Slashdot Mirror
The iPhone 7 Has Arbitrary Software Locks That Prevent Repair (vice.com)
Jason Koebler, reporting for Motherboard: Apple has taken new and extreme measures to make the iPhone unrepairable. The company is now using software locks to prevent independent repair of specific parts of the phone. Specifically, the home buttons of the iPhone 7 and iPhone 7 Plus are not user replaceable, raising questions about both the future repairability of Apple products and the future of the thriving independent repair industry. The iPhone 7 home button will only work with the original home button that it was shipped with; if it breaks and needs to be replaced, a new one will only work if it is "recalibrated" in an Apple Store.
Fuck you.
...so this'll continue unabated. Just like how gamers bitch and moan about unfinished games being released, and then still go out and buy the latest call of duty on release day.
to never buy apple products.
Nuff said.
Former phone repair tech here, it's been this way since TouchID became a thing, with the iPhone5S I think?
I hate to claim "it's not a bug, it's a feature" but this is done to make sure you cannot replace the home button with one that will send a "correct" signal for an incorrect fingerprint.
Home buttons have been tied to the motherboard they shipped with as long as the iPhone has had fingerprint readers, this is not new.
This does not seem unreasonable. I say this because the home button is also a fingerprint reader, which is a security device. If a shop installs some kind of 3rd party button there, the security of the device could be compromised.
Apple's garden is walled. It keeps the users in, but also keeps the bad things out.https://apple.slashdot.org/story/17/04/07/1734249/the-iphone-7-has-arbitrary-software-locks-that-prevent-repair#
You mean the fingerprint scanner that interacts directly with the secure enclave chip outside the OS? The one that could be misused by various actors if replaced with act-alike hardware? I'm not sensing the problem here - Feature not a Bug.
Not unless you have the tools and ability to calibrate the system, or it might not be set up right, or something else might still be wrong.
I'm not trying to defend Apple because I doubt that this is true, but I wonder if this was intended to avoid manipulation of the fingerprint sensor?
...and laws that establish fair-use guidelines for software that's required for hardware to function. Unfortunately this is something that would have to be grassroots and widespread, no one party would ever make any headway on this unless there were an outcry from constituents, and even then it would be hard to overcome corporate counter-push.
We've seen this kind of problem with conventional cars and light trucks, with heavy trucks, with farm implements, with major consumer appliances, and the prolifieration of this mindset is only getting worse as more and more functions can be software-tied.
The laws need to say that software bundled into the device is considered part of the device, and may not be used to encumber the right to service or repair the device, and that for such software that is also intended to communicate with other software, the vendor must continue to support and maintain that code for bugfixes and security vulnerabilities for the realistic lifespan of the device and must provide a reasonable means for the owner to install such an update.
Yes, this would increase the cost of the device originally, as the concepts for update must be turned into an actual process, but on the other hand if that means that the device can function for longer then it's net effect on the consumer should be small as they can continue to service and repair devices for longer than if vendor-created blocks stop them from doing so.
Do not look into laser with remaining eye.
Thank God we have a tech company that's on our side. The FBI would love to swap in a fake touch ID sensor to break into your phone. Not going to happen.
Android, on the other hand, ahahahah
Wasn't this already covered almost a year ago? https://hardware.slashdot.org/story/16/06/11/1458246/apple-is-fighting-a-secret-war-to-keep-you-from-repairing-your-phone.
I can at least understand the argument for preventing unofficial home button (or parts of it) repairs as it contains the finger print reader and it could be a lot easier to attack the security of the device if you could replace the reader.
Or perhaps its just a conspiracy to get people to upgrade to the next iPhone about which we seem to get at least one monthly rumor around here related to it ditching the home button, or something else like that.
That's been true of all the fingerprint scanning home buttons, has it not?
If that were not the case, you could crack the case on an iphone and bypass the fingerprint scanner.
As I understand it, this is a security measure, not an "arbitrary" lock. The home button is part of the Secure Enclave. If you let third parties make modifications to the Secure Enclave, it ceases to be secure.
Obliteracy: Words with explosions
The button itself doesn't need to "do[] the pass/fail decoding on the fingerprint" for a successful attack. It need only replay the signals sent by a previous pass.
Not the button itself, but on the button assembly, yes.
TouchID Button Assembly
Imagine a world where in order to unlock your phone all I have to do is open it up and swap out your home button with one that will let any finger unlock the phone. The original poster is trying to paint Apple as some kind of bad guy trying to take away the viability of the repair market. The truth is, they are trying to keep their phones secure by preventing an obvious attack vector. Thank you, Apple.
So they Johndeere'd the iPhone for a passable reason?
