I am an Apple hater BUT I have to say very proud of the new Apple and actually saying they made a mistake and apologizes. This and the fight for security are both things as a self proclaimed Apple Hater applaud Apple for doing. Good job!
If you've already pre labeled yourself as a "hater of X" they you're throwing away your ability to create new opinions and judgements when situations change.
This is not a healthy mentality to have about anything.
Principle of Charity, for hell's sake. There's no reason to assume they're saying "I have an irrational dislike of Apple which new evidence will not change" when "I've developed an unfavorable view of Apple and have been critical of them in the past" is just as reasonable an interpretation.
Well still don't like the locked down nature of their "Walled Garden" and the price of their hardware but I would like to think I am able to applaud a good deed no matter who does the deed.
We all have biases I just like to think I try to make mine more vocal :)
Exactly.
It would be pretty stupid to only take the last event into account when judging something, but OP clearly showed that he could change his views despite not liking their history.
It's called having a preference. I love PC gaming, so I call console gamers "peasants", but I totally own a PS4 and play Destiny all the time. I don't actually hate consoles, but I certainly hate on consoles.
I used to have an iPhone, but after it got outdated, I bought an Android phone. I also find OSX difficult to use and prefer Linux and Windows. I prefer Android, Windows and Linux, and think Google has better business practices than Apple. I guess you could also call me an "Apple hater", but I really just give people a hard time for having different preferences than I do.
I 100% stand behind Apple's standing up for security. I 100% support them backing down from their original justification of the intentional Error 53. I still prefer non-Apple things, so I'll advocate for it.
There's no real hate going on here. Every time there's a new console, the "Console Wars" heat back up again, but nobody really hates each other, they're just vehemently defending their personal preferences.
If you heard the way I talk to and about my best man, you'd think I actually wanted to kill him. We're going to see Deadpool and have a few drinks tomorrow.
The reason we can say those things is because of how close we are to that person.
There's a difference between hate speech and playful insults.
In case you are not familiar with the culture: there is a longstanding tradition of playful insults between console and PC gamers as well as in gaming in general. There's nothing inflammatory about this, it's all in jest and the participants are aware of it.
It's childish, I suppose, but we're talking about video games after all.
Someone already explained a couple of times but let me chime in as well: I think opinions like yours (cracking down at completely innocent humor) is destroying to online culture.
Remember: we are a lot of different people here and if we should all judge each another based on our own backgrounds the noise level would likely increase to a level where most sane people left.
Sometimes a company takes actions I consider to be pretty terrible (e.g. Apple Maps, Sony removing functionality from the ps4). At that point I feel justified in becoming a "hater" of that company. Going forward I lean towards skepticism of the company and put the onus on them to win me back. Maybe I'm crazy but this feels perfectly reasonable.
I really don't understand how Apple Maps, no matter how bad it was, could make someone hate the company. Removing functionality from hardware/software you already purchased, yeah that's pretty bad. Releasing a new app that isn't as good as the competitor's app... so what? Who cares? Just use the far superior and still available Google Maps like you were yesterday. It has literally zero bearing on your life. If you hated every company that put out a crappy app or buggy 1.0 release, you'd be a very angry person indeed.
Remember Google Reader? Google+? Wave? Buzz? Every company puts out shitty apps now and again.
Except Apple Maps pushed out Google Maps on the phone which can no longer function with Siri. The only thing I found Siri useful for was asking directions while driving. Once Apple Maps took over those directions started taking me places I didn't want to go so essentially the Apple Maps release removed functionality from my phone.
Better to be a lover of all things technology than to potentially miss out on the good things all these companies have to offer by arbitrarily picking sides.
It's not only the recent fight, but the way they implemented it in iPhone 6, with the Secure Enclave. The fact that they created something that is so secure that they cannot hack it themselves blew my mind.
Is there any reading about how this is safe against side channel attacks? My go-to assumption is that any device in the physical possession of an attacker is only as safe as the attacker's motivation X is below the required amount of work Y to do a side channel. I wonder though why the FBI aren't just doing this - is it really not possible for them, or is this all just a bluff to make their targets feel safe using an iPhone?
The FBI is making a court case out of it because they want to obtain legally-binding precedent which will allow them to force companies to make it as easy as possible to access locally encrypted data. If the United States cared enough, they would undoubtedly have the resources to perform any needed attacks themselves. I'd be surprised if the NSA didn't already possess a copy of iOS's source code (Apple was a PRISM participant, which means prior to the Snowden leaks, they were voluntarily transferring all user data to the NSA for analysis; just seems iOS source isn't such a big deal after that).
The FBI is taking this public at a politically opportune time to try to make it so they can order this type of thing for any digital device they physically possess.
There's also a bit of me that thinks the timing is also a convenient way to influence the presidential election. Law enforcement groups are heavily Republican. Encryption has been a topic brought up in the debates. Dems usually say things like "We just need to ask nicely and they'll help us out, I know it"; to your average voter, this is proof-positive that that's not true, and it gives the law-and-order candidates remaining in the GOP field (which, I guess remaining are Cruz and Bush? This would've helped Christie and hurt Fiorina) a very powerful amplifier for their anti-crypto positions.
> " So the reason why price-fixing is illegal, and also unethical, is not that it hurts consumers. The key reason is that it violates one of the basic requirements for markets to work efficiently. In order for markets to function with anything approaching efficiency — never mind fairness — several conditions must obtain: for starters, there must be sufficient information in the hands of both buyer and seller, and the costs of transactions must be borne by the participants, rather than spilling over onto bystanders. But most important for the present case, markets can only be efficient if buyers have real options — that is, if no seller has the power to bully the market. Behavior aimed at letting one seller, or a group of sellers, bully the market is contrary to the requirements of efficient markets." http://businessethicsblog.com/2013/06/07/price-fixing-not-ju...
