The iPhone 7 Has Arbitrary Software Locks That Prevent Repair (vice.com) 199
Jason Koebler, reporting for Motherboard: Apple has taken new and extreme measures to make the iPhone unrepairable. The company is now using software locks to prevent independent repair of specific parts of the phone. Specifically, the home buttons of the iPhone 7 and iPhone 7 Plus are not user replaceable, raising questions about both the future repairability of Apple products and the future of the thriving independent repair industry. The iPhone 7 home button will only work with the original home button that it was shipped with; if it breaks and needs to be replaced, a new one will only work if it is "recalibrated" in an Apple Store.
But people will keep buying them... (Score:4, Insightful)
...so this'll continue unabated. Just like how gamers bitch and moan about unfinished games being released, and then still go out and buy the latest call of duty on release day.
Re: (Score:1)
But people will keep buying them...
Dude, how else am I to present an image to the world that I am so wealthy that I can overpay Apple to make a repair that any Chinese 8 year old on a street corner could do?
Re: (Score:2)
Did it occur to you that maybe if a repair shop can intercede with the authentication mechanism, so can govt. spooks (think Chinese Govt vs. Political Activists) as well as hackers after your apple pay info, or other sensitive data stored in your keychain? The independant repair industry for a $1000 product that has a practical life beyond the warranty period of just a year or two, for just a few specific parts is far, far, FAR less important that data security and protection from absolutely everyone. So w
Re: (Score:2, Insightful)
Did it occur to you that maybe if a repair shop can intercede with the authentication mechanism, so can govt. spooks (think Chinese Govt vs. Political Activists) as well as hackers after your apple pay info, or other sensitive data stored in your keychain? The independant repair industry for a $1000 product that has a practical life beyond the warranty period of just a year or two, for just a few specific parts is far, far, FAR less important that data security and protection from absolutely everyone. So while most people will not think twice about it and say "Fuck Apple.". No. Fuck you. Go buy an Android any ass-hat can repair then. I prefer my iPhone to be as secure as they can practically make it, while keeping it relatively functional.
It's not secure from the Feds. They broke into that iPhone in Texas by compromising it and bypassing the encryption altogether. They also haven't released the details of how they did it. So your using security by obscurity instead of Android where everything is transparent. Might as well install windows on your phone instead.
Re: (Score:3)
That was an iPhone 5. There's no evidence (yet) that the FBI could do the same thing with a 7.
Re: But people will keep buying them... (Score:2)
Re: (Score:2)
All the more reason (Score:2, Insightful)
to never buy apple products.
Nuff said.
Re: All the more reason (Score:1)
I agree. iPhones suck anyway.
Re: (Score:2)
Honestly the Iphone 6 and prior i feel are the best phones available, but they have to be jail broken so you can use GNU tools. Far superior than 99% of android phones. Mind you i hate every other apple product because they charge more for old hardware that you cant even upgrade. but the iphone wins my heart in the mobile arena. Hopefully Linux will win the OS war since microsoft is turning more and more to shit by the update. either way. Iphone 7 is the worst phone apple has made. started with the headphon
It's for your own safety, trust us you dumb fucks. (Score:5, Informative)
Former phone repair tech here, it's been this way since TouchID became a thing, with the iPhone5S I think?
I hate to claim "it's not a bug, it's a feature" but this is done to make sure you cannot replace the home button with one that will send a "correct" signal for an incorrect fingerprint.
Home buttons have been tied to the motherboard they shipped with as long as the iPhone has had fingerprint readers, this is not new.
Re: (Score:2)
Wow, this is really old news folks. And as the OP says, its for your own safety. /. has gone downhill if this is getting through...
EMA
Re: (Score:2)
Re: (Score:2)
All the user data on the phone is encrypted. How is the game over?
Re: (Score:2)
Re: (Score:2)
Here's a list of numbers for you to crack. All you have to do is factor them. Please post your results. https://en.m.wikipedia.org/wik... [wikipedia.org]
Re: (Score:2)
Re: (Score:3)
On iPhone 7, the home button isn't a real button anymore - it's just more touch sensitive space.
