If the validation fails, the device will function mostly fine, although with Touch ID disabled. However, the device will be prevented from restoring or updating to a new version. Restoring from backup still works. I'm not too sure why restoring or updating is blocked, but my guess is that they want to prevent malicious software from being uploaded in this process.
From the Daily Dot article, if a user encounters this error, Apple's current resolution is a full device replacement. It may be overkill I don't think Apple expected many people to encounter this issue, so it seems reasonable why they chose this option.
This is a great security feature for users, and I'm really glad Apple engineers considered this situation. Unfortunately the media is blowing this and leaving crucial details about what's happening and the reasoning behind it.
Here is Apple's statement on the matter:
We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers. iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device's other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support.
The former doesn't seem like a secure solution that one should be really glad of. The latter would also be possible after a software upgrade so there is no need to disable the device completely. In short, they didn't choose a good solution.
Simply disabling a phone at some point well after a repair is just bad.
Edit: The parent post was edited a bit, so my point is now mostly covered. I still don't see a security-related reason to disable the complete device on a software upgrade. Maybe it could enable an attacker to modify the OS somehow in the process. However, I don't agree that this issue is "overblown". This presents a real problem for users that now have an unusable phone. It's important to note that Apple doesn't offer repairs everywhere in the world so many users now can't repair their phone at all.
You are right though, allowing users to update/restore but disabling the sensor is a better solution. I'm not too sure why Apple chose this route. They haven't commented on the technical reasons behind it so it's hard to say for sure.
No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF linked here by somebody. What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
> If the validation fails, the device will function mostly fine, although with Touch ID disabled.
On iOS 8. Once the device is updated to v9, it turns into brick. Quoting from OP:
"They repaired the screen and home button, and it worked perfectly." He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead. When Olmos (...) took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
> If a customer encounters Error 53, we encourage them to contact Apple Support.
This may be a media-friendly euphemism for "it's dead", unless this London staff was clueless.
Of course, taking advantage of the exploit in question requires the phone to be stolen by an extremely sophisticated (if not state-level) bad guy, altered by installation of a malicious sensor that has never been documented to exist in the wild, then recovered by the owner, and then stolen again at a later date. All to acquire personal biometric data that could just as easily be obtained with a piece of Scotch tape.
A simple application of Occam's Razor suggests that Error 53 isn't a "security feature" at all, it's just Apple being a rent-seeking asshole.
I don't think you understand Occam's Razor.
Well, then it makes sense to look elsewhere for that motivation. Additional data appears to be needed. Lacking such data, assumptions are all we have.
Also, Apple is not only designing phones for you and me, but for businesses who nowadays are the target of state-level security agencies.
Clearly Apple fudged the implementation of this feature, and it's a PR nightmare, but all evidence points to their intentions being genuine.
Do you really think Apple hasn't been shocked/annoyed at how China/US/et al have actively tried to hack their customers including attempt to compromise their own servers ?
Is there an untapped niche for a similarly-sized single board computer (not several computers, baseband processor, SIM card that runs code, etc. jammed into a hermetically sealed casing that is worthy of being in the Museum for Modern Art) that just does simple simpler, "boring", useless things like send and receive packets, read, write and store files, etc.
A pocket-sized computer that a user can not just rent but _pwn_, that does not make gratuitous network connections to some "mothership" and allow for easy monitoring and remote control by a third party, and that does not brick itself if it's casing is opened. A computer that can be, to the fullest extent possible via open source software, controlled entirely by the user.
Who knows maybe a person could turn such a small computer into "a device for sending and receiving text, images, sound and video over a network, such as the internet."
Nah, there would be no use for such a thing. Only a device _that can handle payments_ is worth using to send and receive text, images, audio and video.
What is the point of a device used to communicate, e.g., a "phone", if it cannot also be used to spend money?
Then don't buy an iPhone. Simple. You and the other dozen people on the planet will surely be missed.
The rest of us absolutely want Apple to be as aggressive about security/privacy as they possibly can be. Especially with even moderate countries e.g. UK, Australia being equally aggressive about invading privacy.
Why in the hell would anyone bother with this, if it's trivial to get persons fingerprints and reproduce them to unlock the device ?  Even if you lack the touch ID, the device is still encrypted by the PIN and is functioning (and is secure) normally without it.
Either it's really over-engineered or is what it is - scare tactic to bring people to Apple repair centers.
I wish they'd use rather this media attention to inform the public that fingerprint authentication isn't there for security, but conveniency first. Apple Pay would function just fine without it. But would it have it's appeal of easy payment ? Probably not.
The Secure Enclave system was set up exactly to counter those concerns.
Interestingly, when other phone vendors later implemented fingerprint unlocking there was far less outrage. Even when the fingerprint images themselves were found as unencrypted raster images on device storage.
"Anyone can access your private photos and emails! Just replace the home button with one programmed with your own fingerprints!"
Can you imagine the comments if that were a story?
The problem here is that Apple didn't find a way to tell repair shops and users that this could be an issue.
For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.
Bottom line, when one authentication method fails, you need a fail over to something more difficult.
There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.
Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.