If anything, they are sorry they got caught. If they could get away with it, they would definitely have continued to kill jailbroken phones as much as they can.
With the amount of publicity that Apple gets, it would be silly for them to not properly address this issue in a way that both furthers their current pro privacy stance but also caters to their customers.
Any time I hear the term "Apple hater" with no justification or reasoning, I can't help but think that person is of the lowest intelligence.
(Or Android hater, or any other tech "hater" for that matter. Why can't we accept that companies do different things without proclaiming ourselves as "haters"?)
The paradox of tolerance arises when a tolerant person holds antagonistic views towards intolerance, and hence is intolerant of it. The tolerant individual would then be by definition intolerant of intolerance. [1]
“The so-called paradox of freedom is the argument that freedom in the sense of absence of any constraining control must lead to very great restraint, since it makes the bully free to enslave the meek. The idea is, in a slightly different form, and with very different tendency, clearly expressed in Plato.
Less well known is the paradox of tolerance: Unlimited tolerance must lead to the disappearance of tolerance. If we extend unlimited tolerance even to those who are intolerant, if we are not prepared to defend a tolerant society against the onslaught of the intolerant, then the tolerant will be destroyed, and tolerance with them. — In this formulation, I do not imply, for instance, that we should always suppress the utterance of intolerant philosophies; as long as we can counter them by rational argument and keep them in check by public opinion, suppression would certainly be unwise. But we should claim the right to suppress them if necessary even by force; for it may easily turn out that they are not prepared to meet us on the level of rational argument, but begin by denouncing all argument; they may forbid their followers to listen to rational argument, because it is deceptive, and teach them to answer arguments by the use of their fists or pistols. We should therefore claim, in the name of tolerance, the right not to tolerate the intolerant. We should claim that any movement preaching intolerance places itself outside the law, and we should consider incitement to intolerance and persecution as criminal, in the same way as we should consider incitement to murder, or to kidnapping, or to the revival of the slave trade, as criminal.”
― Karl Popper, The Open Society and Its Enemies [2]
How does Popper address the staggering power imbalance required to use force to suppress intolerance? Can genuine tolerance ever exist in a society where the strong dictate what is politically correct?
"Tolerance," to me, has a simple definition: whoever uses force first is the one who's intolerant. I'd be curious to know how Popper avoided the same conclusion.
How so? If I don't lift a finger against you (and that includes voting to use government-based force against you), then why is it important for you to control what opinions I can express?
It's not about controlling which opinions you can express, it's about how to react to them. It's possible for both of us to be intolerant without resorting to physical violence or government-based force.
If you express an intolerant opinion, it's important for me to express that I think you're full of shit and why, and that I won't tolerate it, without physically lifting a finger against you, or otherwise trying to destroy your life or well being. That's how and why freedom of speech works. It doesn't indemnify you from the consequences of expressing your opinions.
I am fully justified in expressing my intolerance of your intolerance without resorting to violence. I'm not going to wait for you to go as far as to hit me in the face or spend money on a propaganda campaign that's actively trying to destroy my marriage (for example), before I verbally express my intolerance of something you said or did.
But if you donated to a political campaign that results in destroying my marriage, or if you're the executive director of an organization dedicated to that cause, and I find out that you've been having gay sex orgies on the low down, or cheating on your wife on Ashley Madison, then it's totally justified for me to publicly out you, and if your wife decides to divorce you or FRC decides to fire you upon learning that, then it's between you and them, and what I did was totally justified, no matter how much you feel like playing the victim.
I don't see where we disagree. Like voting for an intolerant political candidate, I'd consider donating to them to be use of force. It's no longer a matter of simple "intolerance" once that happens. At that point I've lifted a finger, so to speak, just as if I'd paid a thug to beat up some gays outside a bar.
Simply expressing verbal support for the candidate, on the other hand, wouldn't be an instance of the use of force.
The passage from Karl Popper you quoted contains the problematic language, "But we should claim the right to suppress (utterances of intolerance) if necessary even by force." That's where an arbitrary exercise of unequal power comes in. Unless Popper is claiming that an external source of morality exists to decide who's allowed to respond to speech with violence and who is not, he's on very shaky philosophical ground.
I'm the hater: I thought they were givens when dealing with "Apple Haters" I can go off the top of my head!
Original Mac replaced the over $10,000 Lisa for a quarter of the price then left the color option off the market for over a year. (My dad was buying the first Mac when the color one comes out ended up with an Amiga).
Amgia: Apple lied about the capabilities of the Amiga. My Amiga 1000 at 7.16 MHz could run an emulator of the MacOS at 7.8336 MHz BOTH on the same 68000 CPU and the Amiga out preformed it in benchmarks. The Mac took many years to catch up to the Amiga. Amiga had analogue colors and Mac had a extremely limited range of colors that were digital.
You ever have to service the old Apple Printers? WOW they were HORRIBLE!
Even worse did you ever have to work with Token Rings?!?!?! I will never be able to read Lord of the Rings without going into a rage about the 1990s networking with these beauts!
The "Pro-Tools" era of Digital audio. Even after the need for proprietary hardware for I/O was over (1998 or so) they continued to sell many many thousands of dollars inputs based on false information provided by Apple.
Lies: No malware or virus. No crashes. - No OS is safe (They even use to suggest that people have an anti-virus program running on OS X on their website) Still today OS X and Apple software crashes all the time on me. Just Sunday a mission critical part of the presentation refused to work till after a hard reboot and re-install of the software.
Litigation as a tool to stop competition.
Present Day: Price Fixing which breaks down the rights of the buyer to have the power and knowledge in purchasing (This is why it is illegag.
Walled garden - I'm an old school Hacker who prefer Linux and open hardware.
