OF COURSE it’s bricking phones. If they were serious about security, they wouldn’t be using the useless-to-security fingerprint reader gimmick in the first place.
If the reader were compromised, they could wipe the phone WITHOUT bricking it.
And they had the ability to warn customers about third-party screen repairs bricking phones since the release of the 5C. They didn’t.
It pretty much is though. Because it’s an ios update that is causing the phoen to be bricked. That ios update is coming in from a remote location. Soooo i feel like you’re splitting hairs here.
yeah, and it is a big problem. due to what i do as my day job, this doesn’t surprise me in the least. but that’s because i am familiar with the domain. most people aren’t, and i can say for sure if my own mother had an iphone that needed repairing, this would probably be the outcome.
The remote refers to the “remote” upgrade, which subsequently bricked the phone. The phone didn’t brick itself until the upgrade, which failed to mention that it would brick the phone. So, while I’m often critical of inaccurate Cory click bait headlines, this one is at least plausible.
Yes, it is. You get your screen repaired, and the phone keeps working. Ten months later it gets bricked by a remotely-pushed software update.
They KNEW full well that 3rd-party screen repairs were not only common, but often the only choice. They remotely bricked the phones regardless, with no warning.
The iOS update is coming from a remote location, but it’s the software running locally that’s involved, not a remote command. The phrase “remotely bricking” implies something that’s not the case at all. It is kind of splitting hairs, but I don’t think if you read “Apple remotely bricks devices” you’d think that means “if you install an update your phone could be bricked.”
I disagree with most of what you’ve written, but since it’s clear you’ve got psychic powers of remote vision and mind reading that I don’t have, I’ll have to defer to you.
The problem here, I think, is not the feature, it’s that the secrecy around it turned it into a misfeature.
If they’d advertised “physical tamper resistance” among the selling points
If they included a warning in the package “tamper resistance feature means that work by non-Apple authorized repair services may be mistaken for tampering attempts, and lead to the phone being disabled”
Then it would be purely a feature. Maybe a feature some customers don’t want, but can make an informed choice about. But by concealing the feature prior to sales, and only even revealing it after being repeatedly pressured over it - Apple turned what could have been a feature, into a landmine.
If their software fails for any reason, including an error 53 message, you pay for the repair. I have been a victim of error 53. I work on devices for a company. I had two devices, both needed a screen repair. After the repair, I upgraded the software and both devices bricked. One wouldn’t boot at all, one gave error 53. I had no idea what error 53 was, apple wouldn’t tell me either. They swapped out the iphone that wouldn’t boot and told me they would check and see what the error was for the other and to come back in a few days. After the internet told me that error 53 was directly related to the Fingerprint ID being changed, I realized my mistake. I had accidentally swapped the fingerprint sensor in both phones. When I went back to the Apple store, they explained the fingerprint sensor was tampered and they are individually coded to work only with their original devices. They also said that the only way to get rid of the error 53 message was to put the original sensor back in. I told them that they had it. They said they couldn’t get it back since the phone was already replaced.
Apple Terms and Conditions for iOS 9.1, article 7 paragraph 6 states the following:
“NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE OR AN APPLE AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE iOS SOFTWARE OR SERVICES PROVE DEFECTIVE, YOU ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTOR RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION AND LIMITATIONS MAY NOT APPLY TO YOU.”
Having worked at Apple for a decade, rest assured that your idea of common sense has a major disconnect with what I know of their day to day operations and decision making processes.
They didn’t know that third-party screen repairs were uncommon and often necessary?
They were UNABLE to warn those customers before pushing an update that would brick their phones?
They were UNABLE to warn customers when phones with the readers were first released?
A security measure so Mickey-Mouse that defeating it was demonstrated within 24 hours of its release… needed to be protected to the point of remotely bricking phones… long after those repairs… WITHOUT WARNING?
The way I see it, this is not Apple “punishing” customers for using a non-Apple repair shop. It’s just preventing tampering with the Secure Element, which is a FIPS 140-2 and Common Criteria certified crypto module. If you don’t prevent tampering with the Secure Element, app signing is gone, apple pay is done and everything else that relies on the Secure Element goes to hell. That’s a decision made by Apple: data security is more important than the ability to fix your home button on a non-authorized shop. Apple should be more transparent about this (the info is there if you bother to look, but you need to know what you’re looking for), but calling it “punishment” is a bit of a stretch.
I have the opposite problem; my fingerprints are not reliably the same from day to day. (Except the right index finger, which is a solid hunk of scar tissue from having the tip cut off decades ago. Some touchscreens and fingerprint readers don’t even register that one at all.)
I deal with FIPS 140-2 pretty much every day. Does it mention fingerprint authentication? I would not consider a fingerprint authentication method to be secure, full stop, and I don’t think anyone who has seriously studied the subject would disagree. It’s far too simple to harvest and reproduce them - you can lift a fingerprint off an iPhone case and make a fake fingertip that will unlock the phone using commonly available grocery store materials.
The Internets tell me that our mistaken belief that fingerprints are magically powerful identifiers stems from the work of Francis Galton, the Father of Eugenics, who claimed there was a one in 64 million chance of two people having the same fingerprints.
is that a fair comparison? To get a fingerprint the person would have to access the same space as me, sometime after me, and something something something.
Bad firmware means that access to my fingerprint does not need to be from outside, which is pretty had but rather it becomes an inside job. The physical part is taken care of.
My only objection to the really good idea is the implementation (as maybe not so perfectly described in the post) should be opt-out or opt-in, and not news after the fact.
The issue arises with home button repairs, not screen repairs.
The headline is incorrect in two senses:
First in misleadingly claiming that Apple is remotely bricking phones (which is inaccurate).
Secondly in conspiratorially claiming that Apple’s punishing customers which there’s no evidence for. It’s a crap outcome for customers, but knowing how Apple operates I’d chalk this one up to incompetence/typical poor internal communications rather than malevolence, since, yes, I would assume that the engineers involved with locking down the biometric/cardholder data never realized that customers might have third party repairs of the home button (or they assumed third party repairs would be fine). Those sorts of engineers I’ve know always assumed that all customers are software/hardware engineers working for tech companies in CA until told otherwise, and have no understanding of larger scale operations or service/support unless that’s part of their job. The kind of fantasies of internal machinations to punish customers for using third party service providers are yours and Cory’s paranoid delusions. Feel free to disagree, I would not like to sign up for your newsletter, and I’m afraid I can’t care about your opinions about biometrics.