The old models probably still had software that triggered on the manual button click which is completely separate from the fingerprint reading / encoding software, and that software probably still exists for older models in the most modern versions of the OS. However, that button doesn't exist any more, so only the fingerprint software with the lockout ever gets used on iPhone 7. It's entirely possible that App
Re: (Score:2)
Former phone repair tech here, it's been this way since TouchID became a thing, with the iPhone5S I think?
The difference is that in past iPhones you could replace it with a third party button, you lost TouchID and had to log in with a PIN but otherwise it worked. Now it's Apple's button or no button at all. Maybe they just decided it's safer for some reason or it's just a side effect of a design change or maybe they had second hand sales that were unhappy they got a "fake" home button. Whatever the reason my guess is Apple won't budge and you'll probably not win a law suit so... that happened.
Re: (Score:2)
They could make the phone disable fingerprint auth and warn the user when they tried to enable it again. They don't have to brick the phone.
Re: It's for your own safety, trust us you dumb fu (Score:4, Insightful)
The button itself doesn't need to "do[] the pass/fail decoding on the fingerprint" for a successful attack. It need only replay the signals sent by a previous pass.
Re: (Score:2)
So they Johndeere'd the iPhone for a passable reason?
Re: (Score:2, Insightful)
And that's asinine by itself, because the EPA is infringing on tractor owners' property rights in order to prevent the "possibility" of those owners violating air pollution laws. Essentially, the EPA apparently considers any modification of the tractor to be an attempt [wikipedia.org] or conspiracy [wikipedia.org] to violate the Clean Air Act, despite the fact that, since there are plenty of other reasons someone might want to modify their tractor, neither the ac [wikipedia.org]
Re: (Score:3)
>Essentially, the EPA apparently considers any modification of the tractor
You can modify all sorts of crap on a JD tractor. Tires get changed all the time. You can change the entire cab if you want.
You just can't screw with the engine controls. Contrary to your line of argument, doing that has a very high probability of changing its emissions (like 100%).
> In other words, that EPA regulation should be considered unconstitutional
Then get a lawyer and sue them, and see if the court agrees with your asin
Re: It's for your own safety, trust us you dumb fu (Score:5, Interesting)
No.
First of all, merely "changing" the emissions does not necessarily mean making the vehicle violate the emission standards. For example, if the owner made modifications elsewhere -- such as by switching to a cleaner fuel, like biodiesel -- it's entirely possible for there to be different settings that optimize the engine operation while still maintaining equal or better emissions. For that reason alone the EPA rule is overreaching.
Second, the ECU performs an increasingly large number of functions beyond just things that affect emissions. That means the bullshit emissions argument is used as an excuse to DRM all the other computerized functions in the tractor, up to and including things like GPS tracking or self-driving modes. Even worse than that, John Deere has argued that the DRM infection means the farmer only "licenses" the entire fucking tractor [wired.com], including the hardware parts!
Therefore, this claim of yours:
...is not true, at least from John Deere's perspective. If this sort of tyranny is allowed to stand, there would be nothing stopping John Deere from requiring farmers to obtain its permission even to change the fucking tires (using only John Deere "licensed" parts), in exactly the same way e.g. Lexmark tries to pretend it's illegal to use third-party ink.
Fuck off with your strawman arguments!
Re: (Score:2)
If there's more than one activation of the scan in a short period of time, you know the previous one that was just sent didn't work - overwrite it. If there's no call for another scan in the next 5 seconds or so, you know it was likely a good one and you commit it to memory. Then replay that when called to do so by nefarious people.
Re: (Score:3)
Actually this is illegal. There are laws in place that let you repair your own equipment. If I owned an iphone I would just take them to court and watch them lose.
They can have the case tied up in court for years. You'll go bankrupt just paying your landshark.
Re: (Score:2)
You're missing the point. Users certainly are free to repair the phones. Establish law there.
Apple's way around this is to not sell replacement parts. There might be something to the security angle, but sounds mighty fishy.
And ya, this is old news, since at least the iPhone 5.
So, (Score:2)
Not a terrible thing (Score:5, Insightful)
This does not seem unreasonable. I say this because the home button is also a fingerprint reader, which is a security device. If a shop installs some kind of 3rd party button there, the security of the device could be compromised.
