
iPhones 'disabled' if Apple detects third-party repairs - lentil_soup
http://www.bbc.co.uk/news/technology-35502030
======
tristanj
The current article (from bbc.co.uk) does a poor job covering the issue. In
summary, Apple iOS uses a validation system to ensure Touch ID sensors are not
been maliciously replaced or modified. The Touch ID sensor has access to the
iPhone Security Enclave, where fingerprint data is kept. A malicious sensor
could, hypothetically, steal fingerprints from an iPhone user unknowingly.
This could be used to unlock the phone and make purchases through Apple Pay
without the owner's permission. To prevent this, Apple uses a validation
system whenever the Touch ID sensor is repaired. When iPhone is serviced by an
authorised Apple service provider or Apple retail store for changes that
affect the touch ID sensor, the validation paring is updated. Third-party
repairs to the sensor will not update the pairing, and will fail validation
when using Touch ID. This validation error is shown to users as the mysterious
"Error 53".

From the Daily Dot article, if a user encounters this error, the current
resolution is a full device replacement. I don't think Apple expected many
people to encounter this issue, so it seems reasonable why they chose this
option.

This is a great security feature for users, and I'm really glad Apple
engineers considered this situation. Unfortunately the media is blowing this
and leaving crucial details about what's happening and the reasoning behind
it.

Here is Apple's statement on the matter:

 _We take customer security very seriously and Error 53 is the result of
security checks designed to protect our customers. iOS checks that the Touch
ID sensor in your iPhone or iPad correctly matches your device 's other
components. If iOS finds a mismatch, the check fails and Touch ID, including
for Apple Pay use, is disabled. This security measure is necessary to protect
your device and prevent a fraudulent Touch ID sensor from being used. If a
customer encounters Error 53, we encourage them to contact Apple Support._

~~~
soneil
I think it's difficult because they can't match our expectations if they try.

If it happens in good faith, eg, because I discovered getting repairs locally
is $250 cheaper than Apple; I'd like a prompt saying "are you sure". "are you
aware something's up here". Maybe require my PIN to convince it everything's
still kosher.

If it happens in bad faith, as part of a concerted attempt to retrieve data
from a locked handset .. I want it to explode. I don't just want it to brick
itself, I want it to brick the attacker.

Damned if you do, and damned if you don't.

------
r-w
Doesn’t it speak volumes that everyone who has this issue just goes ahead and
buys a new iPhone instead of, you know, _not_ giving Apple more money? Why
would Apple even consider providing a better fix to this issue?

