The iPhone 7 Has Arbitrary Software Locks That Prevent Repair

Jason Koebler, reporting for Motherboard: Apple has taken new and extreme measures to make the iPhone unrepairable. The company is now using software locks to prevent independent repair of specific parts of the phone. Specifically, the home buttons of the iPhone 7 and iPhone 7 Plus are not user replaceable, raising questions about both the future repairability of Apple products and the future of the thriving independent repair industry. The iPhone 7 home button will only work with the original home button that it was shipped with; if it breaks and needs to be replaced, a new one will only work if it is "recalibrated" in an Apple Store.

It's for your own safety, trust us you dumb fucks.

Former phone repair tech here, it's been this way since TouchID became a thing, with the iPhone5S I think?

I hate to claim "it's not a bug, it's a feature" but this is done to make sure you cannot replace the home button with one that will send a "correct" signal for an incorrect fingerprint.

Home buttons have been tied to the motherboard they shipped with as long as the iPhone has had fingerprint readers, this is not new.

Not a terrible thing

[mrbluejello]

This does not seem unreasonable. I say this because the home button is also a fingerprint reader, which is a security device. If a shop installs some kind of 3rd party button there, the security of the device could be compromised.

Apple's garden is walled. It keeps the users in, but also keeps the bad things out.https://apple.slashdot.org/story/17/04/07/1734249/the-iphone-7-has-arbitrary-software-locks-that-prevent-repair#

Re:Not a terrible thing

[dgatwood]

This does not seem unreasonable. I say this because the home button is also a fingerprint reader, which is a security device. If a shop installs some kind of 3rd party button there, the security of the device could be compromised.

Actually, it does seem unreasonable. The proper behavior would be to detect the unknown reader and purge all fingerprints from the secure enclave, forcing the user to set up fingerprint recognition again after unlocking with the passcode. That would mean that the user would be alerted to the fact that the hardware was altered (thus preventing surreptitious swapping as a targeted attack) while still allowing the device to be repaired by swapping hardware at the user's request.

The current situation is exactly the sort of behavior that got car manufacturers a very nice set of laws that mandate repair part availability, etc. Keep going down this path, and Apple will earn the consumer electronics industry a similar set of regulations, and none too soon.

Re:Not a terrible thing

[EndlessNameless]

The issue is that the fingerprint sensor is trusted to neither store fingerprint data nor replay finger presses.

If you accept data from untrusted sensors, an attacker could replace the sensor with a device that will store valid finger scans and retransmit them when triggered by the attacker.

So you need both trusted firmware and a secure pairing process to ensure the device is not compromised in this manner.

While I suspect this move is mostly motivated by a desire to obstruct third-party repairs, there is also a legitimate security concern with this particular component.

Secure by design

[krisbrowne42]

You mean the fingerprint scanner that interacts directly with the secure enclave chip outside the OS? The one that could be misused by various actors if replaced with act-alike hardware? I'm not sensing the problem here - Feature not a Bug.

Security, yes?

[American+AC+in+Paris]

As I understand it, this is a security measure, not an "arbitrary" lock. The home button is part of the Secure Enclave. If you let third parties make modifications to the Secure Enclave, it ceases to be secure.

Not an ARBITRARY lock at all

[jarrowwx]

Imagine a world where in order to unlock your phone all I have to do is open it up and swap out your home button with one that will let any finger unlock the phone. The original poster is trying to paint Apple as some kind of bad guy trying to take away the viability of the repair market. The truth is, they are trying to keep their phones secure by preventing an obvious attack vector. Thank you, Apple.

Re: Hey Apple...

[Lab+Rat+Jason]

This is a re-post article... and the reason for it has already been made clear: If you can replace the fingerprint scanner, you can trick the phone into giving you access. This is why apple locks the hardware together. Not that I'm an Apple fanboi or anything, and I do think that people should have a choice, but perhaps that choice should be that apple will "unlock" all your hardware if you so request, and then you can put any hardware in there you like, knowing that you assume all risk. I imagine they'll never do that because it's just more work for them, and they have a reputation to protect even in the resale market. But if I'm apple and I face a decision on whether to lock hardware (so I can advertise as having a very secure device) or not (so I can advertise having a hackable device), I at least want my advertising strategy to align with my build strategy.

But there you go, knowing is half the battle.

Re: Hey Apple...

[ewanm89]

They are saying you could replace it with one that records the data from the sensor and then replays it later at the attackers whim. Making and using a jelly finger is a much better, easier, cheaper and more covert attack vector and so you are correct that the excuse is bull for the real reason of stopping people replacing commonly failing parts in their electronic devices without paying the corporate overlords their cut.