Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Goodness - a lot of posts but not a lot of actual information.

The sensor and the secure enclave work on the basis of a shared key. The key is (I presume) baked into the sensor, but configurable (by Apple) in the enclave. The key is used to negotiate subsequent, unique session keys which are used to AES encrypt the fingerprint raster scan when it is sent from the sensor to the enclave. After arriving in the enclave and being decrypted it is hashed and compared to a list of existing hashes which represent registered fingerprints. A boolean (yes it matched, or no it didn't) is returned to the app which called the auth API to invoke Touch ID.

Shared key obviously has caveats, but asymmetric stuff like RSA/DH is simply too slow to be done quickly by an onboard crypto engine baked into discrete components like that; ever done a SCEP enrolment and seen how long the enclave takes to generate RSA keys? That would be useless for touch ID.

<Speculation>Even tapping the bus for raw binary going in and out of the CPU won't help you get access to the data, but if you knew what the shared key was you could probably reverse engineer the unique session keys. I don't know how well baked into the enclave/sensor the keys are, but it feels reasonable to assume there's a reason for Apple to be wary of the presence of a component whose key may be known to a malicious actor. Resetting the key inside the enclave is almost certainly done in software as the enclave is basically an HSM - doing so probably involves undocumented APIs and a request signed by an internal Apple certificate authority</Speculation>

If you replace the sensor you need to ensure the keys remain in sync or touch ID simply cannot function. Personally I'd favour an approach which wiped the enclave if there's a key mismatch. Apple have taken a somewhat more draconian approach so I suspect they must be aware of a theoretical attack vector. Given the damage to their business (not to mention potential loss to customers) which would occur if touch ID were compromised, I don't blame them for taking a very conservative approach.

Whilst I have not verified it personally, I'm told a DFU restore after refitting the original sensor will bring it back to life. Whether you still have the old sensor is another matter entirely; probably not! I've yet to see comment as to whether this occurs purely during restore, or whether the check is also made at runtime. If it's the former and you've still got the old sensor there could be a way out.
 
What a bizarre reply. Nothing I said was 'hypothetical'. It's actually happening. And what have cars got to do with anything?

I've never taken my phones anywhere but Apple for repairs. Ever. And I never will. I wouldn't expect Apple to touch a device I had repaired elsewhere. But I also don't expect them to brick my £600 phone because I chose to go elsewhere with a device I own for repair.

But that's not what happening here. People aren't taking iPhones fixed elsewhere back to Apple and expecting them to be repaired. Apple are purposefully and knowingly bricking devices that haven't been repaired by themselves. Those two things are entirely different.

Apples motivation here is money. Plain and simple.

There has been posters saying they've had no repairs at all and are stuck with a bricked device thanks to error 53. It's not 100% accurate and foolproof.
What? The software is not recognizing foreign devices and is issuing the equivalent of a panic.
 
Why?

If my iPhone is out of warranty, then I should be able to have it repaired by who ever I want.

I can see why it might be a good thing to avoid circumventing the security on stolen phones, but from a user standpoint who wants a repair, apple repairs aren't exactly the cheapest, or in the UK and other countries where apple stores are only in big cities, its a pain in the rear not being able to take it to a local phone shop.

Surely though it should fall upon the repairer to competently fix the device, not Apple. If this requires genuine parts, and firmware/software fixes as well as just the hardware, the repairer should surely be aware of this. Does anyone know if iPhones affected by this issue can subsequently be jail-broken as a work around?
 
T wrote before that the "error53" issue should be a matter of Class lawsuit action…

well... this is now beginning:



https://www.macrumors.com/2016/02/08/apple-error-53-lawsuits-and-repairs/

I hope they will succeed.
[doublepost=1454963527][/doublepost]
What? The software is not recognizing foreign devices and is issuing the equivalent of a panic.

You still don´t get the point:

1) Mostly the "foreign device" is in most cases exactly the same as apple uses for their iPhones.

2) Even if you NEVER activated the fingerprint ID, the iPhone gets bricked. though
Sometimes even when you did not even exchange anything …

Why apologism ?

apple has badly designed a sensitive app (apple pay) - they want just to eliminate bad software/security design (access) and let pay their customers for it - even the customers that did not even once activate fingerprint ID nor apple pay…. it is all about economy…

If apple would pay for a new iPhone, this had shown they care about security AND their customers.
Since they care just about bricking apple products and RFUSE to care about their customers problems they show that they want only to protect themselves - and NOT the customers nor help them out of the situation….

Nearly every "extended repair program" was denied by apple for years. In nearly every case they gave up just in the last moment after Class lawsuit action , when it was OBVIOUS that their Ex-customers will win the case… so much for "caring for customers needs"….