Apple's garden is walled. It keeps the users in, but also keeps the bad things out.https://apple.slashdot.org/story/17/04/07/1734249/the-iphone-7-has-arbitrary-software-locks-that-prevent-repair#
Re:Not a terrible thing (Score:5, Interesting)
Actually, it does seem unreasonable. The proper behavior would be to detect the unknown reader and purge all fingerprints from the secure enclave, forcing the user to set up fingerprint recognition again after unlocking with the passcode. That would mean that the user would be alerted to the fact that the hardware was altered (thus preventing surreptitious swapping as a targeted attack) while still allowing the device to be repaired by swapping hardware at the user's request.
The current situation is exactly the sort of behavior that got car manufacturers a very nice set of laws that mandate repair part availability, etc. Keep going down this path, and Apple will earn the consumer electronics industry a similar set of regulations, and none too soon.
Re:Not a terrible thing (Score:5, Insightful)
The issue is that the fingerprint sensor is trusted to neither store fingerprint data nor replay finger presses.
If you accept data from untrusted sensors, an attacker could replace the sensor with a device that will store valid finger scans and retransmit them when triggered by the attacker.
So you need both trusted firmware and a secure pairing process to ensure the device is not compromised in this manner.
While I suspect this move is mostly motivated by a desire to obstruct third-party repairs, there is also a legitimate security concern with this particular component.
Re:Not a terrible thing (Score:4, Insightful)
Re: (Score:2)
And this is exactly what happens. If you install a new home button, the fingerprint part stops working and it only works as a home button.
Don't you feel all smart now?
Re: (Score:2)
Don't you feel ignorant now?
Re: (Score:3)
The iPhone 7 doesn't have the mechanical button any more. It's just the fingerprint reader. So if the fingerprint reader is locked out, so is the not-a-button that servers as a home button.
I'll refrain from putting some snarky idiot question on the end of this post, as I hope the irony has already caught up.
Re: (Score:3)
Re: (Score:2)
So you think that if a sensor is locked out, that it will still work? What part of "the hardware security trust has been broken, so the phone won't listen to any inputs from that device" exactly confuses you? And you're calling me dumb?
Be quiet, adults are having a conversation.
Re: (Score:2)
Who said anything about accepting data from untrusted sensors? Trust should not mean trusted by Apple, because it isn't Apple's device once it arrives in a user's hands. It is the user's device, so the user should decide whether a sensor is trusted. That means if the user intentionally replaced a broken sensor (or broken screen
Re: (Score:2)
It is the user's device, so the user should decide whether a sensor is trusted.
Apple is selling a device with a locked bootloader device, a proprietary OS, and a walled-garden app store. At what point is the user given much choice about trusting Apple (in the cryptographic sense)?
In order to support 3rd-party sensors, both the OS and the security enclave would need new functionality. The user would have to authenticate with a passcode or Apple ID to approve the new hardware. Apple may never develop this functionality, and it is entirely their choice as a private company.
If you do not
Re: (Score:2)
there is also a legitimate security concern with this particular component.
This would worry me if I had something on my phone worth protecting. My pincode is 000000. I needed a pincode enabled for another feature, but I didn't want one. Personally the ability to repair a device is far more important to me than incredibly high security on a device that has nothing of personal value on it.
Re: (Score:2)
This would worry me if I had something on my phone worth protecting...
Then, quite simply, this feature was not designed to fulfill your requirements.
the ability to repair a device is far more important to me than incredibly high security
If repairability is important, then Apple products will not be ideal purchases. Apple has a 10-20 year track record of being difficult to repair, and they are trending away from what you want.
Building disposable products has been a dream for many manufacturers, and Apple is doing everything it can to get there. When this desire dovetails with a marketable feature, of course they will choose this route. It's the kind of bad-but-ex
Re: (Score:3)
The problem with this way of thinking is that once the device is one generation out, Apple will not fix the device. They'll only sell you a replacement.
Case in point. Shattered my iPad Air screen a while back. Took it to Apple and they said that they don't repair screens for anything but what they're selling on the floor. MEANING...that if I had an iPad Air 2...they would have replaced the screen.
They did offer to sell me a replacement iPad Air for twice as much as the local Zagg kiosk would charge to repla
Re: (Score:3)
The groveling passivity of Apple apologists is disgusting.