Support my political activism on Patreon.
Doesn't go far enough, I want to make a very $ecure PC.
-Power cable will only work with a specific power supply
-Power supply will only work with a specific mainboard
-Mainboard will be locked to the cpu serial number
-BIOS will not allow "other" hardware to be installed
-Video card will be locked to the bios
-Only a single authorized Keyboard will be allowed
-Only a single authorized USB device will be allowed
-Only a single authorized monitor will be allowed
-Only a single authorized mouse will be allowed
-Only a single authorized router will be allowed
-Only a single authorized WiFi AP will be allowed
-Only a single GPS location will be authorized
-Only a single authorized OS will be allowed
-Only a single authorized hard drive will be allowed
-Only a single authorized monitor power cable will be allowed
-Only a single authorized monitor data cable will be allowed
-Only a specific authorized wall-plug will be allowed
User will have full freedom to change any of the allowed components, for a small fee.
Wow, this is really old news folks. And as the OP says, its for your own safety. /. has gone downhill if this is getting through...
EMA
Eric Aitala
www.f1m.com
after years of being on iPhones. So glad to leave that physical Home button behind. The Pixel is faster, brighter, does more, and is generally better than iPhone with one exception. The sound on the iPhone is a tad better. I doubt I will go back to Apple phones. The 8 is going to be brutally expensive and for why?
Actually this is illegal. There are laws in place that let you repair your own equipment. If I owned an iphone I would just take them to court and watch them lose.
EPA regulations require emission controls on tractors to be tamper-resistant (because tractors are such a huge contributor to pollution compared to cars, trucks, ships and airplanes). Apple is doing this maliciously.
And you trust that Apple appointed "Secure Enclave" to actually be secure? What if you actually want to install a 3rd party home button because you trust them more? Imagine if all your apple computers required an apple keyboard because "security and key loggers". Imagine if the home button factory is under state control and it isn't just secure, it's "homeland security" secure.
Actually this is illegal. There are laws in place that let you repair your own equipment. If I owned an iphone I would just take them to court and watch them lose.
They can have the case tied up in court for years. You'll go bankrupt just paying your landshark.
ELOI, ELOI, LAMA SABACHTHANI!?
That's the real question. We no longer own what we purchase, even if the law says we do.
TOS > law
The iPhone 7 doesn't even have a physical home button! It's a touch-sensitive spot on the bottom of the fucking glass!
How would you go about "replacing" it anyway? Fake news.
At first I was gonna say "and how would the home button know that the previous pass was successful in order to save it for later re-sending?" but then I thought about it some more and I guess it doesn't actually matter. Sure you'll end up with iPhones that have a bad scan as the last saved scan, but the few (many?) that have a successful scan saved might still make it worthwhile to the person performing the replacing.
Yes but some people know right from wrong. apple knows too they just choose to be wrong.
No more iphone for me.
That's not what he said.
They can make any rule they want like this. Its your choice to buy it. Now, if they change the rules after you bought it, you might have a case, but just because you dont read the agreements before you sign off... that is your own fault.
And for those that say 'i own it'.. So what? You are still free to do with it as you please, but apple does not have to provide you with all the tools for repair.
You're missing the point. Users certainly are free to repair the phones. Establish law there.
Apple's way around this is to not sell replacement parts. There might be something to the security angle, but sounds mighty fishy.
And ya, this is old news, since at least the iPhone 5.
If i have the hardware in my hand, the game is already over. Dont make excuses for them,
Good-bye
No; there is likely a mating of some kind of ID that needs to be programmed into the iPhone to accept the fingerprint data coming from the sensor.
Isn't it worrying that Apple techie has the way to pair it?
More sensible solution would be if it would be possible to replace it, but pairing would require full phone wipe, that can be done from interface
Bunch of social-media loving, EZ-INSTA TOUCHY-SWIPEY, mocha latte dick-sucking pieces of shit.
Hope the entire millennial generation dies along with all its stupid, faggot ideas
They haven't been for a while, now. Yes, I've read the comments, and understand that this claim is false, and this is 'fake news' and 'clickbait'. The mere fact that we have to be subjected to this.. cognitive dissonance instead of technology being just fun and interesting like it used to be. Now everything is locked down, end users locked out, and you can't even build your own anymore, for all intents and purposes it's impossible for a variety of reasons. Yes, I know there's microcontrollers, and a host of other things you can still build and play with. I also know one-off PCB fab is relatively cheap and ubiquitos. But you can't build a smartphone. You can't fix the smartphone you buy. You can't even put your own OS and software on the smartphone you buy. The stuff may as well be a brick of opaque epoxy that you just toss in the e-waste bin when it screws up. Even the manufacturers can't really repair their own products, not really; replacing a PCB is not what I'd call 'repair'. Yes, I understand the technology, I've been working in electronics for >30 years, and I know all about the 4 or 5 digits worth of equipment, special training, etc, you need to deal with BGA packages, I've done the work. It's just all gotten to be rediculous. It's unsustainable. You pay hundreds, or even thousands of dollars for this stuff, and in a year it's obsolete, maybe even unusable, and it's not even cost-effective to recycle the stuff; it gets dumped on 3rd-world countries. Seriously, how many more decades can we keep producing things like this?
