Sorry, I’d rather have my phone do EXACTLY THIS if it were stolen, rather than have my gpg store compomised on it and passwords to everything @boingboing and @doctorow have compromised instead.
If anything, Apple should have specifically mentioned this as a marketing feature - your phone will be unusable if it detects tampering with the trusted enclave.
One of the problems with modern security is people who don’t understand it performing implementation. Humans are the weakness in the system, and the admin who lets their network be compromised for ease-of-use risks intrusion. This holds true for hardware, as well - one can only assume that properly trained staff at authorized dealers know how to repair the phones while maintaining security. In theory anyone could with the correct parts that behave properly, but instead, untrained or misbehaving parts are used to save a buck.
So, this isn’t as life-threatening as, say, letting a random repair shop replace your impact sensors in your car with cheap knock-offs, because it’s unlikely that your phone will kill you (I hope), or short-circuiting some hardware lockout on your datacenter gear because it’s too annoying to keep configured and maintained properly. But the principle is the same. Don’t mess with security hardware or software if you don’t 1) know what you are doing and 2) can ensure your replacement parts/code are interoperable and safe.
Can’t be lost or stolen if you don’t have it on your person. Of course then the problem is getting the current value - oh, wait, let’s be clever and stick it on the Intarwebs!
I have the suspicion that Apple’s security paranoia is related to ApplePay. Which customers do they piss off-- those for whom the iPhone is the most valuable thing they own, or those who use their iPhone to manage accounts worth far more?
So you’ve never had three different Android apps all try to play music at the same time from your mp3 library because you hit the ‘play’ button on your headset?
Except it doesn’t do this if it is stolen. Only if it is serviced using an unpaired authentic part or a unauthorized part. Something that no one stealing phones does.
The sensor doesn’t provide any actual security it just creates a biometric reading. replacing that sensor with any other sensor doesn’t in any way impact the previous biometric data, if will only unlock if it provided the exact data as the previous sensor, which of course there is no way of knowing or doing.
They are adding these same detection to other pieces of hardware not security related because this has absolutely nothing to do with security. the same security holes still exist, data can still be read off of a locked iphone and the phone re-imaged so that it can’t be relocked and is then sold on the black market.
this is only about enforcing that apple gets a cut of all repairs and that the phones can only be serviced by people paying apple for service licenses. DRMed parts, full stop. permanently bricking a phone is way past just voiding the warranty, it is actively and maliciously destroying customers personal property.
Of course I already mentioned this above if one had read the previous comments…
Speaking as someone who has secured high profile targets for some time - if someone replaced my fingerprint scanner with one that included a skimmer, say, I’d like my phone to refuse to use it.
Good security systems don’t just secure against today’s threats, they attempt to prepare for tomorrows.
But I’m sure monopolizing the lucrative touch-ID replacement industry at the cost of inconvenienced users is far more important to Apple…
I get the theory…but the engineering effort that would have to go into creating compatible fingerprint skimmers that could then transmit the skimmed data is staggering, hardly worth it for the one piece of biometric data that you literally leave hundreds of thousands of copies of everywhere you go and on everything you touch and that are easily obtainable through police and government databases.
What is the lifespan of an iPhone? 4years? How many years into the future are they planning? If so why for the love of security would they use fingerprints and a scanner with only 80 datapoints, and 4 digit, then 6digit, and now 8 digit passcodes.
That’s kinda like putting an fancy lock on a screen door and burning down someone’s home if they replace the lock.
Again, though. Impractical today isn’t a reason not to design resilient software. The secure enclave was designed to be robust, and I contend that the unlikely attack vector today is still a possible vector tomorrow, and in fact, may even explain why designers didn’t bother to make the error more friendly - the presumed it would not occur in the wild with any frequency.
Either way, it’s certainly reasonable doubt as to motive. Given the evidence I choose to accept “robust security” as the primary motivator in this case.
I disagree. Picking the weakest possible biometric, failing to secure the actual egress points in use today on stolen phones, using a baseband os that has known exploits that are undetectable, weak passcodes, all point to this not being a longsighted security move.
I do get your points. I guess like you say, I doubt their motive, and believe I have reasonable basis to do so.
They’ve swapped out screws, created custom bits, etc. all in the past admittedly to stop third party repair. They have a known history of this behavior and a history of doing things like this contrary to the customers best interests.
Apple is know for this. Have you ever seen an apple error that wasn’t a cryptic error code? As a long time iOS and OSX user I never have.
I’d also add that making this a feature users could enable/disable would be preferable to destroying people’s personal property without their consent.
All of that sounds plausible when people think “Ooh, fingerprint scanner,” but all the fingerprint scanner is is a data input device. You could just as easily, if not more easily, engineer a skimmer into the screen digitizer, yet Apple apparently allows 3d party screen replacements. And there is no need for bricking the device, especially without warning. Apple could just as easily lock out the fingerprint scanner given that it is not not part of a dual authentication scheme, and, in fact, the phone is designed to turn off the scanner separately, even by remote, because the passcode is the primary authentication. And if this is sooo important, the phone should refuse the digitizer input upon replacement, not months later, after an update, without warning.
So, I’d say, that pretty much any excuse you can think of for Apple from a security perspective is nullified or contradicted by their other actions. This is an Apple control issue, much more so than a best security practices issue.