Re: (Score:2)
Unless the new fingerprint reader stored your fingerprint and played it back later after your phone was stolen.
Re: (Score:2)
You've actually PROVEN apple's case here. If I can put a keylogger inline with your keyboard, or sniff your wireless logitec, then I don't need to *know* your password, I can just replay your keystrokes. It's just that in the case of a keyboard reversing to the password is trivial, where reversing to a useful finger is harder.
Re: (Score:2)
They'd have your password though.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected.
That's on every entry in the list. Apple even came out and said that everything in the wikileaks page had already been fixed. Are people going to keep looking for new things to exploit? Sure. Is Apple going to keep fixing them immediately? You bet!
Secure by design (Score:5, Insightful)
Re: (Score:1)
Also, this has been known since right around the time someone first got outraged by this back in the iPhone 5S era (4 years ago, as of the time of this post). How is this "news for nerds", or for anyone else for that matter?
Re: (Score:1)
If i had points you would get them .
Its shitty since it makes it harder to repair, but the alternative is that almost anyone with basic electronics skills would be able to by pass the scanner and unlock your phone, and more importantly access the data on it. The feds would kill for something like this.
Re:Secure by design (Score:5, Insightful)
You are 100% correct. Don't feel the trolls - this is clickbait headlines and a BS story. If you believe in security, this is a good thing.
Re: (Score:2)
If you believe in security, this is a good thing
I believe security should be optional to the end user, not something they are forced to pay when not needed. Sure flag up warnings and disable things like Apple Pay if the finger print reader has been tampered with. But some people actually use the device as a phone and a web browser, and really don't care about Apple's secure enclave.
Re: (Score:2)
You're a 100% fucking moron.
Says the guy who can't even spell "you're" correc....
Wait a sec. You spelled it correctly. That's some "end of the world" levels of weirdness there, what with our trolls spelling "you're" correctly.
Re: (Score:2)
It could use a comma after the imperative statement that he started with, given that the rest of it is a noun of direct address.
Re: (Score:3)
Fingerprints are not the primary security on the device. "Recalibration" (pairing) should require no more than entering the PIN and/or logging into the associated iCloud account.
Re: (Score:2)
Well, any such repair would involve shutting off the phone, so the user would know that the phone had been turned off. That said, it should be more obvious to the user than that. Nuke the fingerprints and require the user to reset them. Make it painful enough that the user will ask "Why the h*** am I having to do this" and will go online to look it up. That way, somebody swapping the part without the user's knowledge will set off actual warning bells in the user's head.
What makes it bad is that neither
Re: (Score:2)
What makes it bad is that neither the user nor third-party service centers can do this "recalibration". It should be very nearly automatic with nothing more than an alert on the user's screen ("Your Touch ID sensor has been replaced. You must reprogram authorized fingerprints before you use Touch ID.") every time the user attempts to touch the Touch ID sensor until they add the first fingerprint (thus proving that they have the passcode and can unlock the device). This gives the same security protection without raising right-to-repair issues.
You're assuming that the replacement sensor is honest and/or hasn't been tampered with. If the sensor has been replaced with one that has been compromised, it would be a fairly easy vector to obtain access to the phone. A paranoid user might see that message and no longer trust the phone, but I'd bet that most would click through it and reprogram the unit. This really isn't much different, conceptually, than putting a keylogger inside a keyboard itself.
So the question becomes, how do you ensure right-to-rep
Re: (Score:2)
So the question becomes, how do you ensure right-to-repair, while still maintaining security?
The answer is that you have the right to choose a dodgy replacement. It's your device. If you want to cheap out and go with an untrustworthy provider, that is completely your choice. Most service providers will seek out a good part, because it's financially in their best interest to provide an adequate repair and they ultimately assume the liability if the replacement part has compromised security.
Either way, the false threat here is stolen phones getting unlocked by having the fingerprint reader replace
Re: (Score:2)
Re: (Score:2)
No, the way it should work is that an untrusted touch sensor isn't trusted. Which is exactly what happens. They can use it as a button, but not as a Touch ID sensor to verify their identity. If the user wants to unlock their phone, they need to fallback to using their passcode or PIN instead.