This attack you suppose Apple is defending against is not possible.
The only attack Apple is really defending against is the attack of non-Apple phone repair companies.
It's just petty revenge because you had to temerity to go to another party other than apple to get your phone repaired and maybe even saved some money in the process. So now, in retaliation we'll destroy your phone in software. I'm sure this will go down well with the various EU courts.
The new home button hardware can't be securely validated, and a future OS update fails on the unexpected condition of invalid Touch ID hardware. I can imagine that this wasn't a prioritised testing scenario, likely not even considered by Apple when developing iOS.
It's a lousy way to fail — the phone should just disable Touch ID and Apple Pay, and anything that relies on the secure co-processor.
But it feels far more like there's an `else` branch sitting in the iOS codebase somewhere where a programmer has written:
//NOTE: This should never, ever happen
//.. code that triggers error 53
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element. Incoming text messages only show the phone number.
You're right, however - a Touch ID sensor that cannot be verified should not brick the phone. Apple should just disable Touch ID and sever any link between the sensor and the secure element.
Disclaimer: I don't own an iPhone with Touch ID.
However, it seems to me that the phone should still work if you logged on with your PIN instead of with TouchID. It should therefore be as useful as most phones that didn't have TouchID in the first place (which happens to be all my Android and iOS smartphones).
If you can't, there's no need to brick the phone...
IMO bricking on touch ID issues is extreme, but maximises the security of the device.
We are all smart people here and there are several ways to have security without bricking expensive hardware.
First, the update can wipe the device instead of bricking it.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
There would be several better solutions that the most profitable company in the world could figure out if they wanted to. It's funny how their particular solution happens to make them even more money through shutting down third party repairs and making people buy new phones.
This is like your home alarm software(made by the home builder) remotely burning down your house and telling you to build a new one because someone may have tampered with home access and could possibly enter your home.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
>When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
I find the stores are somewhat inconsistent in their application of policy. (Particular if the policy isn't well defined ahead of time, as in this case)
(As an aside, the practice of requiring an appointment to talk to a support person or even just drop off a broken computer is maddening.)
The phone would still work perfectly fine and safe if Touch ID would be disabled and input from the sensor wouldn't be trusted.
What are you even talking about?
If the fingerprint scanner is suspicious, just disable it and leave the rest running. And this is in fact what happens, until a software update is installed and then the phone suddenly decides to brick itself completely.
The fact that you need to enter PIN right after boot, just shows that they use "two factor authentication" to make it even more secure.
It doesn't IN ANY WAY show that TouchID is "the less secure authentication" method of the two.
I believe ApplePay requires TouchID.
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
I'd argue that fingerprints for security are just silly to begin with.
The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.
I think it's totally OK not to accept authentication from an unvalidated device, but a legitimate user should be able to do the validation.
Couldn't they just ask the user? Use the backup password to authenticate.
If it's my device, I want to be the one who chooses what I trust.
I don't have a password on my iPhone. I don't need one, because I don't store any critical data on the phone, or spend any significant time in environments where it's likely to be stolen. And I guess I'm naive enough to assume that no one from the NSA Tailored Operations department is going to sneak into my bedroom at night and install a malicious fingerprint sensor.
So, no, there is absolutely no reason for Apple to brick my entire iPhone if the sensor fails validation. They should act to maintain the level of security chosen by the user... no more, no less.
Sounds a bit like a downgrade attack if they didn't fail fast and hard at the earliest opportunity.
So why not brick the phone out of the box? Even if the finger scanner is original, somebody may have compromised the digitizer anyway.
This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.
Apple is a fairly security conscious company now so security tradeoffs should not be a surprise.
No matter what the motives behind this mechanism were, it was put in place exactly to prevent 3rd party scanners from working.
And if they implemented authentication and didn't even test what happens if it fails, then well... how do they know it works at all?
The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.
I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.
So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.
The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)
Consider reading the description of iOS security features linked somewhere in this thread.
Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.
As a standalone measure, biometrics make a shitty password substitute because you can't change a finger print if it's compromised, so shouldn't the iphone be secured on the premise that the finger print scanner is already compromised, hence losing it should not qualify as a downgrade attack?
Secure Enclave is a separate coprocessor running its own L4-based microkernel. This hardware is directly paired with security-sensitive hardware (Touch ID, Apple Pay NFC chip, etc). It provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.
So when you stick a third-party Touch ID sensor in an iPhone it's obviously not going to be paired with the secure coprocessor. It doesn't really matter whether biometrics are shitty passwords, the iOS update process realises there is compromised hardware touching the Secure Enclave and fails in the worst possible way for the user.
Apple's own security guide explains it best :
> The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Regarding the actual fingerprint storage, it looks like the encryption key is kept in the Secure Enclave and the entire decryption and verification process occurs within the Secure Enclave. However the encrypted data itself may be stored outside the Secure Enclave:
> The raster scan is temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes sub-dermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes.
Except it could be defeated by a laser printed fingerprint on a piece of paper (initially).
"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but _cannot_ read it".
That would be a huge vulnerability, if there hadn't been thousands of other ways to record your fingerprint, and while most of them are less accurate than a trojan Touch ID, they're also much easier to pull off.