Macs life span is so short presently. Apple doesn't even tell you what the life span of their OS releases will be (Unless that changed recently)
30% commission on apps, books and well everyone's work. This causes Apple (Google also guilty of this) to make more off of people's work then the creators do. This is part of the reason why we had the EBook price fixing issue.
OS X and Apple Software UI is very limiting and causes me to go mad trying to remember what the "Apple Way" is. My biggest pet peeve is Final Cut does not have a Render for the longest time. I had to always go search for the way to just pre-render and final render video projects to export. This made me look silly BUT Final Cut added render as an actual term a few years ago. Render was the technical word for all video editing EXCEPT Final Cut!
I could go on for much more and I am sure you disagree with all of it, but to say someone disagrees with something you prefer as being unintelligent just means you have your own bias that allow you to believe you are smarter due to your preferences.
They want developers to go against their best interests and only develop apps for a very small portion of users. They don't want to compete fairly with developers, making some capabilities inaccessible to developers while keeping them accessible to themselves. If you as a developer are ok with this, it must be some kind of stockholm syndrome.
This seems like the right thing to do - disable the unauthorized Touch ID sensor, but don't brick the phone. The secure enclave is still intact and secure, and if you want Touch ID back, you can get it repaired with authorized parts.
This is not Apple's policy (as they informed me).
Once a device has been compromised in any way, they will no longer touch it. If you want it repaired, you either go through a 3rd party repairer or you get it replaced under insurance.
Also, Apple don't sell Authorised parts and I could not find anyone that provided genuine OEM parts.
You are correct that Apple does not sell parts--and thus "genuine OEM parts" do not exist outside of an Apple store. That being said, most highly-rated third-party repair shops use high-quality screens that are pretty much indistinguishable from your original Apple screen.
Check reviews and ratings of any third-party store before you get your phone repaired. There are great ones and there are terrible ones, just like with any service business. And if anyone from any store tells you they buy iPhone screens from Apple, or that they do use "genuine OEM parts", now you know--they are lying.
haha no, they either use completely fake screen/glass, or fancier "higher quality" (as in not completely shit) recycled gorilla glass + counterfeit screen combo.
What is worse there are no 100% reliable sources of spare parts and you can never be confident about the next shipment.
Yep. I get what you are saying. A lot of disreputable crap happens in this industry, and it's unfortunate.
We have gotten to the point with our distributors where we order in such large quantities that they know us personally--and they also know we're going to send a screen back if it even has one dead pixel. So they send us their best stuff. We still have a small failure rate, which we mitigate by testing each screen as much as we can before giving it back to the customer and then offering a 1-year warranty for manufacturer defects on the screen as well.
It's the best we can do--no matter what technology you buy, unfortunately, it's never going to be 100% perfect. You buy from the vendors that are the most consistent and you pay a bit more for a higher quality product. And, as a customer, that's why I always recommend you read online reviews before you take your phone or computer to be serviced somewhere. The good places have great reviews because they take care of their customers.
Many of the replacement screens available on the market are from iPhones where the top layer of glass broke, but the LCD is still intact. These broken screens get purchased from screen replacement stores and sent to China, where factories carefully adhere new glass to the top of the phone and ship it back as a replacement screen.
Both Chinese distributors and some less-reputable cell phone repair stores love to advertise these screens as "OEM." However, they are NOT, because the new glass doesn't come from Apple. It can't, because Apple doesn't sell replacement parts. So, while part of the screen (the original LCD) may indeed be "OEM", the entire screen--as a whole--is NOT. And that is why we do not call it "OEM" and I will publicly call BS on other places that do.
Again: OEM replacement screens do not exist unless you go to an Apple Store. Apple does not sell the parts. High-quality replacement screens with Gorilla Glass are pretty much indistinguishable from the original, but they are not 100% OEM and should not be labeled as such.
You're talking about screens. Your original comment specified "parts". Things like home buttons, ribbon cables, chassis, battery, camera modules, etc, can all be OEM.
You can stomp up and down and say OEM parts don't exist, but they do. Not only that, but phones that are bricked, stolen, or maybe even water damaged slightly could have the screen salvaged assuming it wasn't ruined. They do exist.
Will you be lucky to get an OEM screen, probably not, but my comment was to highlight the fact that what you're saying about parts being 3rd party 100% of the time are impossible.
My understanding is that this is more of a software issue: only Apple and authorized service providers are able to pair a particular TouchID sensor with a device.
The only "authorized service provider" for iPhone screen and home button issues is the Apple Store. Apple doesn't license or sell parts to anyone else for iPhone screen repairs.
If you get your home button repaired by a third party, now, Touch ID simply won't work. Seems reasonable considering home button issues that would require repair are relatively rare--phones with destroyed home buttons are usually in such bad shape that the owner is just glad to get a working phone back, never mind the Touch ID.
Apple Stores usually won't work on phones with bent frames, severe water damage, etc. anyway--they'll just try to sell you a new (refurbished) phone. Third party repair stores will attempt the repair and can often fix the phone, resulting in a happy customer who gets a cheaper repair and gets to keep the data on their phone.
There actually are AASPs for the iPhone; however the only ones that exist are fairly long-standing and grandfathered in. Apple does not allow for new AASPs. I have a very close friend that works for the lone AASP in Auburn, AL (notable because Tim Cook is an Auburn aluminus).
They can do the repair, but it's not a painless one because it does still require a good bit of back and forth with Apple.
Yes, but if you stored all your bank accounts, credit cards, and private photos in your car, and any repair shop could connect a USB thumb drive and download the contents unencrypted, wouldn't you want a little bit of cryptographic insurance that that wasn't possible?
> Yes, but if you stored all your bank accounts, credit cards
I wouldn't be surprised if Apple Pay was the actual reason behind all this stuff.