The only way that your suggestion makes any sense is if you first get the user to unlock their phone using a passcode/PIN and then explicitly opt-in to using an untrusted Touch ID sensor. At that point all bets are off,
Re: (Score:2)
Did anyone at all bother to RTFA before commenting???
No. Why would we? This is Slashdot. We let others rightly correct us...and then tell them they're wrong.
Repair your BMW Fuel Injection System ??? (Score:2)
Not unless you have the tools and ability to calibrate the system, or it might not be set up right, or something else might still be wrong.
Re: (Score:2)
Android devices don't have home buttons that could be insecure in the first place, dipshit.
Need federal right-to-repair laws... (Score:4, Insightful)
...and laws that establish fair-use guidelines for software that's required for hardware to function. Unfortunately this is something that would have to be grassroots and widespread, no one party would ever make any headway on this unless there were an outcry from constituents, and even then it would be hard to overcome corporate counter-push.
We've seen this kind of problem with conventional cars and light trucks, with heavy trucks, with farm implements, with major consumer appliances, and the prolifieration of this mindset is only getting worse as more and more functions can be software-tied.
The laws need to say that software bundled into the device is considered part of the device, and may not be used to encumber the right to service or repair the device, and that for such software that is also intended to communicate with other software, the vendor must continue to support and maintain that code for bugfixes and security vulnerabilities for the realistic lifespan of the device and must provide a reasonable means for the owner to install such an update.
Yes, this would increase the cost of the device originally, as the concepts for update must be turned into an actual process, but on the other hand if that means that the device can function for longer then it's net effect on the consumer should be small as they can continue to service and repair devices for longer than if vendor-created blocks stop them from doing so.
Re: (Score:2)
Ahhh. You mean something like federal laws regarding the repair of your personal vehicle. Like, for example, the federal law that says you cannot replace a wheel on your vehicle with another one unless it has TPMS (tire pressure monitoring system) sensors in them compatible with the vehicle, and the sensors have been configured and interfaced with the vehicle's computer, which for many vehicles requires proprietary diagnostic hardware costing thousands of dollars. So in other words I can't undo 5 lug nuts
Re: (Score:2)
The law does not say you can't replace a wheel without TPMS. It says you can't disable a safety system. In the case of TPMS, the 'safety' aspect is in the form of a warning to the driver that there is a problem - either tire pressure is low or there is a malfunction in the system. You can replace a wheel without TPMS, but you can not disable the malfunction indication because it is, in fact, malfunctioning.
Re: (Score:2)
Even more basic than that, what we need is to realize that the Fifth Amendment affirms the right to property and that any law that prohibits the owner from modifying his property -- such as the DMCA's anti-circumvention clause -- is therefore unconstitutional.
Re: (Score:2)
You do realize that many of those 'restrictions' are in there precisely BECAUSE of laws, don't you? Things like 'you must detect modifications to emissions systems' and 'you must detect modifications to safety systems'. And if you think those types of laws are going away, especially with things like self-driving cars, you're nuts.
Apple gets it when it comes to security (Score:1)
Thank God we have a tech company that's on our side. The FBI would love to swap in a fake touch ID sensor to break into your phone. Not going to happen.
Android, on the other hand, ahahahah
Re: (Score:2)
The FBI would love to swap in a fake touch ID sensor to break into your phone. Not going to happen.
...because obviously *that* would be the attack vector the FBI uses, right. The home button.
Wasn't this already covered a year ago? (Score:2)
I can at least understand the argument for preventing unofficial home button (or parts of it) repairs as it contains the finger print reader and it could be a lot easier to attack the security of the device if you could replace the reader.
Or perhaps its just a conspiracy to get people to upgrade to the next iPhone about which we seem t
Re: (Score:2)
Re: (Score:2)
Maybe not for the NSA.
Security, yes? (Score:5, Interesting)
Re: (Score:2)
If it ceases to be secure, does it matter for most people?
What are you protecting? Tie services that require security to the presence of the correct fingerprint reader. But there's no reason to force the fingerprint reader to be locked down if for example the user doesn't use the fingerprint reader.