And at the very worst, if a sophisticated malicious actor got the chance to meddle with your phone, they could just skip the Touch ID sensor altogether and install a stealthy fingerprint digitizer in the touch screen or on the back of the phone.
So in short, Apple's security measure, if my understanding is correct, does absolutely nothing to protect the user.
To keep with the care maker example, in Germany, the car makers used to void the 10 years guarantee on the painting of the car if the regular checks were done by an independent car shop. This was then declared as illegal.
I suppose Apple will soon release an update and declare that this was "a bug".
Image if you have your tires changed by an independent car shop and a month later one of your wheels falls off on the highway. Do you start complaining about it to the car's manufacturer because 'it worked perfectly before'. No you don't.
The repair shop didn't repair it properly, if it was repaired properly the new TouchID sensor would be securely paired with the Secure Enclave and this issue would not occur.
This is more like your Tesla car's keyfob misfunctioning and you get it repaired by a non-Tesla dealer. The dealer could've put in a backdoor to get into the vehicle.
Tesla releases a big new update for their car software and now your Tesla is completely bricked and Tesla refuses to repair it, saying you have to buy a new car.
Is that acceptable?
Apple or other authorized repair shops can still fix phones that have been disabled due to security chain errors.
You are fundamentally misunderstanding the threat model. What is the exact threat that Apple is guarding against? Is it an evil maid attack planting new sensors, switched devices, someone's fingers being cut off? All of these require different mitigations - none of which for a general purpose consumer phone are to brick the device when upgrading.
Anyway, this confirms that I'll stay away from Apple stuff.
That sort of exists now. There are parts, like the throttle control on Volvo's, ABS units on BMW's, etc, where the unit is coded to your vehicle.
You can't, for example, swap an otherwise identical throttle from a junkyard into a Volvo. It puts the ECU into limp mode, and the car is essentially useless.
Now, that's not the result of an over-the-wire firmware update, but that's really the only piece missing. When/If vehicles start regularly updating firmware over the wire, you'll start seeing stuff like this.
We can see that it is clearly nothing to do with 'revenge' or 'retaliation'. The evidence clearly contradicts that.
Apple makes strong promises around security and Touch ID in particular. This is clearly designed to maintain the integrity of that system.
It's certainly a terrible failure mode - the error message should explain what the problem is.
But imputing these bizarre motives just reveals bias on the part of the commenters.
The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
[this was obviously going to be downvoted, but for the record nobody has either made an argument for, or provided evidence for the 'revenge' motivation, while the 'poorly implemented security policy' explanation is clearly supported by the evidence.]
There would be no such headline. Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
And if you have to know why people come up with theories like that - either Apple didn't think what happens to users who already had this hardware replaced or they thought about that. Maybe those who accuse them of malice simply overestimated their competence - after all, they make big claims about high quality, attention to detail and whatnot.
Not to mention that the first part of this comment makes sense and probably expresses well how people feel about this screwup.
This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
Apple did the right thing in protecting people from this, but did communicate about it poorly.
The only malice in this situation is on the part of the people accusing apple of being motivated by 'revenge'.
... which wouldn't be used after the phone determines it's an aftermarket part. Equally well the attacker may have installed a malicious piece of brick inside.
> Apple did the right thing in protecting people from this
Sure, they protected users from using phone with replaced home button and disabled fingerprint scanner by bricking the phone completely.
Hard to tell in what proportions malice and/or stupidity were involved in this case, but either way it wasn't "doing the right thing".
However, you have to understand that when I posted this, I knew about cases (including TFA) when the problem had indeed been "rectified" by visiting a store (sorry, couldn't resist ;)) but no case when the device had actually been fixed and data recovered, whether this is technically possible or not.
Given that apple is working on an iCar, it's just a matter of time I presume.
But to be honest, it's not like fingerprints are such a hard to obtain secret in the first place.
Then the question is, could the NSA/CIA/etc trick the phone into thinking the repair was valid?
So then, what, if not on boot, show it all the time, with no option to suppress? If you offer a way to suppress it, that will be used by the bad guys.
I'm sure they already did that assuming they don't have better ways.
Apple is in the business of selling (overpriced/overengineered) hardware. Their tactics make that very clear.
The only problem with that is that there is no real competition in mobile phones anymore, it's just a giant duopoly. Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company) is just as bad.
My only hope is for Ubuntu to make the right moves soon.
 A source: http://www.dailymail.co.uk/sciencetech/article-2709502/Does-...
No, because that never was a fucking thing.
Seriously, this is supposed to be a community of reasonably well-informed tech-oriented people. Step back for a second, take a deep breath, and think before you spread nonsense like this. Jesus.
But please don't comment like this and https://news.ycombinator.com/item?id=11047606 on HN. That just makes the threads worse. Instead, please stay civil even when some people are being silly.
Good lord no. But thank you for the polite response and intention to change. It really is a collective effort.
They completely ignored that a new handset release tends to come in lockstep with a new OS release. This is relevant because it means many, many people are changing the operating characteristics of their existing handsets at the same time - leaving their phone not only not a "known constant", but potentially creating the same results even if a new generation of phone hadn't just appeared at the same time.