I don't even own a smartphone, for these and many more (mainly security-related) reasons. I refuse to play this game. I have the cheapest dumbphone I can get that works as a telephone, and that's all I really care about. If I could get along with a totally hardware, no microprocessor involved landline, I'd do that, but it costs about the same per month, yet I can't take it with me. There's no point in going back anymore.
Yes, I know I'm ranting. That's why it's posted as AC; I don't care to deal with your useless tongue-lashing, calling me a Luddite, 'get off my lawn', and all the other 4chan-worthy bullshit I'd have to see in my comments section. I also know I'm far from alone in feeling the way I do about this subject, but most of you are too timid to actually voice it; no worries, I got your back.
Do I want the 'good old days'? Hell, yeah. You got a problem with that? Tell your therapist.
They've had this issue for a while with home buttons. It's not arbitrary and it's not new. This is a very specific safety feature. Now, it's a bigger issue with the 7, now that that home button is built into the screen.. I'd call this FAKE NEWS with the "Arbitrary" label though.
-- these are only opinions and they might not be mine.
And that's asinine by itself, because the EPA is infringing on tractor owners' property rights in order to prevent the "possibility" of those owners violating air pollution laws. Essentially, the EPA apparently considers any modification of the tractor to be an attempt or conspiracy to violate the Clean Air Act, despite the fact that, since there are plenty of other reasons someone might want to modify their tractor, neither the act nor the intent has necessarily occurred.
Moreover, because writing software is an act of expression, preventing the tractor owner from doing so is prior restraint of the owner's freedom of speech.
In other words, that EPA regulation should be considered unconstitutional because it violates both the First Amendment and the Fifth Amendment.
If the EPA wants to enforce the Clean Air Act, then they should go after people who actually violate the act, not destroy everyone's fundamental rights!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Hey, author of the article here ... this is distinct from the 5S / 6 / 6S software lock and is not "old," it's a different thing that is explained in the article! Imagine that.
Read the article, this is different. "The home button has two functions: Touch ID, which unlocks the phone, and the actual "return to home" function you get when you push it. In the iPhone 5S, 6, and 6S, a new home button would break the phone's TouchID functionality, but the button's return-to-home functionality still worked. The phone could still be locked and unlocked as normal by entering a pin number, suggesting that the two functions are separate pieces of software that are not tied together. In the iPhone 7, both Touch ID and return-to-home functionality are locked by software if you replace the button. Locking down Touch ID makes at least some sense from a security perspective, but locking return-to-home functionality seems like an arbitrary and vindictive move against independent repair businesses and consumers. Apple did not respond to a request for comment about the issue."
That's the reason I never configured Touch ID or Apple keychain
Quit buying iphones, maybe they will get the point.
I understand that the scanner\home button is tied to the motherboard, but a point of failure that could potentially keep you locked out of your phone, which may also be your business, we need to be allowed options for what is and isn't security on our devices. I like Stack Overflows innovation:
https://youtu.be/VgC4b9K-gYU
Brought to you by Carl's Junior.
>Essentially, the EPA apparently considers any modification of the tractor
You can modify all sorts of crap on a JD tractor. Tires get changed all the time. You can change the entire cab if you want.
You just can't screw with the engine controls. Contrary to your line of argument, doing that has a very high probability of changing its emissions (like 100%).
> In other words, that EPA regulation should be considered unconstitutional
Then get a lawyer and sue them, and see if the court agrees with your asinine argument. And then we can put it on the list along with other nerd arguments like:
There's NO WAY Bell can stop our Blue Boxes!
There's TOTALLY ILLEGAL for the government to spy on all our comms!
There's NO WAY they can patent computer code!
No one will ever get sued when using BitTorrent!
etc.
Former phone repair tech here, it's been this way since TouchID became a thing, with the iPhone5S I think?
