Much as I love cheap repairs, this is actually a good thing for security. Calling it punishment is being unfair to a company that focuses on your security above all else. (And yes, they make money in the process…)
Your argument that there should be an override in place is dangerous and the source that you site is 13 years old. The system that Schoen was referring to was PC specific at a time when your phone could barely check email, let alone scan your fingerprint. Times have changed, our devices now have far too much private data to be treated like that.
Here’s why, I suspect, Apple implemented it this way. The scenario that they’re worried about is the replacement of the legitimate TouchID sensor with one potentially compromised. If that is the case you have an internet connected device that can scan your fingerprints. That’s bad. If you allow the user to override and enter the phone OS then even after a warning (which would be very confusing), they might touch the sensor. Off goes their biometric data to places unknown. That’s very bad.
If a reporter is detained at a border crossing, held for hours - which happens - you post about these events, and their phone hardware is compromised the phone should self-destruct before booting in order to make sure that information that they have chosen to encrypt is secure. Bravo Apple.
Two minor points. First, as someone who attempted to have an iPad Air 2 repaired at a reputable shop they warned me that the repair would require the full replacement of the TouchID sensor. Second, this should have been implemented from day one. It’s a better experience to have the device refuse to boot immediately so the customer can blame the shady repair company than to push this out with a software update.
Security comes with a price. In this case, that means having your phone serviced by reputable dealers if that repair involves more than changing out some glass.
They had the option to warn people ahead of time. Not just when pushing the update that bricked the phones, but any time since the fingerprint reader was first released.
A simple warning not to install iOS9 is all it would take.
A simple warning to switch from fingerprints to passwords BEFORE you install iOS9, is all it would take.
“Punishment” - killing third-party repairs - seems the only credible explanation for not doing so.
Is not “punishment” in a “Oh, you used a non-apple shop! I shall brick your phone for your petulance!” sense. It’s a shitty outcome that could’ve been prevented with adequate communication.
Feel free to post the emails of the internal communications about the change across organizations and discussions illustrating that they were aware of the implications for people with third party repairs of home buttons once you find them. Until then you just look massively naive about how organized things are internally as well as really paranoid.
it isn’t about fingerprints being secure or not, it’s about recovering the authentication material regardless of type (passwords, fingerprints, keys, two factor, you name it). it doesn’t matter if someone tries to lift “password1” or your thumbprint from your device, if there is a capability to prevent that action it should be taken.
i am not defending fingerprints or the dumb reader that iphones have. but bricking the device when evidence of tampering has occurred isn’t unreasonable. it’s what thales cards do (but they are resin cased, so it’s easy to detect).
And I find it odd that someone as crypto-friendly as Corey is bashing a security module that’s behaving as expected to keep your data away from prying eyes. Or, most likely, he doesn’t fully understand the issue.
I think Cory’s imagining the evil Tim Cook in front of a bank of hundreds of monitors, like the Apple Batcave, hitting a kill-switch and cackling every time someone gets their phone fixed.
Except it’s not. If this was a crypto issue then the phone should have rejected the replacement fingerprint module at the outset, not during some random upgrade.
Let me help:
The di[s]connect [between the reality of a normal person vs personnel in a secured environment] is [that] a normal person would never expect this kind of reaction to detected tampering [whereas security personnel would].
There’s this perception that there’s one monolithic company with a single all-seeing consistent vision, but the reality’s a bunch of organizations that aren’t in regular communication about much besides very high level things, and don’t always communicate particularly well, esp. with anything relating to service/support being scowled at, ignored as much as possible, and being the last to be informed of anything.
I’m married to a journalist and when his iPhone was damaged beyond repair, he did the same thing. Journalists think they need to travel at the speed of sound, or at least the speed of Twitter, so even a 30 minute delay is excruciating for them.
Can you imagine going to Verizon, T-Mobile, or AT&T and replacing your phone? It takes hours!!! (Anyone who watched Kumail Nanjiani ad-lib a cell phone rep in Portlandia knows what I’m talking about.)
That said, I would have walked out of Apple and never returned. But then I never drank the Kool-Aid (I use an Android).
Edit: I may be married to a journalist, but my verbs don’t agree as quickly as his do.
One reason I always root my phones, to rip out all the crap bundled by the vendor, including (now) the fingerprint reading module. (Not to mention how much better the battery life is after!
I don’t know that anyone should claim that this blocks third party repairs. I tried to have an iPad Air 2 fixed and the reputable shop here (US, Chicago) said that they would need to replace the entire TouchID system. At worst, this blocks shady repair companies from using non-authentic or non-paired parts that could compromise your security. Apple is clearly communicating this to their repair partners.
Apple probably does not have the ability to scan all of our phones at a hardware level to detect where the problem would occur remotely, and issuing a blanket warning would just confuse people for whom it would not be a problem. It’s an unfortunate position, but I think Apple played it the only way they could. Make the right security decision (preventing potentially compromised phones from booting/decrypting), and handle people who have the problem with excellent customer service. If this was done with or without knowledge we’ll never know.
Ah, but your bank accounts certainly are to those ne’er-do-wells who would seek to alleviate you of that financial burden.
Your phone contains a lot of information about you, and the AI-driven botnets these days are busy building personal dossiers on us all culled from any source they can get into. Think NSA, only, uh, worse!