Malware is bad, but malware which can "authorize" payments is a whole new level of bad and would cost Apple actual money. So they run Pay on a separate CPU whose communications with the fingerprint scanner are encrypted to prevent the main CPU (which relays those communications) from replaying user's fingerprint many times to "authorize" unwanted transactions. Hence the "pairing" of home button to the phone.
Pretty much all Android devices fit this profile. Even the new encryption-by-default policy announced by Google was only initially applied to Nexus devices, even up until last year. Other vendors may have adopted it more recently but they originally failed to publicize this subtext. The issue apparently was most devices didn't have proper crypto hardware acceleration so it couldn't be applied uniformly across all vendors and only Nexus devices were automatically encrypted post OS install. Hopefully that has changed with newer devices.
Regarding specific hardware tied to a device cryptographically, I'm on the fence about this. This is similar to signing-keys used with kernel modules which is still widely used in Windows.
On HN people have speculated that having a manual 'switch' to toggle on the motherboard for doing firmware updates. So the device can't be tampered with remotely. That seems ideal for that threat model.
But I personally don't see a problem with what Apple is doing here even though it's with physical access. Primarily considering the product is an iPhone which is generally sold as an all-encompassing product/service by Apple. It's not a linux-y customizable device. So having the additional security via hardware locked to the Secure Enclave is a value-add if you're going the proprietary route. Apple's customer service is usually quite good, so that's not a significant barrier. There are other options on the market if you want cheap 3rd-party repairs.
Why not just ask the user if they want to trust the new sensor and authenticate using the password? If attackers have the password you've already lost, so as far as I can tell there's little security risk in allowing that.
Because we already know from long experience that most people don't have the patience or capability to answer security questions.
The reality is that an unscrupulous repair shop will just answer yes to the prompt (or tell the user to answer yes).
People clicked "install" when prompted by IE to install an unrestricted ActiveX control because a banner ad wanted them to "punch the monkey". Do you really think they're going to think about the security of a touch sensor?
Now take it one step further and imagine a government spy agency wants to intercept phones and replace parts. (In fact I'm sure it is already happening).
Couldn't an unscrupulous repair shop just install an event logger in the screen to get the password and skip this whole touchid business? Or even give you back a different phone that just looks like yours and requests your password?
Fundamentally, I feel the real question is who gets to decide who I trust. I want to choose for myself.
Even if someone guesses my PIN, I still don't want them to be able to get a copy of my fingerprint sensor data. Who knows how many multi-factor auth systems will use fingerprints in the future? Stolen fingerprint data could become the next SSN that people use to steal identities.
It seems unlikely that any sensible system would use fingerprint data for security, given how easy it is to spoof. You leave your fingerprints everywhere and can't protect them once you've left the area.
Authenticator + smart phone is not ideal but it's still better than fingerprints. It's harder to steal a phone from somebody, while it's almost impossible to prevent the theft of your fingerprints.
Surely a middle ground is possible? Something along the lines of "Your TouchID sensor has been replaced. If you did not expect this, please take your iPhone to an Apple Store for servicing as your security may be compromised. Otherwise log in with your password to re-enable your device".
The other problem as long as we're continuing with the "user is an idiot" hypothesis is that users don't read error messages. They see a box with a bunch of mumbo-jumbo[1] that's standing in the way of them doing whatever they were doing before the dialog rudely intruded.
I think the issue there is a matter of trust in the hardware too. What if the replacement fingerprint reader has a recorder that sends that fingerprint to the repair shop and the user authorizes it? Now some shady backdoor people have your fingerprint and possibly your pin and any other information that passes through that sensor. It makes sense for Apple to verify the integrity of that hardware chain all the way through when they could potentially be liable for something like that. While they could take the stance that they won't be liable for any phone with a replaced sensor, at that point it's difficult to determine where in that chain the breach happened.
By re-enable your device, I meant also re-enabling TouchID (basically saying I trust the new piece of hardware as an auth. method), which this update doesn't do.
Ie, I add a logger to your sensor, get all of your data, then make a sensor that translates my fingerprint to look like your fingerprint (or just always sends your fingerprint)
What threat model do you work under that an attacker would have physical access to the device long enough to replace an entire sensor, but would not have the resources to just take your fingerprints off the physical device?
you mean like taking a photocopy of your finger, licking it, sticking to fingerprint reader and getting a perfect bypass because biometrics is a JOKE and marketing bullet point?
"The fingerprint sensor is active only when the capacitive steel ring that surrounds the Home button detects the touch of a finger, which triggers the advanced imaging array to scan the finger and send the scan to the Secure Enclave"
Right? So I still can't see why a 3rd party touch ID sensor can't speak the protocol towards the secure enclave. Can you enlighten me on this?
Edit (rate limited) for answer below: Is your argument still valid if you can already can use a dummy finger to unlock your phone as per various CCC videos demonstrated?
If you allow a 3rd party Touch ID sensor to send fingerprint data, you could compromise a powered on iPhone by connecting a malicious Touch ID sensor to it and sending spoofed fingerprints to unlock it.
Isn't the fingerprint data (hash, whatever) stored in the secure enclave? If you're sending spoofed fingerprints, you'd trigger the firmware 5 attempts lockout and need a password.
Not really. Need a replacement ignition key for your VW? You must go to the dealer to get it paired with the immobilizer via live diagnostic link to Germany. And right so IMO.
But if I can update the firmware to make it easier to brute-force the pin, that's bad. Previously there was speculation that a firmware update to the secure enclave would wipe the contents of the secure enclave.
If that's not the case, then the whole design of a simple pin combined with a complex device id to form a secure key is not as strong as was thought.
Basically, everyone should now use an alphanumeric password on their phones and not rely on the 10-tries limit or on the exponentially increasing delays.
Assuming you are referring to the San Bernardino case, that is an iPhone 5c which features an A6 series CPU. The Secure Enclave feature was introduced with the A7 [1].
