How many times do you have to ask the same question that was answered in the OP?How is it a vulnerability? If it is, Apple has bigger issue with their design.
How many times do you have to ask the same question that was answered in the OP?How is it a vulnerability? If it is, Apple has bigger issue with their design.
Apple is on the losing end of this one, even if it's only the court of public opinion.
No, Apple attempted to fix a security vulnerability by verifying the chain of trust. When your phone failed that check, Apple didn't bother to go through the extra work to create a workaround that maintained the security of the system. Maybe they will one day.So Apple fixed this undocumented unposted "vulnerability" on my out of warranty 6+ by bricking it. That's not even legal AFAIK.
Note: my 6+ is still original and working fine. It is out of warranty.
All good questions. But just because you don't know the answer doesn't mean Apple is lying.
1. They're not. See the OP.
2. Why should Apple be required to fix improper third-party repairs?
Once again, post exact statutes when making claims of illegality or GTFO.So Apple fixed this undocumented unposted "vulnerability" on my out of warranty 6+ by bricking it. That's not even legal AFAIK.
Note: my 6+ is still original and working fine. It is out of warranty.
Someone doing something that they are not obligated to do when it is brought to their attention seems nice to me. Expecting people to do something for you when they don't have to doesn't seem reasonable to me.
It wasn't satisfactory. It introduced a security hole.
You just keep speculating and saying they should be able to do things. You have zero clue about how deeply integrated that system is. Touch ID is connected to the display, and hundreds of thousands of lines of code . You are just speculating that it can be both secure and easy
It may work fine on IOS 8, but on IOS 9 the requirements were changed from what I can gather? Then what is this pairing that is talked about?
So apple isn't smart enough to write a few lines of code to turn off the unlock, Apple Pay, and iTunes purchase features of the Touch ID but smart enough to brick the phone?
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
This might give some extra insight into how the security system works from a more technical standpoint , it does not completely address the question at hand but if anyone wanted more knowledge on it , this will give it.
That's complete speculation with nothing to back it up.No it didn't, Apple just said this so they can charge you hundreds of your local currency.
Again, just because you don't understand the security implications doesn't mean Apple is lying.Absolutely no-one, including Apple has yet to highlight a valid reason to backup the security claims. Apple has two step verification that is required to prevent a Touch ID even being used in passcode and passwords, if this isn't already satisfactory then Touch ID should be disabled on all iPhones as it's clearly a security risk for anyone with a Touch ID sensor, regardless of being repaired or not.
Read the iOS 9 security PDF hosted on the Apple site, the Security Enclave section as good as says that the sensor couldn't circumvent the Touch ID requirements because it is the enclave that does the deciphering and verification, these sensors just send data to the enclave for it to give a thumbs up or thumbs down to.
That's the problem, there was a "what if". The actual how this could be accomplished never has been answered. Not in the OP, Apple site, nor any other document I could find. No one is saying "how".How many times do you have to ask the same question that was answered in the OP?
Wait, you expect Apple to detail how to exploit a vulnerability? Can you seriously not imagine any way that a malicious sensor could affect the security of the phone?That's the problem, there was a "what if". The actual how this could be accomplished never has been answered. Not in the OP, Apple site, nor any other document I could find. No one is saying "how".
That blog says:
"Error 53 is the result of the Secure Enclave, where fingerprint data is kept, failing to pair with the Touch ID sensor, where fingerprint data is captured. A malicious Touch ID sensor could steal an iPhone owner’s fingerprints. It could unlock the iPhone without its owner’s consent. And it could make purchases using Apple Pay without the owner’s permission."
How could the Touch ID sensor make purchases on its own? Or is he trying to claim that someone could stick a spy sensor in your iPhone, say while you sleep, then later steal your phone and make purchases by triggering the spy sensor to re-use the last working fingerprint?
That's an incredibly remote possibility. Seriously. It would be so much easier and more likely to steal a print from a glass you've touched and make a fake fingerprint to unlock the phone. And yet few people worry about that.
Once again, post exact statutes when making claims of illegality or GTFO.
People keep saying this, but don't explain what the "right way" is.
didn't even think of it (process it) that way, use the old fingerprint sensor for something malicious.
On the other hand if it's a more sensitive part that might control a lot of the electronics in the car that has some particular programming to go with it perhaps it might be the case that only the manfacturer version of that past with manufacturer programming would be valid and other replacements of it would render the electronics in the car (which basically means the car itself) inoperable.
Thats not a relevent comparison, in the case of iPhones, people have had the parts replaced and happily used them for months, and apple have updated them to not work, after the repairs have taken place.
If they wanted to implement this, it needed to be done at the time they were released and they needed to tell people about it.
That's one example, but in today's world with cars having much more in them with automated braking and lane departure avoidance and all that kind of stuff seems like there's quite a bit to keep being secure and away from hacking (didn't GM just have a recall in relation to some of their vehicles being susceptible to hacking to the point of someone taking over the vehicle in various ways?).Like the ECU? Which can be reprogrammed or replaced ? Nah, car analogies do not work , in the car tunning world, the ECU is replaced or piggybacked, and the car actually gains better performance.
A replacement ECU will effect your warranty , that is all.
Wait, you expect Apple to detail how to exploit a vulnerability? Can you seriously not imagine any way that a malicious sensor could affect the security of the phone?
I think you're wasting you're time with him Baldi! He clearly refuses to try and understand what 'could' happen!Wait, you expect Apple to detail how to exploit a vulnerability? Can you seriously not imagine any way that a malicious sensor could affect the security of the phone?
Yes, but they used unauthorized bogus third party partsAnd again, read the headline! It clearly says "...Some Stores Authorized For Repairs"
Yes, but they used unauthorized bogus third party parts
That is a huge and unsupported logical leap. There is no proof that this is true. I agree it would be a critical breach in security - which is why it's a good thing it doesn't work this way. Swapping touchid sensors does not also swap the memorized fingerprints.