Seriously, if you take their graph and replace the labels for each 3g, 3gs, 4, 4s etc, with ios2, 3, 4, 5 .. the data is still accurate, but the take-away assumptions change entirely.
They ignored that geekbench scores show that scores for any given generation stay roughly constant over the phone's lifetime. That's a fantastic set of data that isn't coloured by changing expectations over time.
And they were quite happy to brush off that the samsung numbers showed exactly the same changes over time, as they didn't spike around releases. Completely ignoring that Android has entirely different update strategies (having to wait until your telco 'blesses' the update, etc).
If you look at their graphs, and think of each label as an OS release rather than coinciding with a new handset (which is still accurate), the story it now tells is that ios updates receive much larger adoption in hurry, when compared to adoption of android updates.
Which we already knew. Apple's update strategy is that every compatible handset is able to update "today", whereas android updates are staggered by various levels of support from different mffrs and different providers.
No. Story linked from daily mail (that's not a "source") is more nuanced.
When we try to judge intent we do judge the context. So let's look at the context: people do know that iPhone updates will probably slow their device(even though Apple doesn't tell them that). And there's no way to stop the nagging update notification (aside from jailbreaking).
So let's not be naive. Maybe it's hard to prove at the legal level, but there's a pretty decent chance that this is intentional by Apple.
EDIT: if you upvote, please explain why you think this is wrong.
What's next, people say Apple deliberately destroys batteries after a few years, rather than being a natural consequence of battery chemistry? Apple deliberately makes their screens shatter when dropped?
No, I don't, but I'd like to read more about it. Got a source?
While on the iPhone: Do you use Google search ? Do you use Google maps ?
Well, if you do , there's not much sense in hiding from Google. And if you use Android, you could use tools like cyanogen's "privacy guard" to hide your data from all/most app authors , which i don't think you can do in iOS.
Also , unless they target you specifically, so long that you use an alternative keyboard - i don't think Google on Android collects your key press data - so you can use anonymity apps for special circumstances, But i could be wrong about that. Same goes for encryption keys, unless your targeted.
Hell, there's barely any room for a third manufacturer, let along operating systems http://www.theverge.com/2016/2/3/10894200/android-smartphone...
> No matter how suggestive, he says, the data alone doesn't allow anyone to determine conclusively whether their phone is any slower.
> There are other explanations for why an older model iPhone may slow down, he claims.
> For instance, the latest version of the Apple operating system, iOS, is always tailored to the newest device and may therefore not work as efficiently on older models.
And it is really hard to argue that Google intentionally slows down old Android phones.
The source is available for everyone to study and you can root most devices and install Android versions that don't even use any Google software.
Hardware level security is important, but one must know that whenever you involve hardware into the equation you must allow for collateral damage.
Trusting trust is hard. You can't expect the verifier to verify the security module you got changed from the guy in a basement. Might as well get the OS and kernel from the same guy too.
The reason this disables your phone is the same reason you see a red page when using self signed certificates. The guy vetting you isn't vetted himself. Now there is a case to be made that Apple should just show you a warning and let you use the phone. But this isn't about protecting your privacy, this is about protecting privacy of the guy whose phone you found.
This is such a problem because it's stuck to the screen, and people need to replace screens all the time.
I co-own a repair shop. We have known about this for a while. We won't replace home buttons for this reason. But we replace hundreds of screens a month with no issues.
Yes, we have had people come back with Error 53; that's how we knew it existed a while ago. All of them had either had their home button replaced or water damaged. We were able to successfully recover one of them after the Apple Store told the guy there was nothing they could do. It was a water damaged home button and we were able to clean the corrosion off of it by soaking it overnight in a special solution. It came back the next day. If your original home button stops working, though, you are screwed.
FWIW, I've lost 2 chromebooks to TPM failure in 18 months.
I was thinking along similar lines recently when someone sent me an email to an old PGP key - I was able to dig up the key, but had long since forgotten the password. Do you want your computer security system to fail-open (leaking your stuff and potentially exposing you to fraud) or fail-closed (losing data which may be irreplaceable and of emotional significance)?. It's not obvious. But if you store your photos on your phone, you should probably back them up to the cloud - and to a different system that is not under the same account, either locally or another cloud.
User-friendly crypto may be possible, but user-friendly key management is a total nightmare.
Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
So I'm not sure if SOGA etc will affect Apple here.
> Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
Huh? Why should next of kin automatically be entitled to all someone's personal information?
Stores life in fragile device
Fragile device breaks
I learned 15+ years ago that the OS should have that as standard, with no privacy issue either. It is crazy that it is not baked in already. It's not even difficult.
I'm curious; although auto makers can't decline warranty coverage, does an "authorized maintenance" shop change the dynamics?
Ergo, Apple is bricking phones as some sort of misplaced revenge-like behavior.
Call it revenge like behavior is just you attacking Apple. It's certainly incompetent or unanticipated and poorly handled, but it's an attempt to maintain their security promises.
I don't know anyone who uses the fingerprint reader or the purchasing functionality.