The point is, it was speculated that if the phone had a Secure Enclave it would be impossible for Apple to meet the FBI's request, but it appears that even Secure Enclave phones are vulnerable.
A possible mitigation against the "FBI attack" (which I don't know if Apple has implemented), while still allowing SEP firmware updates, would be to have a simple routine in ROM that the SEP always runs upon boot (before running the SEP firmware blob) to verify that as hash of the firmware blob matches the one previously recorded by the SEP. If it doesn't, it could either wipe and update the hash, or refuse to boot until the previous blob is restored. When updating the firmware normally, the SEP would simply verify the user enters their pin before updating the hash.
Or simply require pin entry (or wipe) for all DFU firmware updates, which seems like a much safer option.
This appears to be true. If you look at Page 5 of [1], there's a side note about DFU mode. There's no indication that updating the firmware wipes the secure contents of the device, which it would need to in order to be secure:
"""
Entering Device Firmware Upgrade (DFU) mode
Restoring a device after it enters DFU mode returns it to known good state with the certainty that only unmodified Apple-signed code is present. DFU mode can be entered manually: First connect the device to a computer using a USB cable, then hold down both the Home and Sleep/Wake buttons. After 8 seconds, release the Sleep/Wake button while continuing to hold down the Home button. Note: Nothing will be displayed on the screen when the device is in DFU mode. If the Apple logo appears, the Sleep/Wake button was held down too long.
"""
But we agree that the Secure Enclave code CAN be updated, correct? I know that it can, because I remember an iOS update that fixed a problem with Touch ID on my iPhone 5s. If the DFU mode can't do it, then you just need to load an OS that will do it.
The only question is, does the existing firmware blank the store keys before flashing the new update. I didn't see any indication that it does.
It seems like it can be updated but it's not clear whether there are any restrictions on that process. It might accept any signed update but that wouldn't be enough if it required Touch ID or the phone to be unlocked to avoid clearing the HSM.
Yes, but there was a long subthread yesterday dealing with the theoretical aspects of the case: whether it was possible for Apple to ship a phone where compliance with the kind of court order would be impossible.
Lots of people felt (IMHO with poor understandings of the situation) that it was, and that a modern iPhone would never be "hackable" by the government in this way. That turns out not to be the case, for the obvious reason that Apple needs to be able to ship modified firmware for the enclave, and that modified firmware can always contain modifications to emit the encryption keys in a way that the original security metaphor wouldn't have permitted.
It would be entirely possible for the secure enclave to refuse a firmware update while the device is locked. Or as an alternative to refusing, it could ensure the NVRAM is reset in the process, rendering the encryption keys permanently lost.
Arrgh, no What you suggest is not possible if the firmware for the enclave is stored off-chip in mutable storage. Or rather, you could do it, but you'd have to hash the firmware and simply refuse to run any new firmware without a data wipe. Things like eMMC's RPMB partitions are designed to work around this (by having the transactions encrypted by a secret key stored on the SoC, generally in wrote-once fuses), but then you have the problem that you'd have to wipe all data on any firmware update, which relevant to this thread we now know is not the case.
Basically: people are hanging their determination that "the iPhone is secure from government snooping by technological measures" on a completely unattested fantasy design. The real device almost certainly doesn't work like that, and even Apple hasn't claimed that it does.
I'm saying that placing bets on the security of devices based on speculation is a bad idea. Lots of people seem to want to hide behind the "iPhone can't be snooped" shield that has been built in this community, and to my reasonably well-informed eyes that's misguided.
But even on the technical side, my point was stronger: the fact that the enclave firmware was just updated to behave differently without wiping the data that it controls argues very (very!) strongly that the "snoop-proof" feature you believe exists... doesn't.
I agree, we shouldn't be placing bets. I wasn't. I was just saying that it is technically possible to implement a secure enclave that can protect its data against firmware updates while the device is locked.
The fact that the enclave firmware can be seamlessly updated while in an unlocked state is not evidence that the enclave firmware can be seamlessly in a locked state.
The iPhone 5/5C does not have a secure enclave. That was a feature of the A7 chip in the 5S and newer. This is how it's possible for Apple to modify the phone's firmware without wiping the phone. I suspect that the iPhone 5/5C and older's encryption key was stored on a regular flash chip somewhere.
edit: the "firmware" update is an iOS update that removes the software limitation. SOFTWARE LIMITATION. On newer iPhones it's hardware (secure enclave).
Yes, you can do an firmware update on an encrypted iPhone. It's not full disk encryption. Only user data is encrypted.
This is incorrect - the Secure Enclave is a separate CPU, but the rate limiter is still software, and its firmware can (currently) be updated without erasing keys:
Where is the evidence that the Secure Enclave's software can be updated without erasing keys?
The article states:
"Apple can update the SE firmware, it does not require the phone passcode, and it does not wipe user data on update."
But it does not support this statement in any way. In my experience, it does either require the phone passcode, or it wipes the data. Of course, I have no idea where that requirement is implemented.
It would be easy and sensible to have the secure enclave require the passcode for an update to its own firmware, or erase the keys it holds when applying such an update without the passcode. Apple doesn't say they do it from what I can tell, but it would fit with everything else they do, it's pretty easy to do, and I've seen no indication that it doesn't do this.
Sounds like you know something the FBI is missing in the San Bernadino case! Definitely shoot them an email about how updating the firmware makes it easier to brute-force the pin.
The FBI is currently trying to force Apple to produce the modified firmware he is talking about. I'm not sure why you think he is suggesting he knows more than them.
Discussion of the Secure Enclave has no bearing on the practicality of the FBI's request. The iPhone the FBI is asking Apple to break into is an older model that doesn't have a Secure Enclave.
It's pretty well accepted at this point that Apple is capable of complying with the FBI's request. The big question is whether Apple would be capable of complying with a similar request with a newer iPhone that includes a Secure Enclave.
