aware of the implications for people with third party repairs of home buttons once you find them. Until then you just look massively naive about how organized things are internally as well as really paranoid.