It is unfortunate but true that high levels of security ultimately require trust, and that means that some things we used to take for granted will fall by the wayside. Third party repair of what are now secure components may be one of those things.
If that is the case and it was possible to replace these sensors before, apple's narrative that the "error 53" code was introduced for security reasons doesn't seem to make a lot of sense: If the hardware sensor wasn't designed with secure authorization (e.g. via asymmetric cryptography) in the first place, all they could do now in a software update would be to add some kind of cosmetic device ID check.
However, any such newly introduced check in software could not actually prevent "malicious sensor" attacks but would only add a (possibly trivial) additional step to the attack where you have to spoof the correct device id.
Or maybe my reading of the guardian article is imprecise and replacing the home button has always meant loosing access to at least some security-relevant features?
Frankly the device bricking is BS, since the encryption PIN code is still there and unknown to a possible attacker. You just can't use the victims fingerprints to unlock it anymore, or attach a hacked fingerprint reader, because it still won't be able to access the secure enclave to open and get the PIN code.
He was so furious that he bought a second iPhone which had the same fundamental design decisions and would fail in the same way if he got it repaired by a non-Apple repairer. No wonder Apple doesn't give a damn about this - everyone is just buying a new phone from them.
It has always been their approach to control every interaction that every customer has with every part of their business and every product produced by it.
Accept it or use something else.
suprised maybe not so much, but it seems pretty obvious one would get upset if his/hers go-to device is suddenly rendered practically useless?
I do stand by my assertion that it is legitimate for apple to behave in this way though. They get to present their business as they choose to just like any other company and the customer get to choose whether to accept their terms. Personally I don't but, empirically, most other people seem to.
I would however support requirements (as legislation) that consumers should be made aware of such practices at the point of purchase such that they can factor it into their buying decision.
Also, mass downvoting of this comment in 3. 2. 1 ...
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
You will, of course, be down voted – because of your childish insistence that anybody who thinks differently from you is suffering from some kind of illness.
I mean, not to gloss over it. I just got stung €320 for a screen repair, and I won't pretend I'm at all happy with that. But I have to accept we can't have it both ways - if we're demanding tough encryption, we have to accept the inconvenience that comes with it.
Everything pointed to a software issue, but every repair person I took it to (both apple and non-apple) kept saying it was a hardware fault.
Touch ID stopped working and the phone drains super quickly despite not being in use. Hoping Apple can provide a "fix", not gonna hold my breath though.
High prices and resale values have spawned a substantial and apparently growing 3rd party repair and refurbishment market for Apple mobile devices. Beyond the dodgy corner unlock shops, multiple national chains have sprung up over the last 2 years where I live that advertise heavily on broadcast TV.
Apple clearly sees this as money left on the table and they're concerned about the emergence of a comprehensive parallel supply chain for repair parts. Bricking end-user devices is one of the few levers they've got to try and shut down this industry, since there's no way to effectively identify and pursue the upstream suppliers in mainland China.
Sucks for the users, though. I wonder if Apple will still be selling devices at all in 5 years, or if they'll only rent them out for €25/$25/£25 per month. Ultimately that'll probably be the only way to get the control they want.
The conversation was from last... sep I think, and he was referring to a change a few months back. They had been able to buy the whole screen units for around $25-$30/piece, and his shop (owned a few) bought a lot of them - always kept a lot in stock. Earlier in 2015, he said, Apple started putting the screws on their parts suppliers, requiring them to destroy any overages or extras that didn't pass QA. This overage supply was where he and others would get their replacement parts.
He said that almost overnight, the prices on those screens went to $40 or more. They had a several month supply, but were already having to replenish at the higher price point.
So... Apple knowing about "third party repair" stuff, isn't all that new, but they seem to be taking more steps to actively prevent competition here. :/
re: "renting" - they'll probably still sell them, but all but force an icloud-style service for storage (probably still be selling 16g models when they provide 16mp cameras, and use up 6g for the OS). That or perhaps they'll just buy a carrier and you can be paying them $100/month for voice/data service directly, on top of $700 for a device.
You need to send the watch to the factory for service, at factory prices.
So, when you buy a Rolex, your are actually leasing it? You don't truely own it, if you can't get the parts to fix it?
It's just another way to make money.
I didn't think Apple would irritate their customers at this particular point in time?
And yes, I too believe, "This is just the beginning."
Looks like Apple is, yet again, going to be investigated by the ACCC.
It may be overly paranoid but I can at least understand the motivation behind this. Changing the display also involves disconnecting the Touch ID sensor so technically a malicious person might have done something that exposes the user of the device in some way.
Statement from an Apple spokeswoman:
“We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”
Which is a good thing.
This is like complaining that forgetting your encryption password "bricks" your hard drive.
Yeah, apple deserves some flack for not making this known to 3rd party repair shops, but it's not a problem itself.
Just like all other similar decisions made by other companies under the guise of 'protect[ing] the customers', it should be clear that this is no more than a guise. If protection is what they had in mind they'd simply disable any functionality which could be impacted by a dodgy part. Disabling the whole device has the single, self-serving purpose of channelling the cash flow from the repair businesses into Apple's coffers.
