WingNews logo WingNews
top | item 36310288

(no title)

Pomfers | 2 years ago

When Apple introduced a fingerprint unlock in the home button, it wanted to keep the fingerprint scans secure. The security chip that stores the fingerprint scans needs to verify that the home button's fingerprint scanner is trustworthy, to prevent man in the middle attacks.

However, when an unauthorized or unofficial button is used as a replacement for repair, the phone will permanently brick itself. No warning is given that the fingerprint scanner's trustworthiness can not be verified, no ability to just use the phone with the fingerprint scanner disabled. Just straight to a permanent bricking.

discuss

order

Retric|2 years ago

IMO it wasn’t nearly as egregious as the other examples. I only defend them because they didn’t do this when you replaced the screen etc.

You don’t want phones to work if someone swaps out that specific piece of hardware without your knowledge. Bricking the phone forever makes it harder for people to find back doors around that security feature as they would risk large numbers of expensive phones. Presumably people developing replacement fingerprint readers would notice the issue before most customers where harmed. Further, anyone actually harmed would have gotten hardware from an very untrustworthy source.

They reversed course after a backlash, but I can see an argument for them standing their ground on this one.

themagician|2 years ago

As a user, that’s what I’d want it to do. If someone is trying to bypass the fingerprint sensor by replacing it because they know that’s where the authorization is stored, that’s exactly what I’d want the phone to do.

Pomfers|2 years ago

The fingerprint scanner is just a scanner, it doesn't handle authorization, that's what the security chip does. The scanner has two ways of communicating with the security chip. It can authenticate itself with the chip, and it can send the chip images of fingerprints.

If a compromised scanner fails to authenticate, then the security chip can just ignore the scanner. Not much it can do if its only avenue of communication is cut off. A warning message telling users to not touch their compromised fingerprint scanner would have been sufficient.

circuit10|2 years ago

You want your whole phone bricked by an update when it worked before, even though they can just disable the fingerprint scanner instead?

sombragris|2 years ago

Nice how some people try to justify Apple here.

I think the problem lies in this point:

>No warning is given ... Just straight to a permanent bricking.

There should have been a warning, at least, but there was none.