Re: (Score:2)
And you trust that Apple appointed "Secure Enclave" to actually be secure? What if you actually want to install a 3rd party home button because you trust them more? Imagine if all your apple computers required an apple keyboard because "security and key loggers". Imagine if the home button factory is under state control and it isn't just secure, it's "homeland security" secure.
...happily, this argument is moot; if you don't trust Apple's Secure Enclave, you don't trust any other part of the device, either, and you therefore do not own one in the first place.
Not an ARBITRARY lock at all (Score:5, Insightful)
Re: (Score:2)
I would personally prefer the attacker to be able to replace the home button than e,g, to sever my finger, but then again I would not use a fingerprint as any sort of "security" ;)
But, in seriousness, if, despite how easy it is to get someone's fingerprints, you decide to have it as an option for login, yes, it makes perfect sense to have the reader/home button locked to the device and tamper-proof. I can find many many things to call Apple out on, this is not one of them.
Re: (Score:2)
At best, biometrics are a means of identification, but that is not the same thing as authentication. In other words, a reasonable use of the fingerprint would be as a replacement for the username, not the password.
Re: (Score:2)
The original poster has no problem with disabling the Touch ID function when replacing a button and specifically states that it makes sense from a security perspective. The problem lies in disabling the return to home functionality. As long as I am ok with not having Touch ID available why shouldn't I be able to replace the home button?
Re: (Score:2)
Man, cut the crap. Of course the phone should not allow a new home button to unlock the phone. But once the phone is unlocked by some other means (a long password), there should be a way to reset the functionality of the home button.
Re: (Score:2)
Imagine a world where in order to unlock your phone all I have to do is open it up and swap out your home button with one that will let any finger unlock the phone.
Why go to all the effort? You can just press my home button. No need to fingerprint anything. Not everyone requires high level of security. Not everyone uses a fingerprint reader. If Apple has a problem with the hardware security, why not just disable the fingerprint functionality on devices where its been tampered with. I mean there's only several other ways to both secure and to unlock a phone.
Just Bought a Google Pixel (Score:1)
after years of being on iPhones. So glad to leave that physical Home button behind. The Pixel is faster, brighter, does more, and is generally better than iPhone with one exception. The sound on the iPhone is a tad better. I doubt I will go back to Apple phones. The 8 is going to be brutally expensive and for why?
Not Arbitrary and Not New (Score:2)
Read the article before commenting (!) (Score:3, Informative)
We need options (Score:2)
https://youtu.be/VgC4b9K-gYU
Yep. (Score:3)
I'll give people the benefit of doubt, but it sounds like a whole ton of commenters here are going on with guesswork.
First of all, no, it's not easy in any way shape or form to create a rogue touch ID reader that would "send signals" allowing the iPhone 7 to be unlocked.
It'd already be plenty hard for someone to open up a phone and replace it surreptiously, let alone coming up with new hardware that would be compatible.
Do you guys even know how the TouchID reader works? Well, neither do I of course... it's proprietary. But here's an overview:
http://edition.cnn.com/2013/12... [cnn.com]
http://edition.cnn.com/2013/09... [cnn.com]
https://support.apple.com/en-u... [apple.com]
Basically, it works like a very specific and proprietary camera/microscope. It detects fine detailed fingerprint information, converts it into code and sends it to the SoC to be processed via software.
Nothing is processed on the button itself, and even if it was, you wouldn't be able to easily figure out what it did - or it'd be unsecure by definition.
But again, the hardware is very proprietary. You'd probably need insider knowledge of production to even come close to making something that would work like it, and it'd be expensive as hell to reproduce one. The companies that makes these things have secretive processes that not only would be incredibly hard to figure out, it'd be outright impossible to reproduce without proper technologies.
Do people even realize how much easier it'd be to just chop up someone's finger and bypass the whole thing anyways?
Even if you couldn't go to such extremes, it'd be easier for hackers and malicious actors to try to reproduce an entire detailed human finger complete with ridges, pores and whatnot (at it's current stage) than creating some rogue device that could bypass the security enclave somehow.
And you cannot retrieve information from previous fingerprints used for authentication because they are encrypted in the phone storage, not in the reader.
The only likely scenario where Touch ID could be used to steal fingerprints, depending a lot on how it works, would be to use an original unit modified to store readouts, and then creating new hardware that would send those into the system. But that's quite unlikely... if not outright impossible. Again, it depends on how exactly the reader works. Note though how no one every did anything like this, because it just doesn't make sense. iPhones will always have easier vulnerabilities to explore to retrieve data.