I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
It's easy to say that they'll just earn more from repairs and sell more devices, but customer satisfaction is also important and I believe Apple takes issues that essentially brick devices very seriously.
It is also well known that they take privacy very seriously (although implementations might not be perfect), so I am inclined to believe that in this case privacy concerns have won against customer satisfaction concerns.
Edit: Apple Pay is also a _very_ important product for Apple, I imagine they simply cannot afford any issues that might make this seem unsafe to customers.
Limiting the availability of repair services to the captive audience of apple-users probably increases sales. Those who have bought into the apple world are (for now) unlikely to step outside of the garden, so they'll replace their broken iThingy with a new one instead of 'just getting an Android this time'. Just look at this comment for an example of that attitude: https://news.ycombinator.com/item?id=11061800
> "... I've got better things to do with my time. I'd rather walk into the Apple store and replace my MBA or my iPhone when I've got a problem. That saves me time for my wife or my hobbies. Trade money for things that save you time, to spend that time on what's important to you (if you've got the money). ..."
This is the attitude apple would like to cultivate: solve problems by throwing more money at them.
A non functioning bricked device is more secure than a functioning device. Yes.
For example: Articles bashing Steve Jobs get upvoted a lot more than ones praising him. Exactly the opposite for bill Gates.
Now if you look at Slashdot a decade before Hacker news the results for bill gates would have been the opposite of what you see here.
Effectively, Bill Gates' millions in spending to improve his PR have changed people's perceptions (they will argue that its because he's such a generous benefactor, because that's politically correct, alas, they won't look too close at the activities of the Bill and Melinda Gates foundation lest they notice he isn't.)
Google Good, Apple Bad, Leftism Good, Socialism Good, Basic Income! Global Warming is FACT, and anything you post that goes against this narrative risks getting you slow banned or hellbanned.
Hell, I was once banned from here for relating how I met Grace Hopper as a kid (in a comment on an article about Grace Hopper.)
I have no clue why that was hell ban worthy, after all she was the original "GRrrl in tech!!11!"
Welcome to hacker news where there are no hackers.
I don't believe anyone was ever banned from HN for that. How about let's see a link?
There's a cottage industry of HN users who go on about why they were banned ("because I supported Bradley Manning!" "because of my unpopular opinions!"). Pay attention and you'll notice that they never supply links to their innocent, suppressed contributions. Why? Because then people could see what they really did do, and make up their own minds.
Sure we make mistakes, and we're happy to correct them too. But no way do we ban people for "relating how I met Grace Hopper as a kid".
We detached this subthread from https://news.ycombinator.com/item?id=11048013 and marked it off-topic.
Tech now mostly attracts (post)collegiate millennials chasing the startup wave (don't blame them, it's where there's chance of an actual job). You only have to look at the dwindling state of open-source right now to see proof of this. Add to that the post-Snowden cynicism that killed off what was left of cyber-utopianism and the free web, and it's that pretty clear that the hackers of yore grew up and weren't replaced by the next generation.
People who use "retarded", "gay", "autistic", "ghetto" (and so on) in a derogatory form are showing a lack of imagination, aren't introspective enough to consider how their choice of words makes others perceive them, and trivialize an entire group of people by subordinating them in their effort to demean someone else.
And that's the problem. It's condescending (and meant to be, don't tell me it's not) to call someone or something "retarded" when one is actually expressing an opinion that the person or thing is not worthy of merit, and history is rife with abuses that result from trivializing a group of people by distilling that group to a pejorative. "Fuck those short sighted motherfuckers," may shock because of the direct use of the glorious and multitalented root word "fuck", but it certainly isn't trivializing a group of people with a minor vision impairment, because short sighted is not the term used to refer to someone who is near sighted. It's borderline lazy, sure. It may offend someone's sensibilities, yeah. But choosing a word that one knows damn well trivializes a group of disadvantaged human beings ... that's profoundly different from dropping the occasional F-bomb.
It's not about political correctness, it's about recognizing that one's choice of words can carry a great deal of meaning that diminishes the intended effect of those words. In some cases, by literally dehumanizing a group of people.
It's not "colorful language", it's lazy and careless prose.
And to any current reader of this comment who thinks such pejorative language is okay in civilized company: either this post changes your mind, dear reader, or it doesn't. Using what you think to be clever analogies, closed-minded logical fallacies, or meritless affirmative defenses ("but, freedom of speech!") is encouraged, if it makes you feel better about yourself to put me in my place for feeling the way I do about this kind of language. Your right to free speech is no different from mine, I won't stop you. But I also won't waste the expression of my free speech rights by trying to argue with someone who doesn't acknowledge that maybe ... maybe ... they're wrong, so please feel free to satisfy that desire to get in the last word.
I personally am aware of zero instances where anyone associated with a developmental disability is comfortable with the use of the word 'retarded', in any context. (Please note: this is not to say such a thing does not exist!) Empathy is a worthy reason for voluntarily restricting my personal speech, and I appreciate others willing to take people like you into consideration here on this forum!