That article is pure speculation and is pretty much worthless.
It's claim that the Secure Enclave is comprimisable is based on Apple releasing a firmware update that "increased delays between passcode attempts". From this the author then assumes that Apple then has the ability to "disable passcode delays and auto erase". There is no evidence for this. And there are plenty of other scenarios like their being a hardware minimum attempt delay, auto erase not being possible or the maximum attempt count implemented in hardware.
So, anyone who dropped the cash to buy a new iPhone gets it for free (with a working touch ID sensor), but anyone who couldn't afford to buy a new iPhone has to pay for an official touch ID sensor? Ouch.
To be fair, I'm not sure a new touchID sensor is expensive. I cracked the screen on my 6 the other day, and was investigating DIY screen replacements. $100 for screen+digitizer not so bad, but I hear the replacement is a bit of a bear.
Fortunately a friend overheard my conversation and recommended I just take it to Apple. Sure enough, screen replacements are something like $105 out the door. The replace the screen and digitizer.
When I went back for my phone, they told me they tried 2 new screens+digitizers and neither one worked, so they just gave me a new phone for the "screen replacement" price.
Needless to say, I was quite happy I didn't try to DIY. I had no idea the "official" Apple repairs would be so cheap. I guess things have gotten a lot more consumer friendly since the bad PR days of cracked screens.
I'm not sure if the home button is replaced in a screen replacement, but I can't imagine it's particularly expensive vs a screen+digitizer replacement.
I managed to get an almost invisible hairline crack in my screen - could only really see it with the right angle. Made a genius bar appointment then sat around for an hour waiting whilst they were swamped. A nice lady appeared, looked at the screen, was impressed how subtle the crack was, and then gave me a new phone rather than fixing the screen because they'd kept me hanging around for an hour.
Compared with every other customer service experience I've had, this is gold standard and means I'll almost certainly keep buying Apple kit (although my current battery issues aren't being handled as effectively, mind.)
Next time, take it to a third-party repair shop. (Check reviews and ratings before you go to one!) Usually, they can bend the frame out. Should save you a lot of money over a replacement from Apple. (Note: I co-own a repair shop and we do this often for customers. We've had customers bring phones in that are almost a V shape and we've been able to bring them back to life.)
Also, in the early days, Apple basically said "buy a new phone". They got some bad PR about it and came up with the repair program. I think it well predates the 5S though.
Some part of me believes that the old Apple that Steve Jobs was in control would have stood his ground with "Error 53." The Tim Cook Apple is a lot more compassionate with respect to these sort of things.
i used to work as a genius, and left a few years back. When i left, the genius role basically became 60-70% display replacements for iphones, and no macs at all.
When you get a display replaced, the phone goes through 2 machines, one of which calibrates the phone by launching some weird firmware while in the machine (actually kinda neat, its like a DFU mode but it doesn't wipe the phone in the process)
Since every phone has to run through the machine, it creates a backlog of phones that are waiting. These phones work without being put through the machine, but sometimes the displays are fucked and the machine detects that (and the phone then gets a new display, etc etc).
The machine also pairs the display with the phone, so that Applecare have a record of what display is currently on what phone.
If you take your phone in again, they do a spot check to make sure that display matches and they're good to go. If it doesn't, then they're supposed to refuse service (cause its likely that it was done at a dodgy repairer).
HOWEVER! I've seen phones get stuck in weird loops as soon as they're restarted if they haven't been put through the machine yet. The phone basically is fucked at that point and needs replacement. Remember, this is a legit repair that has caused this, and happens way more than you think (maybe 1 in 20 when i left, its probably better now).
Therefore, they are probably taking this route because they can't be sure that they aren't the cause of the fuckups.
Maybe this is a silly question, but does anyone know how secure the TouchID on the iPhone is compared to the 4 digit pin? I remember from a comment in the Android source that the android 5 face recognition is about equivalent to a 3 digit pin. Is TouchID more secure or less secure than the 4 digit pin?
Is it more tractable or less tractable for someone to brute-force the 4 digit pin than the TouchID? I.e. if someone wanted to get into my phone, and they removed the official TouchID sensor and now it falls back on a 4 digit pin, does that do them any good?
I wonder if I could get the old behaviour back - if someone was tampering with my phone by removing the sensor, is there any way of bricking the phone until I can get it to an apple store?
FYI, it's slightly difficult to brute force the touch ID, because the secure enclave will wipe the derived PIN key (that it holds in internal memory, after receiving a signed message from the touch id sensor) in a reboot or after 48 hours.
The white paper Apple released two years ago said this:
> Touch ID can be trained to recognize up to ve di erent ngers. With one finger enrolled, the chance of a random match with someone else is 1 in 50,000. However, Touch ID allows only ve unsuccessful ngerprint match attempts before the user is required to enter a passcode to obtain access.
So that's at least 4 digits. Newer devices like the 6 series and 6s series may have better sensors.
Interesting ... So apple was falling back on the 4 digit pin anyways when you failed the touch ID. So it seems fair to say that this change doesn't compromise the security of the device at all.
When you enroll in TouchID they strongly suggest a real password (instead of a code). Also I believe Apple upped the base requirement to 6 digits in iOS 9 or so.
The problem with TouchID against even a moderately sophisticated attacker is that you leave fingerprints everywhere, including, say, on the phone itself.
I remember an episode of macgyver where macgyver gets past a handprint scanner by sprinkling baking soda over it; it adhered to the oil left on the scanner by the previous user and he got in.
I am a little torn on this given there isn't a cited source and I don't know if Apple would give TC (or anyone) an exclusive on this. If it's true we're dancing in the streets though!
I'm also seeing "Last modified: Dec 21, 2015", as is the Google Cache of the page and the Web Archive. I'd assume it was published with the wrong date, and the correction hasn't fully propagated Apple's CDN/cache.
