> The Touch ID sensor has access to the iPhone Security Enclave, where fingerprint data is kept. A malicious sensor could, hypothetically, steal fingerprints from an iPhone user unknowingly.
No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF linked here by somebody. What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
> If the validation fails, the device will function mostly fine, although with Touch ID disabled.
On iOS 8. Once the device is updated to v9, it turns into brick. Quoting from OP:
"They repaired the screen and home button, and it worked perfectly." He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead. When Olmos (...) took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
> If a customer encounters Error 53, we encourage them to contact Apple Support.
This may be a media-friendly euphemism for "it's dead", unless this London staff was clueless.
What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
Of course, taking advantage of the exploit in question requires the phone to be stolen by an extremely sophisticated (if not state-level) bad guy, altered by installation of a malicious sensor that has never been documented to exist in the wild, then recovered by the owner, and then stolen again at a later date. All to acquire personal biometric data that could just as easily be obtained with a piece of Scotch tape.
A simple application of Occam's Razor suggests that Error 53 isn't a "security feature" at all, it's just Apple being a rent-seeking asshole.
Occam's Razor says that you should select the hyposthesis with the fewest assumptions. Saying Apple is a "rent seeking asshole" assumes that Apple did this maliciously, which is a huge ball of assumptions when they've literally put out a security paper[1] on how Touch ID and Security Enclave works.
Does that document explain Apple's motivation for bricking phones that never had the fingerprint reader enabled, and that didn't even use traditional lock passwords?
No?
Well, then it makes sense to look elsewhere for that motivation. Additional data appears to be needed. Lacking such data, assumptions are all we have.
Possibly you're stretching for Hanlon's Razor, except you've got the wrong end of it. Hanlon's is the one that says "never assign to malice what can be assigned to stupidity". This feels like a screwup. The reason why it happens is consistent with security. But the effects are maddening.
Could be. At least your assumption, unlike mine, is testable. If it's an unintentional bug, the policy behind "Error 53" will become more consumer-friendly in an upcoming iOS update. If it doesn't... well, Occam wins the day.
Do you really think Apple hasn't been shocked/annoyed at how China/US/et al have actively tried to hack their customers including attempt to compromise their own servers ?
No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF linked here by somebody. What a malicious sensor could do is store user's fingerprint for retrieval by unauthorized parties.
> If the validation fails, the device will function mostly fine, although with Touch ID disabled.
On iOS 8. Once the device is updated to v9, it turns into brick. Quoting from OP:
"They repaired the screen and home button, and it worked perfectly." He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead. When Olmos (...) took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
> If a customer encounters Error 53, we encourage them to contact Apple Support.
This may be a media-friendly euphemism for "it's dead", unless this London staff was clueless.