You are suggesting that they would be uncomfortable with:
"we applied the fire retardant at the base of the flames..."
"the growth process was retarded by the application of too much nitrogen fertilizer..."
"his social development was retarded by the lack of same age peers in his neighborhood..."
Again, genuinely curious - are we expected to contort our language around these concepts now ?
I suspect that the poster is referring to the whole of his experience as the pool of contexts in question, and thus can state that he knows of no one who is comfortable with the word choice - given that most people don't use the word "retarded" as the past tense of the verb "retard", which means to hold back or slow down, I'm inclined to agree.
Retardant is not in question. The use of retard as a verb as it's intended to be used is not in question. The vast majority of utterances of "retarded" are used as a pejorative adjective, so while I see your point, I think you're missing his: The reality is that the adjective form of retarded is, in nearly all common-use cases, a careless diminution of those with developmental or learning disabilities, as it serves to suggest the idea/thing/person could only have come from someone with such a developmental or learning disability.
What I don't quite understand is why it trivializes people to use a disability as a pejorative, but it apparently doesn't trivialize people to use a disease as a pejorative.
Let me put it this way. If I call someone cancerous, I'm not trivializing the group of people that have cancer and distilling them to a pejorative. In general, if I use a disease as an insult it's fine, but if I use a disability as an insult it's usually offensive. They're both afflictions, but they're treated differently in uncountable ways.
I could list some reasons, but none of them really feel like they get at the root cause of the difference. Do you have any insight?
(I don't have first hand experience with either, so I'm just musing too..)
At the same time I see HN slide towards reddit just one little bit more with all the 'you insensitive clod' comments lately and that is sad too.
If you don't want HN to slide that way, then I suggest you not give in and change it back. After all, I think offense is entirely in the mind of the beholder.
Especially when the beholder is not himself or herself part of the group.
I've seen the word 'retarded' used in the exact way I used it above in many places and I've checked the dictionary and it has a simply secondary definition ('Dumb, foolish') which is roughly what I intended to convey.
Since giving offense is not one of my pet hobbies I edited my comment but had the situation been reversed I would have definitely afforded you more leeway.
To me 'retarded' did not seem rude or derogatory until you pointed it out, judging by the number of other people that are actually native speakers that use it in that exact same way it seems to me that you have your work cut out for you.
As for having my work cut out for me, I definitely expected this to happen (maybe not to this scale). HN tends to attract the kind of person who thinks that anything is fair to say any time, regardless of who it might hurt, because HN tends to attract people of massive privilege, many of whom have never been the victim of societal discrimination.
The word retard is hate speech, linked to actual real world violence. And that violences is very common.
> A survey by Mencap of people with a learning disability has found that nearly nine out of ten respondents have experienced bullying in the last year. Two-thirds are bullied on a regular basis and almost one-third are suffering from bullying on a daily or weekly basis. People with a learning disability face prejudice and widespread discrimination that often makes them feel like outcasts and prevents them from taking a full part in society. Public attitudes in the United Kingdom towards people with a learning disability remain discriminatory. The Mencap survey suggests that the bullying of people with a learning disability is institutionalised throughout society.
How they described bullying:
> The following behaviours were most frequently cited: kicking, biting, name-calling, teasing, stealing, pushing, threatening, having things thrown at you, being told to leave a building, hitting, being shouted at, swearing, demanding money, hair-pulling, throwing stones, spitting, poking, being punched, being beaten up, having one’s head banged against the wall.
No. Language is a liging thing and the meaning of a word can change overtime.
"Greedy" is not the word that applies in this case. Nor is "short sighted". This is a retarted and dangerous behavior, and you should not be afraid to call it for what it is.
See above example with the car and try to imaging is the following happened: you have to drive immediately to a hospital and your car doesn't start because your tire was changed by a non-authorized service.
"Greedy" and "short sighted" are not the words that come in mind. It's a trully retarted and dangerous decision, initially driven by greed (because let's make computers like black boxes, no-one can open it, no-one can mess with it).
People with short sightedness, not so much.
No one kills a person who is short sighted just because they are short sighted, but this routinely happens to people with learning disability. Not just random fuckheads in public, but doctors will put people with LD under DNR orders without the knowledge or permission of the person or their relatives just because that person has LD and the doctor can't imagine any quality of life.
People with glasses are widely stereotyped as nerds or geeks and often experience bullying.
People wearing glasses were also reportedly targeted in mass killings by the Khmer Rouge due to that same stereotype.
Yes. I am offended by the small letters in ads.
Yes, a person with disabilities can be ridiculed and feel like crap. A fat one can too. Also one with glasses, long hair, or long nose (or very short, let's include them too, it's the PC thing to do).
Where do you draw the "disadvantage" line?
As much as you are being offended when people are using a series of letters that forms certain words, so do I when people act like irresponsible children putting blame on random words.
It's not about ridicule. It's not about offence. Why do people always make this same point about offence?
