Error 53: Apple remotely bricks phones to punish customers for getting independent repairs

Yes, they should have. That’s poor communication.

This is a central component of the device. Ignoring it is bricking it.

I agree with that. This should have been the configuration from the first day that TouchID was available. Apple made the right call, but was three years late.

It would have been easier for people with impacted phones to confront their shady repair shops if the phones had blown up immediately. (And this would have been incentive for those shops to not do things like this in the first place.)

I was a huge Apple fan until the Amelio years, which put an end to it for me. The control freak behavior of more recent years hasn’t made me regret not going back.

Nope. The passcode is the primary authentication on an iPhone, not Touch ID. The phone does not use dual authentication (biometric AND passcode), but rather passcode for boot, 48 hour sleep wake and passcode and Touch ID reset.

I have a bank account and a PayPal account but I found that every time I try and make a deposit or withdrawal, they want to take some of my money away from me, so I tend to use them only when I have to, and leave them empty
I guess once you cross the paranoid barrier, you create your own problems.

Also, I tried Apple products and no sir, I just don’t like 'em.

I use this as justification for spending all my money as it comes in.

Apple is less about end user choice than any evil monolitih corporation portrayed in their “1984” commercial;. You will use Apple’s hardware, you will use Apple’s software, you will only use Apple authorized accessories and you will not get your device worked on at any place we do not sanction.

Now if Apple had publicized this “feature” I might say it’s possibly a neat idea but this completely bricking your phone? Nonsense. Unless the end-user is given a choice in this, which is anathema to Apple, this is something verging on "Let’s sue the bast*****.

As Apple appears to see it, you don’t even own the data you put on the phone as he who can destroy a thing controls that thing and Apple can wipe you out any time they choose apparently and never even bother to tell you.

Any time the iPhone is powered down, the passcode is required to unlock it. If that isn’t adequate, they could have simply disabled the fingerprint sensor.

Would you trust MI6 or the CIA to fix your phone?
You would not?

Then why trust the front companies that masquerade as third party repair shops?

Except it is. The phone has to verify the signature of the update. If the module is replaced, it can’t do that.

Except that is the very question at hand. Is this verification for Apple’s security (DRM, certain licensed accessories only, walled garden, no 3d party repairs, apple profit) or yours (integrity of data)?

That is actually an excellent idea. I will keep this in mind for the future when i inevitably end up with a phone that has one of those stupid readers:)

Arguably, depending on exactly how you slice the analogy in the context of not-terribly-modular consumer hardware; it isn’t even what you would expect of an enterprise HSM setup.

Yes, the HSM can, will, and should, freak out and execute all the secrets if it suspects tampering; but a PCI/PCIe connected HSM generally isn’t expected to destroy the server it is installed in(though anything encrypted with secrets on the HSM is obviously toast) USB connected HSMs don’t nuke the desktop/laptop, the networked appliance ones don’t blow the switch, etc.

In the case of the iphones, the home button, whatever cabling connects it to the logic board, and probably one or more ‘ARM TrustZone’ environments or paranoid microcontrollers are analogous to the HSM; and do have a very good reason to freak out, zero the secrets, and refuse to function as a security mechanism if tampering is suspected. It’s just that there’s also a couple hundred dollars worth of otherwise-functional iPhone embedded in the same box, which will be almost as usable if the home button just acts as a home button.

I’m pleased that Apple has apparently put some degree of care into the physical security of their precious little biometric widget; and I’d be the first to side with them if the story was ‘zOMG, Apple stole my data!!!’ because local storage encryption keys were purged when the authentication system was compromised; I just find executing the rest of the phone to be grossly excessive, especially in a consumer electronics context.

In a paranoid enterprise environment I might be inclined to set the server on fire anyway, if the HSM freaked out; just because I was concerned that whatever the threat was might have tampered with more than one thing; but there is a logical separation between the HSM and the host system it lives in; and I’d expect that the HSM would respect that(and, in terms of keeping the host system away from the contents of the HSM, that’s exactly what I’d be shelling out lots of money for).

In a consumer device, where one of the more common repairs involves compromising part of the biometrics hardware, not gracefully falling back to non-biometric functionality seems like bad design at best and malice at worst. The loss of any and all data embedded in the biometric authentication system, though, is all well and good by me(if anything, I’d want it so that not even Apple could replace a trusted component of the authentication system without causing a wipe and requiring a full re-keying and fingerprint re-enrollment, to avoid potential insider attacks).

Well, because a bad actor getting into the phone can put pretty much anything they want in your phone upon opening it and at that point it’s game over. Apple is banking on a very secure chain of trust throughout the phone, therefore someone mucking around for whatever reason is suspect.

Yes, this makes repairs more expensive and less convenient since you have to take the phone back to Apple for repair, but honestly since my phone has turned into this huge trove of personally identifying data and extremely private data for me, and it has things like authenticator apps and other security apps; I’d never go and hand over my phone to some yokel at UBROKEIFIX or some other 3rd party.

I see your point and it makes sense. However, we’re talking about critical parts of the Secure Element thing. The phone is basically saying “Well, I know iOS 8 was good, but some critical part of the security systems has changed and I can’t vouch for this iOS 9”. Having your broken screen replaced by a non-authorized shop is one thing, but this is another ball game since it involves secure parts of the phone. I think the case here is that there are some elements that are off-limits for non-authorized shops due to security concerns over the owner’s data, not a deliberate effort to brick the phone just because Apple doesn’t want you to take your phone to the shop next door instead of the Apple Store.

The TouchID is already configured so that it can be disabled separately - even remotely by users as part of Find My IPhone feature. And the biometric data is not stored in the TouchID module (though I suppose if you really wanted to spend money making and installing a fake Touch ID you could do a man in the middle attack - but why?).

Right, but the repair person will have to reboot the phone and have to get you to log on to your phone using your passcode anyway.

I thought Blackberry was the choice of security-conscious people?

How is this not an opt-in program?!?

It’s Apple. You can have your model 6S with any features you want as long as you want Apple’s non-optional features.