T
 
Last edited:
  • Like
Reactions: Ladybug and cfedu
It is so funny, so many of you act as if Apple is the only one that does this. Any manufacturer has the right not to support a product if unauthorized parts are used. And they follow through. Apple is not responsible for changing/writing code to accommodate unauthorized parts, and the moment someone other than Apple or an authorized dealer/repair shop opens up the device all bets are off. It is in the user agreement. Wonder if those shops let their customers know that?


In the terms you agree to when you register the device. What company does not void your warranty or have a clause that lets you know it is voided if an unauthorized dealer/repair shop/ person opens your device?

They are not obligated to to support anyone that voids the warranty. And Apple unlike most help quite a few out when out of warranty or other mishaps where the warranty is voided. It is why there is Apple Care.

And I did not say MS' actions justified anything, but that Apple is not the only company...

Here is the thing, you me, or anyone else alters any of our electronics outside of what is allowed under warranty, and we are SOL...it has been that way for many years. I have altered equipment in the past for work in order to make it work within what was needed...knowing full well that the moment we cracked open the casing all bets were off. We have also had manufactures write us special firmware to suit a project, but if the end user updated it, it would break the system. It is the risk you take or don't. Go to an unauthorized dealer, take your chances.

Also, Apple, Google, Samsung, MS,and others are constantly updating their security. So just because something worked on one revision, does not mean it will work on any others. Just ask the guys that jailbreak their phones.


who cares what other companies are doing? this is an apple forum and thread.

depending on how people want to look at this one. apple changed the code to brick peoples phones which is quite different than not supporting it. its nothing but destruction of devices people own.

i asked you for the specific clause. it should be easy for you to find since you have no problem mentioning it so much.

who is talking about warranty? what difference does that have to make?

you seem to go round and round without actually saying much and ignoring questions.
 
  • Like
Reactions: MrAverigeUser
Dear Apple, I'll get you to replace a shattered screen when you don't charge different based on my storage space. It was $450 to replace a screen on my iPhone 6, I thought fine, when I went into get it changed, I was told it would be $650 because I have a 128GB model... for a screen.... a SCREEN.
 
T wrote before that the "error53" issue should be a matter of Class lawsuit action…

well... this is now beginning:



https://www.macrumors.com/2016/02/08/apple-error-53-lawsuits-and-repairs/

I hope they will succeed.
[doublepost=1454963527][/doublepost]

You still don´t get the point:

1) Mostly the "foreign device" is in most cases exactly the same as apple uses for their iPhones.

2) Even if you NEVER activated the fingerprint ID, the iPhone gets bricked. though
Sometimes even when you did not even exchange anything …

Why apologism ?

apple has badly designed a sensitive app (apple pay) - they want just to eliminate bad software/security design (access) and let pay their customers for it - even the customers that did not even once activate fingerprint ID nor apple pay…. it is all about economy…

If apple would pay for a new iPhone, this had shown they care about security AND their customers.
Since they care just about bricking apple products and RFUSE to care about their customers problems they show that they want only to protect themselves - and NOT the customers nor help them out of the situation….

Nearly every "extended repair program" was denied by apple for years. In nearly every case they gave up just in the last moment after Class lawsuit action , when it was OBVIOUS that their Ex-customers will win the case… so much for "caring for customers needs"….

T
There are different points of view, let 'em sue. It's not in my hands, we'll see how this turns out. Btw if this is a third party knock-off device, apple will probably win without breaking a sweat.
 
But that's exactly how it works.
The homebutton is just a fingerprint scanner, the check happens inside of an encrypted part of the SoC, which basically returns "true" or "false", you can't access the hash.
Then what's the problem if you put a third party fingerprint scanner on the phone? You would not be able to open a stolen phone anyway if it's stored in the SOC, so it must be because of the §§ Apple can make of it...
 
There are different points of view, let 'em sue. It's not in my hands, we'll see how this turns out. Btw if this is a third party knock-off device, apple will probably win without breaking a sweat.
I see.So Apple should brick iPhones using third party cases and lightning cables next coz why not?
 
  • Like
Reactions: Ladybug
So you think a profit oriented compan like Apple is doing this out of the goodness of their hearts?
It's simple, there's no proof that they are simply doing it to make more money and that there's really nothing to it actually beyond that. Is there a point in regurgitating the same simple thing again?
[doublepost=1454991054][/doublepost]
I see.So Apple should brick iPhones using third party cases and lightning cables next coz why not?
Because slippery slope is just that and not necessarily reality just because.
 
No the hardware was replaced improperly.
If so,why were the phones working fine?I don't want to take my out of warranty phone to the AS for them to charge huge amounts for repair
It's simple, there's no proof that they are simply doing it to make more money and that there's really nothing to it actually beyond that. Is there a point in regurgitating the same simple thing again?
[doublepost=1454991054][/doublepost]
Because slippery slope is just that and not necessarily reality just because.
Then a simple question.What does Apple mean to achieve by bricking these phones?
 