The difference is that in past iPhones you could replace it with a third party button, you lost TouchID and had to log in with a PIN but otherwise it worked. Now it's Apple's button or no button at all. Maybe they just decided it's safer for some reason or it's just a side effect of a design change or maybe they had second hand sales that were unhappy they got a "fake" home button. Whatever the reason my guess is Apple won't budge and you'll probably not win a law suit so... that happened.
Live today, because you never know what tomorrow brings
If there's more than one activation of the scan in a short period of time, you know the previous one that was just sent didn't work - overwrite it. If there's no call for another scan in the next 5 seconds or so, you know it was likely a good one and you commit it to memory. Then replay that when called to do so by nefarious people.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
On iPhone 7, the home button isn't a real button anymore - it's just more touch sensitive space.
The old models probably still had software that triggered on the manual button click which is completely separate from the fingerprint reading / encoding software, and that software probably still exists for older models in the most modern versions of the OS. However, that button doesn't exist any more, so only the fingerprint software with the lockout ever gets used on iPhone 7. It's entirely possible that Apple didn't mean for it to be this way, or it was discovered at some point and they didn't care enough to do anything about it.
That said, it's still shitty.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I guess it's an Apple thing.
Bah. This doesn't read like emissions problem.
http://www.npr.org/sections/alltechconsidered/2015/08/17/432601480/diy-tractor-repair-runs-afoul-of-copyright-law
Even if it were emissions problems, locking out repairs because of emissions laws is stupid.
I would be suing John Deere for lack of disclosure in this case.
No.
First of all, merely "changing" the emissions does not necessarily mean making the vehicle violate the emission standards. For example, if the owner made modifications elsewhere -- such as by switching to a cleaner fuel, like biodiesel -- it's entirely possible for there to be different settings that optimize the engine operation while still maintaining equal or better emissions. For that reason alone the EPA rule is overreaching.
Second, the ECU performs an increasingly large number of functions beyond just things that affect emissions. That means the bullshit emissions argument is used as an excuse to DRM all the other computerized functions in the tractor, up to and including things like GPS tracking or self-driving modes. Even worse than that, John Deere has argued that the DRM infection means the farmer only "licenses" the entire fucking tractor , including the hardware parts!
Therefore, this claim of yours:
...is not true, at least from John Deere's perspective. If this sort of tyranny is allowed to stand, there would be nothing stopping John Deere from requiring farmers to obtain its permission even to change the fucking tires (using only John Deere "licensed" parts), in exactly the same way e.g. Lexmark tries to pretend it's illegal to use third-party ink.
Fuck off with your strawman arguments!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I'll give people the benefit of doubt, but it sounds like a whole ton of commenters here are going on with guesswork.
First of all, no, it's not easy in any way shape or form to create a rogue touch ID reader that would "send signals" allowing the iPhone 7 to be unlocked.
It'd already be plenty hard for someone to open up a phone and replace it surreptiously, let alone coming up with new hardware that would be compatible.
Do you guys even know how the TouchID reader works? Well, neither do I of course... it's proprietary. But here's an overview:
http://edition.cnn.com/2013/12...
http://edition.cnn.com/2013/09...
https://support.apple.com/en-u...
Basically, it works like a very specific and proprietary camera/microscope. It detects fine detailed fingerprint information, converts it into code and sends it to the SoC to be processed via software.
Nothing is processed on the button itself, and even if it was, you wouldn't be able to easily figure out what it did - or it'd be unsecure by definition.
But again, the hardware is very proprietary. You'd probably need insider knowledge of production to even come close to making something that would work like it, and it'd be expensive as hell to reproduce one. The companies that makes these things have secretive processes that not only would be incredibly hard to figure out, it'd be outright impossible to reproduce without proper technologies.
Do people even realize how much easier it'd be to just chop up someone's finger and bypass the whole thing anyways?
Even if you couldn't go to such extremes, it'd be easier for hackers and malicious actors to try to reproduce an entire detailed human finger complete with ridges, pores and whatnot (at it's current stage) than creating some rogue device that could bypass the security enclave somehow.
And you cannot retrieve information from previous fingerprints used for authentication because they are encrypted in the phone storage, not in the reader.
The only likely scenario where Touch ID could be used to steal fingerprints, depending a lot on how it works, would be to use an original unit modified to store readouts, and then creating new hardware that would send those into the system. But that's quite unlikely... if not outright impossible. Again, it depends on how exactly the reader works. Note though how no one every did anything like this, because it just doesn't make sense. iPhones will always have easier vulnerabilities to explore to retrieve data.
It's always good to note though that fingerprint sensors should NEVER be used as the sole authentication method if you have sensitive information inside the phone. Because, like I said, it's a matter of finding a way to make a very detailed reproduction of your finger. With 3D print technology and camera technology always improving, it'll be doable at some point in time.