Wow- this is great for me. I have been sitting on iOS8 for some time now because of this.
I broke my screen and home button and had them replaced before I went on vacation. Luckily I had read about the error 53 issue before attempting to upgrade my jailbroken device.
I'm very surprised Apple would respond so well to an issue typically caused by 3rd party repairs.
Apparently OTA updates don't suffer from this, so you could try soft-restoring your device (there's a Cydia tweak for that), then doing the OTA update to 9.x.
I admit to being so cynical that this was the first thought that passed through my head, too — and I dismissed it as being paranoid... yeah but... some things just rub you up the wrong way, don't they?
Does apple make lot of money or loose lot of money on repairs? Or else they should let third party repairs.Typically for product companies it is better if they have ECO system of repairs/service by third party so that they them selves don't have to support for long which costs lot of money. Other than life safety devices others should allow customer who want to repair their product should be allowed.
The part cost wholesale (ordering 100+ of them at a time) is $74-$78 currently for a high quality LCD+digitizer for an iPhone 6.
Note that Apple doesn't sell parts directly, and any third-party repair store that says differently is lying to you. There are, however, plenty of high-quality replacement parts available from other distributors.
Apple is great at manufacturing and logistics though, so the parts are probably pretty cheap for them even though they're also good quality (well, likely better than you'd find in the aftermarket or on eBay). The repairs they do are fairly simple, so combined with their ability to control the experience and make sure it doesn't suck for consumers helping their brand, it's another revenue channel for them.
Edit: even if they're losing money on every repair, it might be worth it to them to give people the peace of mind of knowing that they can "take it back to where they got it" to have it fixed if anything bad happens. That's not a common thing with electronics these days.
Repairs are part of the Apple ecosystem, hence the whole "Genius Bar" thing. Apple wants to control the whole experience from purchase onwards. And let me tell you, they treat you very well. When I was under warranty they always tracked down my issue and even found things I didn't notice like my trackpad going bad. Apple does have licensed third party repairers. People also use unlicensed repairers and repair their own devices all the time such as with screens. The situation here was that unlicensed parts were a security risk and their factory tests were left in which bricked the devices. Now TouchID is just disabled.
This is a common misconception. Apple DOES license repair shops for Mac repairs. However, those licensed shops cannot do iPhone screen repairs, per their agreement with Apple. Apple doesn't have any way to get licensed for iPhone screen repairs--nor do they sell "official" Apple parts. Hence, the huge third-party repair industry that has popped up, complete with distributors offering high-quality screen/digitizer replacements and stores that will replace screens.
I haven't seen the precise wording of the agreement, but I have talked to multiple "authorized repair center" owners, and my understanding is that they can only replace batteries on iPhones, and even then they must submit the serial number of the phone to Apple and wait for Apple to ship them a battery. That's an awful deal compared to third party repair centers, which can stock batteries, replace them quickly, and warranty the batteries themselves if a customer has issues.
As far as software issues go, we really only get two of them at our store: either someone is out of space on their phone, or their phone won't install the latest iOS update. (We got a million of the latter when iOS 9 came out.) There's not much money to be made with either of those two issues, and they're both relatively rare compared to broken screens, so even if they are allowed to fix software issues, it's certainly not a money maker for them.
Unfortunately for these businesses, being an authorized Apple repair center doesn't exactly bring in the big bucks these days. Strange that Apple won't do an entire program for screen repairs--it'd certainly make them a killing to do so--but it's their prerogative, I suppose.
Apple actively fights with 3rd party repair services. At the same time there is a huge list of things that make you lose coverage. From famous Pink Dot moisture indicator (changing color due to sweat/climate) to scratched laptop lids.
What better way to make money than forcing your user to upgrade every time product dies?
Anybody with common sense. Do you really think that Apple, who prides themselves on having outstanding customer satisfaction, would deliberately try to brick their customers phones through something this obvious?
Apple definitely looks out of their own interests, but they jump through a lot of hoops to protect their customers from bad experiences, especially since the obvious implementation was to just disable the fingerprint sensor if can't be trusted.
Edit: additional info from the TC article: <<The update is not for users who update their iPhones over the air (OTA) via iCloud. If you update your phone that way, you should never have encountered Error 53 in the first place.>> Your conspiracy theory would really require that they brick phones through both the OTA and iTunes update.
>> they jump through a lot of hoops to protect their customers from bad experiences,
I would say Apple is one of the best, if not the best company for customer service, but I wouldn't go so far as to make a blanket statement like that.
There are a lot of 2011 Macbook Pro owners (me being one of them) who would disagree.
There were thousands of complaints in the Apple support forums, several articles in major Apple/Tech blogs, etc. It took well over a year for the issue to be acknowledged. In that regard, I'm kinda jealous how fast this Error 53 thing got resolved.
> Do you really think that Apple, who prides themselves on having outstanding customer satisfaction, would deliberately try to brick their customers phones through something this obvious?
Yes I do think that they would attempt to discourage unauthorized repairs in such a way for less-than-noble reasons.
If you think it was a mistake, then can you explain why Apple wasn't bothered to do anything until someone ran an article on it and publicized it?
A thought experiment: suppose you are in charge of handling repairs for a multinational fleet of hundreds of millions of devices.
One thing you'll probably do is triage: by looking at the numbers of devices that fail in various ways, you can optimize your parts channels, training, processes, etc. in various ways. This is business 101.
Now try to guess how many people have been experiencing this error. My guess is it is a pretty small percentage of several hundred million. I also guess that there are a number of other failure modes affecting similarly small groups of users. In a device as complex as the iPhone, with a population that large, there has to be.
But wait! Now the press is hammering you over one of those small-population failure modes. Everything else equal, you're an idiot if you don't handle that one first.