If so,why were the phones working fine?I don't want to take my out of warranty phone to the AS for them to charge huge amounts for repair

Then a simple question.What does Apple mean to achieve by bricking these phones?
It seems they want to prevent anuathorized parts that are of potentially sensitive nature from being able to cause some sort of security issues. The way they might be going about it can certainly be debated of course. None of that provides proof that they are doing it just to get more money out of people and nothing else.
 
  • Like
Reactions: I7guy
So you think a profit oriented compan like Apple is doing this out of the goodness of their hearts?
Apple earns their profits by offering users a great user experience which these people are willing to pay a premium for.

I am not saying that Apple is a saint here, but for the moment at least, Apple's interests and mine are diametrically aligned in that they have every incentive to sell me a good product with a great user experience so that I will continue to buy from them. Piss me off too much and they will have earned their last dollar from me, plain and simple.

Yes, Apple is a profit-oriented company, but even Apple wouldn't be so cynical and short-sighted as to risk all this bad PR just to earn a little extra money from repairs.

Then a simple question.What does Apple mean to achieve by bricking these phones?
Security is never easy, all the more in a mass-consumer product where you have to find a suitable middle-ground with convenience and ease-of-use. It is possible that Apple might have swung too far to the opposite end of the pendulum in ensuring that their devices were as secure as possible.

It's also telling that prior to this event, no one else outside of Apple was aware that it was even possible. If anything, it's situations like this that convince me to continue throwing in my lot with Apple. I pay them to make the difficult decisions so I won't have to. Apple could have simply not done any of this and put the onus of securing your own data on you. If your personal data gets leaked because you engaged a 3rd party repair service, then so be it.

Apple will learn from the issue, tweak its policies and move on.

Boy will I be glad when the first Apple Store opens in Singapore later this year. It's always better to have Apple repair the product themselves. Can't pass the buck and I would trust them over any other 3rd party repair person.
 
who cares what other companies are doing? this is an apple forum and thread.

depending on how people want to look at this one. apple changed the code to brick peoples phones which is quite different than not supporting it. its nothing but destruction of devices people own.

i asked you for the specific clause. it should be easy for you to find since you have no problem mentioning it so much.

who is talking about warranty? what difference does that have to make?

you seem to go round and round without actually saying much and ignoring questions.

Someone else posted it in the thread, so did not feel I needed to as well.

But here you go.


This Warranty does not apply: (a) to consumable parts, such as batteries or protective coatings that are designed to diminish over time, unless failure has occurred due to a defect in materials or workmanship; (b) to cosmetic damage, including but not limited to scratches, dents and broken plastic on ports; (c) to damage caused by use with another product; (d) to damage caused by accident, abuse, misuse, liquid contact, fire, earthquake or other external cause; (e) to damage caused by operating the Apple Product outside Apple’s published guidelines; (f) to damage caused by service (including upgrades and expansions) performed by anyone who is not a representative of Apple or an Apple Authorized Service Provider (“AASP”); (g) to an Apple Product that has been modified to alter functionality or capability without the written permission of Apple; (h) to defects caused by normal wear and tear or otherwise due to the normal aging of the Apple Product, or (i) if any serial number has been removed or defaced from the Apple Product.


And the link

http://www.apple.com/legal/warranty/products/ios-warranty-document-us.html

Please note is is not very far into the document

And if it does go to court it will most likely matter quite a bit what other companies do, as it sets a precedent, as well as if there have been other suits of similar ilk.
 
keep protecting the PROFIT I think you meant to say...
My statement stands as is. Profits are not a bad thing for business. If you are opposed to Apple profits then the good news, there are other choices you could make.
 
And how is it any way a hardware failure?It was working fine till Apple shoved their nose in was it not?

Why have a 3rd party replace it if it was not broken? Seems there was a hardware failure, and instead of taking it to an authorized 3rd party (as that is a choice), they took it to an unauthorized party to 'repair' it. So was it working to spec? Probably not...it may have been adequate for that particular person. Apple does not force you to upgrade your os , you have to choose to do so. And before you say it will automatically update, that is still a choice by the end user. So if all is working and we have been warned if we so choose to read the warranty that other parts may not work with their device, and you may experience unexpected results.

And if it was a 6s and the button failed, then it is under warranty and would not have cost them anything. If the user damaged it, then there may be a cost. But the moment someone other than an authorized repair person opens up the phone, warranty is void, and Apple has no obligation to repair, support with updates, give an option to purchase a refurbished unit for a lower cost than a new one, or anything.

I get hardly anyone reads the agreements or warranty for the items they purchase, but just because you don't read it, doesn't mean it doesn't exist.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.