It was already done for the iPhone 6, though not something that just anyone could do:
http://www.cultofmac.com/29688...
Apple is already facing a class action lawsuit regarding the so called Error 53, related to iPhone 6 bricking the phone if the Touch ID was replaced, so it really doesn't look good for them to repeat the whole deal for the iPhone 7.
https://www.macrumors.com/2016...
Australia's consumer protection agency also just filled a lawsuit:
http://www.ubergizmo.com/2017/...
And you know, the company has backtracked because the very same excuses some commenters are making here were not enoug
Apple doesn't really do arbitrary things, what they don't often do though, is explain why they do the intentional things they do. In this case, however they have. It's a matter of securing the device so that a reader which spoofs your fingerprint can be used. It's a good thing.
The autism-hating, custom EpiPen-hating, Musk-hating Slashdot troll!
And you trust that Apple appointed "Secure Enclave" to actually be secure? What if you actually want to install a 3rd party home button because you trust them more? Imagine if all your apple computers required an apple keyboard because "security and key loggers". Imagine if the home button factory is under state control and it isn't just secure, it's "homeland security" secure.
...happily, this argument is moot; if you don't trust Apple's Secure Enclave, you don't trust any other part of the device, either, and you therefore do not own one in the first place.
Obliteracy: Words with explosions
They could make the phone disable fingerprint auth and warn the user when they tried to enable it again. They don't have to brick the phone.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
All the user data on the phone is encrypted. How is the game over?
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
So what are all you unimportant nobodies with idiotfones up to on them that your so shit scared of someone else gettitng to ?
Bank etc security should be independent of any device,so that shouldn't be a worry.
You all seem shit scared of yer own lah lah lands government getting at yer data, I'm just curious what in yer nothing little lives you seem to think is so vital that it has to 've hidden from everybody.
Mind you,lah lah land being the number one in the world for kiddy porn I reckon I can guess at what yer all so scared of others accessing on yer idiotphones..
Me,I've been under the watchful eye of our own spooks here in the UK for the last 30+ years,and I still don't give a fuck who gets to see what on my phone simply cos I have nothing to hide from anyone..
I've not got huge wads stashed in banks,no kiddy porn,nothing,I don't even run a lockscreen pin,can't be arsed with all that crap..
So what are you all so scared of ?
Encryption isnt magic, it is copyable and breakable. If i have the hardware i can hammer the device,or a copy of the data to my heart's desire.
Good-bye
Yup, Apple actually takes security seriously. The whole hardware chain in encrypted by default when the phone is setup. Similar to OPAL and TPM on a PC. Effectively when you first sign into iCloud they generate a key based on your account and that used to encrypt the storage. It's designed to wipe the keys out of secure enclave if the hardware is tampered with.
This is back on the news again because there was a new lawsuit in Australia. They prefer venomous mammals/reptiles/anything to defend their stuff.
http://bgr.com/2017/04/06/iphone-error-53-lawsuit/
You do realize reliance on a button to provide a "is correct" or an "unlock" command is stupid right, it shouldn't be the button's job to do anymore then report information, to which the device decides, and if the device is properly secured, then its just as safe as the device's button, this is arbitrary and wrong. And if you can pull the correct information off of one case, the other is just as easily able to be pulled off of as well, or somebody is being very stupid with security.
It takes courage to piss off your customers and drive them to Android.
When all you have is a hammer, every problem starts to look like a thumb.
After 30 years of BMW for me I cant buy one again.
Witness BitZtream getting pwned!
I've heard iPhone 7s have arbitrary HARDWARE rendering the 3.5mm stereo headphone/microphone/controller jack nonexistent! LOL fucking iPhone 7s... Apple can have my corded headphones and jacks when they pry them from my cold, dead EARS!
How's life in the hypocrite lane?
This is really a boot in the face for people trying to sell stolen iPhone parts on eBay.
Won't someone think of the childrent^WiPhone theft rings?!?
Here's a list of numbers for you to crack. All you have to do is factor them. Please post your results. https://en.m.wikipedia.org/wik...
From the article:
a new home button would break the phone's TouchID functionality, but the button's return-to-home functionality still worked. The phone could still be locked and unlocked as normal by entering a pin number, suggesting that the two functions are separate pieces of software that are not tied together.
The first concern I had was whether the entire button would refuse to work, and that would be bad. If only the security features are disabled, and there are alternate ways to log in, this sounds perfectly reasonable.
How is this news???? It's the same on the 6 plus.
Seems like it boils down to the slim chance of being robbed by a stranger vs definitely being robbed by Apple up front.