Of course, thought, this is Apple. So the reasonable, simple explanation makes no sense and instead Occam's Second Exception indicates that when Apple is involved, skullduggery and shenanigans are the only reasonable explanation.
Triaging by data is just the first step. Once you decide it's an actual problem you have to be able to reproduce it. To confirm this is happening, you have to get production phones, then do an out-of-process rework, then do this for different OS versions, OS upgrade methods, iTunes version, etc... Reworking this sensor is not an easy task so you have to have someone do it for you and get their time, etc... It's actually a pretty big project to do this correctly.
> Yes I do think that they would attempt to discourage unauthorized repairs in such a way for less-than-noble reasons.
Repairs are not really a revenue stream. Apple Care is a revenue stream but the incentive is to not repair. Since every repair logged against Apple Care is a cost, it doesn't make sense that Apple would want to do this themselves from a purely economic perspective.
I've been in HW all my working life. Any field return is expensive and resource intensive to handle and you cannot pass all those costs onto your customers. You do it to provide good service to your customers. You eat the repair cost as part of internal warranty cost which is built into the pricing of every unit sold.
What you are saying just doesn't make sense to me.
As a user I don't want any yahoo being able to replace my touch ID sensor. I have tons of sensitive information on my phone. I want that thing disabled if touch ID breaks or has been tampered with.
>If you think it was a mistake, then can you explain why Apple wasn't bothered to do anything until someone ran an article on it and publicized it?
How do you know that they didn't "bother to do anything" on this issue until someone ran an article?
Precisely. Repairs are a cost. Turning people away because of pink dot, visible signs of 3rd party repair or Error 53 avoids that costs and provides opportunity for a new sale.
> If you think it was a mistake, then can you explain why Apple wasn't bothered to do anything until someone ran an article on it and publicized it?
That hardly takes too much imagination. One possible explanation is that higher-ups in Apple read the news, but not necessarily every single "the Apple Store won't replace my broken phone" complaint.
> That hardly takes too much imagination. One possible explanation is that higher-ups in Apple read the news, but not necessarily every single "the Apple Store won't replace my broken phone" complaint.
For a company that takes so much pride in supporting its customers, you'd think the stores would have been able to contact Apple internally to find out what the error even is before saying they won't fix it, right? Which would have led them to realize it was not meant to be running in production?
It seems entirely probable to me that most of the Apple Store incidents for this went along the lines of "I got this repaired at a repair shop and now it doesn't work!" "Unfortunately, we can't fix an issue caused by an unauthorized repair. Go back to them." I certainly don't think I'd have dug much further if I worked retail.
<<Yes I do think that they would attempt to discourage unauthorized repairs in such a way for less-than-noble reasons.>>
I have added some additional information to the parent comment (i.e., only bricked updates via iTunes, not OTA) that further undermine the theory that this was a deliberate change. I realize that you could still argue that the actual bug was that the OTA update did not brick the phones, but Occam's razor really starts applying...
<<If you think it was a mistake, then can you explain why Apple wasn't bothered to do anything until someone ran an article on it and publicized it?>>
I do agree with you that Apple has a long record of dragging their feet to issue fixes for pretty significant bugs, so it is possible that the press caused them the issue the patch faster.
> Do you really think that Apple, who prides themselves on having outstanding customer satisfaction, would deliberately try to brick their customers phones through something this obvious?
I don't buy Apple products for this specific reason. My answer is Apple would and have done it. I am not an Apple typical customer, I love to hack and take things apart.
> "Warning: Apple has discovered that some of the unauthorized unlocking programs available on the Internet may cause irreparable damage to the iPhone's software," the message read. "If you have modified your iPhone's software, applying this software update may result in your iPhone becoming permanently inoperable."
I did not downvote you, but I think people might feel that you seem to let your personal disdain for Apple color your response regardless of the facts of the case vs. having a real discussion.
Even this point is a bit disingenuous - your quote from the article in no way supports your position that Apple would deliberately brick your phone - and in fact, there is a quote further down in the article you cited that further undermines this claim:
<<a user identified as ansuz07 said, "The percentage of iPhones that have become bricked from hacks is very low. Even those that experienced problems could be fixed by a simple restore. Apple is going to make it sound a lot worse than it actually is since they are the ones who don't want you to do it in the first place">>
They'd certainly test it at the factory. I'm sure they test it when they do an authorized repair.
The fact it could come up later after a 3rd party repair was done probably wasn't thought of. I'm willing to buy it was an accident. Occam's Razor would seem to support it.
The other theory, that Apple designed this to screw people who went to 3rd party repair shops into buy new phones, requires assuming a fair amount of malicious intent and pre-planning on Apple's part.
Yes, well, it probably helps to know that the Australian Competition and Consumer Commisioon (ACCC) was investigating Apple for abuse of market power over this issue.
The last time this occurred, it was over illegally claiming iPhones and other Apple devices were out of warranty when they weren't, and misleading consumers that to get any form of warranty service after one year they would need to purchase an Apple extended warranty. They were not only fined millions, but were forced into printing a humiliating retraction on their website and in the press - one that basically was reported on worldwide.
I'm not at all surprised they backed down this quickly this time around. It's almost certain they would have been found to have committed the offence of third line forcing, to which there are very, very steep fines.
It is a security feature that your TouchID is disabled when the phone detects a non-official/verified sensor but it wasn't intended to brick the phone, just disabled TouchID. There was a bug that ONLY affected people who update using iTunes (this is rarer than you might think) as it's a diagnostics tool they use in factories where they WANT to get the error 53, they didn't intend that to get out to customers.
I am an Apple hater BUT I have to say very proud of the new Apple and actually saying they made a mistake and apologizes. This and the fight for security are both things as a self proclaimed Apple Hater applaud Apple for doing. Good job!