"My freedom of speech allows me to say what I like; FUCK YOU if you want to use your freedom of speech to tell me how much harm my words cause"
People with LD have been subjected to genocidal actions; they've been forcibly sterilised (without their (or their family's) knowledge or permission; they've been used as the subjects of harmful medical experimentation (again, without knowledge or permission); they often find themselves under DNR (without knowledge or permission); they face levels of bullying higher than other other group; they face levels of discrimination higher than any other group; this bullying and discrimination is bad enough when it comes from people in society, but it's often coming from care professionals; they are deliberately excluded from most of society who know nothing about LD.
About "it's just a string of letters" (there are a few strings I'd like to use about you but on HN it'd probably get me a ban): http://www.eurekalert.org/pub_releases/2016-01/osu-wys012616...
> researchers found that participants showed less tolerance toward people who were referred to as "the mentally ill" when compared to those referred to as "people with mental illness."
> For example, participants were more likely to agree with the statement "the mentally ill should be isolated from the community" than the almost identical statement "people with mental illnesses should be isolated from the community."
> These results were found among [...] and even professional counselors who took part in the study.
But they can say FUCK YOU to people who say things they don't like because that's freedom of speech too. Then those people can say FUCK YOU back and have a whole steaming flame war. It's all speech. It may not be productive, and you may not want to participate in it, but there is no law preventing anybody from doing it.
It's only when somebody passes a law against it that it becomes an affront to free speech.
If you're talking about IQ less than 70 use whatever is relevant in the country you're in. In the US this is usually intellectual disability (which is a subset of learning disability, which in US also includes eg dyslexia which doesn't have IQ requirement), but for some small groups it might be retard (although other groups see that as hate speech.)
If you're talking about a difficult to understand action call it dumb or stupid or idiotic or almost anything but retarded.
In the UK the word retard is pretty much equivalent to kikes or nigger or faggot. I'm not sure people in the US recognise that when they say retard people outside the US see a word like nigger. If that's the level of offence you want to create then sure, go ahead.
That clearly isn't what the word means today.
"Our son was having trouble in school and his counsellor suspected he might be retarded. We brought him to a retard house with a reputation for taking good care of the retards and the doctor said that he was, indeed, retarded."
That's the sort of thing you might have heard in 1905 but not today. It means something different now. Which is why it's now inappropriate when applied to a person with a learning disability. But the target isn't a person with a learning disability, it's a multinational corporation. The point isn't that Apple has a learning disability, it's that they're being retarded. There isn't another word that means quite exactly that.
It's essentially the same argument as the people who say not to use the word hysterical because of its history. That's not what it means anymore.
WTF? Did you make that all up just to be able to put me down? Really, what a disgusting comment. I used a word that has a dual definition according to my goddamn dictionary and asked politely for an alternative and reason and edited my comment long before you posted this and yet you feel that you should use this to pretend that I like to create a certain level of offense when I clearly went out of my way not to.
Dumb = mute
Idiot, moron = low IQ
Lame = non-functioning limb
The problem is not choice of words, the problem is insulting someone by calling them "low intelligence" instead of short-sighted (oops! That's a visual disability) or careless or selfish or unimaginative or impatient.
I'm afraid you'll have to express yourself in some more detail and avoid hollow cliches. This is a complex and nuanced debate.
you can't say anything anymore without qualifying it to the nth degree and sugarcoating it and making it as bland as possible, just in case someone somewhere feels that some thing you said was some how offending
and guess what? even then, people are going to get offended
there is a limit to how much you can sugarcoat everything you say in public, and i think the us has passed that limit into oversensitive territory
you are right, it is nuanced
my strategy is to say "sorry" when it's due, rather than overthink every minute iota. of course, i'm not running for office and i don't live in the us
Countering natural behavior with culture is what humans do, for better or worse.
If you really care :-) :
I had the chance to be raised and still live in a very mixed part of Paris. There is racism, of course, and for example I can remember how kids of Portuguese descent were the object of mockery back when I was young. (That's significant because today it's put under the carpet as if it never occurred. It seems nobody even remember!).
That makes you think about bias, how bias turn into systematic racism, etc. That makes you discover how people of course cluster around commonalities but also like to share and connect with others when given a safe context.
Racism is quite pervasive in France, and for example younger generations make it a central part of their dialogue and jokes. But many people are working toward inclusiveness too.
Just like women equality and wealth sharing, non-discrimination is not solved thing in any given society: it's a constant challenge to tackle, probably without an end in sight.
It's probably the same for individuals: how can I be more inclusive? Less biased toward others?
It's sad but that seems to be the state of affairs and I don't expect this to get any better in the next couple of centuries. Barring an alien invasion that gives us a reason to play 'us' against 'them' on a bigger stage I doubt humanity will be able to really overcome this particular hurdle. Which is sad because it is a large driver behind all the violence and misery in the world.
b) what do you mean by "not like us"? in some ways, no human being on the planet is "like" me, in others, everyone is.
B) Everything. Me against my brother, me and my brother against my cousin. Me and my cousin against the world. Likeness could be anything that a person deems important. Race, religion, football teams, harry potter vs lotr, dota vs lol.
Even if that was true, which it isn't, why do you think that means we should give up and speak or write carelessly? Why do you object to improvement/progress?
Because it is neither progress nor improvement. Thought policing is harmful and stupid.