It's always good to note though that fingerprint sensors should NEVER be used as the sole authentication method if you have sensitive information inside the phone. Because, like I said, it's a matter of finding a way to make a very detailed reproduction of your finger. With 3D print technology and camera technology always improving, it'll be doable at some point in time.
It was already done for the iPhone 6, though not something that just anyone could do:
http://www.cultofmac.com/29688... [cultofmac.com]
Apple is already facing a class action lawsuit regarding the so called Error 53, related to iPhone 6 bricking the phone if the Touch ID was replaced, so it really doesn't look good for them to repeat the whole deal for the iPhone 7.
https://www.macrumors.com/2016... [macrumors.com]
Australia's consumer protection agency also just filled a lawsuit:
http://www.ubergizmo.com/2017/... [ubergizmo.com]
And you know, the company has backtracked because the very same excuses some commenters are making here were not enoug
Courage (Score:2)
It takes courage to piss off your customers and drive them to Android.
This is really a boot in the face... (Score:2)
This is really a boot in the face for people trying to sell stolen iPhone parts on eBay.
Won't someone think of the childrent^WiPhone theft rings?!?
What features cannot be repaired (Score:2)
From the article:
a new home button would break the phone's TouchID functionality, but the button's return-to-home functionality still worked. The phone could still be locked and unlocked as normal by entering a pin number, suggesting that the two functions are separate pieces of software that are not tied together.
The first concern I had was whether the entire button would refuse to work, and that would be bad. If only the security features are disabled, and there are alternate ways to log in, this sounds perfectly reasonable.
Re: Hey Apple... (Score:5, Informative)
This is a re-post article... and the reason for it has already been made clear: If you can replace the fingerprint scanner, you can trick the phone into giving you access. This is why apple locks the hardware together. Not that I'm an Apple fanboi or anything, and I do think that people should have a choice, but perhaps that choice should be that apple will "unlock" all your hardware if you so request, and then you can put any hardware in there you like, knowing that you assume all risk. I imagine they'll never do that because it's just more work for them, and they have a reputation to protect even in the resale market. But if I'm apple and I face a decision on whether to lock hardware (so I can advertise as having a very secure device) or not (so I can advertise having a hackable device), I at least want my advertising strategy to align with my build strategy.
But there you go, knowing is half the battle.
Re: (Score:3)
Re: Hey Apple... (Score:4, Informative)
Which is exactly what they did [ifixit.org]
Re: (Score:2)
You have to enter your PIN or password after reboot.
Re: Hey Apple... (Score:5, Insightful)
They are saying you could replace it with one that records the data from the sensor and then replays it later at the attackers whim. Making and using a jelly finger is a much better, easier, cheaper and more covert attack vector and so you are correct that the excuse is bull for the real reason of stopping people replacing commonly failing parts in their electronic devices without paying the corporate overlords their cut.
Re: (Score:2)
They are saying you could replace it with one that records the data from the sensor and then replays it later at the attackers whim. Making and using a jelly finger is a much better, easier, cheaper and more covert attack vector and so you are correct that the excuse is bull for the real reason of stopping people replacing commonly failing parts in their electronic devices without paying the corporate overlords their cut.
Sure. But for the jelly finger you need a good, clean print of the correct finger, several hours of work, and the right tools (like everything used to make your own printed circuit boards), Which is why we hear of people doing that all the time - in fantasies written by Apple haters, or by hardware repair industry lobbyists.
While the "record" strategy would always work, much faster, always the same way. In the case of the hardware repair industry while the customer pays for it.
Re: (Score:2)
> If you can replace the fingerprint scanner, you can trick the phone into giving you access.
No? Your fingerprint isn't stored in the home button. Replace that shit all you want.
So instead put a device between the home button and the chip the fingerprint is stored in. Log what the finger print sensor sends to that chip. Then re-send that on command when you want access to the device.
Re: (Score:2)
Re: (Score:2)
They might not be good players but at least there are a multitude to choose from.
it doesn't matter they are all shit, at least there's a whole lot of shit.