Apple’s decision not to allow arbitrary parts to talk to their security enclave is a good security decision. However, Apple had handled this very poorly, by bricking the phone.
My guess is that Apple employees only live in areas with authorized Apple stores, and can’t possibly imagine a legitimate reason for unauthorized repairs.
I heardᵝ that touchid is simply disabled if it isn’t validated. The problem appears to be that when the user then later updates, some part of the update fails because it expects the touchid to be working, but it is instead disabled. My guess is a nasty bug as part of the install/upgrade process. I read somewhere on the hackernews thread about this that for some users a restore of a backup of an older got their phones usable again (with touchid still disabled).
Does installing rando third-party aftermarket parts void the warranty?
ᵝ: Info is a bit vague and reactionary on this topic, so I am not sure if this is true or not.
Doesn’t it speak volumes that everyone who has this issue just goes ahead and buys a new iPhone instead of, you know, not giving Apple more money? Why would Apple even consider fixing this problem?
In a functioning society, because this anti-competitive behavior would result in a huge enforcement action. In ours, yeah, the incentives are not there.
In Zdziarski’s view, the security feature is “especially useful” in a number of different scenarios, including the protection of “high-profile individuals whose devices could possibly be bugged.”
Surely someone capable of bugging a high-profile individual’s phone can also bribe an underpaid Apple® Genius™ to validate the peripheral.
There are a plethora of options in between “trust whatever touch sensor is installed” and “irrecoverably brick the phone.”
It’s not clear to me why the fingerprint sensor is anything other than a sensor. The worst thing a faulty sensor could do is lie about what fingerprint is being presented, which is trivial to do anyway because spoofing fingerprints is incredibly easy. Why does the sensor have “access” to the “secure enclave” such that it’s necessary to key them to each other? That makes no sense.
IANATIDE, but my guess is this is the same reason we don’t send passwords in plaintext over the wire. If it’s just a plain sensor, it’d be trivial to build and install a replacement to intercept the signal, and either replay it later to gain access or create a replica fingerprint that conforms to said signal. Think of unique TouchID sensor and whatever it is in the TouchID stack that pairs with it to be a unique pairing with their own shared encryption key. Again, this is all conjecture, but makes sense to me.
That, and part of Apple’s privacy story is that your fingerprint data is “entangled”(their words) with a per-device key in such a way that your fingerprint can’t possibly leak.
In that sense having a paired sensor & secure enclave does seem a sensible design.
Why are people being ignorant? You beg for Apple to be more security conscious, so they build encryption and the secure enclave into the iPhone. Now you get angry that you can’t put knock-off replacement parts that talk to the secure enclave into your phone? This is irresponsible sensationalist bullshit.
If the biometric sensor is no longer trusted, fall back to a passphrase. Don’t brick the phone.
I imagine this could be something like the increasingly dire and difficult to bypass warnings browsers give you about certificates. “Your phone has been compromised. Would you like to continue trusting it?” Okie dokie!
I’ll accept this as long as when the untrusted sensor is in the phone there is a limit of 2 attempts before it wipes the phone