It is somewhat worth mentioning that the problem is in response to a failed security check with a trusted-hardware component (the fingerprint scanner), but only somewhat.
Yeah it's defensible that the system goes into lockdown if there's evidence of hardware hacking**, but it's indefensible that there's no way to back out of it.
(**the fact that legitimate third party repair shops don't have a way to validate themselves is itself an illustration of the problems of Apple's closed market, though)
Instead of notifying the user of possible tampering and asking for confirmation-with-password to reset the component, or of disabling the fingerprint sensor with a notification of why (and using the backup method of unlocking that you MUST SET in order to set a fingerprint), or of even checking to see if the user has registered a fingerprint in the first place, it *permanently bricks the device*.
Turning the device *off* in response to suspected hardware hacking is unacceptable. Permanent bricking is so far beyond "unacceptable" that it's even shocking to me, and I'm well aware of how much Apple hates its users and how hard they work to make their user experience less pleasant.
Disabling the fingerprint sensor would be the most sensible thing, and other options you mentioned would all be preferable to a lockdown. A lockdown would be a poor substitute for them, defensible IF AND ONLY IF there was a way to back out of it. Which there isn't.
As it is, we have a confluence of narrow-in-house-testing cases + Apple's flagrant tendency to punish the user for taking the smallest step outside of Apple's supply chain ("Error 53? That only happens to apostates so we won't worry about it.") Considering that Apple's worldwide market share is far from non-trivial, reaching (as the article points out) far beyond the locations of Official Apple Temples Stores, it's unconscionable that they punish those who rely on third-party repair shops.
Not just if you got a third-party repair: also if you got an official repair and the ham-handed computer-illiterate "Apple Genius" salesjockey missed a step.
Leaving aside that, y'know, "product is not repairable except by manufacturer, because manufacturer HAS SABOTAGED IT" is blatantly illegal everywhere in the civilised world.
Well, I say "may" because iPhones are sold globally (including in countries where there are no official Apple Stores, condemning everyone to the Error 53 gulag eventually), and I don't like to make statements on global legal rules.
Reminds me of the conversation I had with a coworker two years ago wherein they admitted they were coming to the realization that the increased cost of apple products was *not* due to better components, which is apparently what they thought they were paying for, rather than a name and a shiny box.
I try to be accepting and broadminded and I like to peel off plastic from new hardware, but "unboxing experience" videos still leave me shaking my head.
I suspect Hanlon's Razor applies here: someone thought "wait, what happens if the touch ID handshake fails?" and decided "well, that can never happen, so I can just say 'Error 53'" and moved on to the next thing.
And it's true it can't happen in ordinary factory-standard iPhones. The only way this can happen is if someone replaces a component and the security handshaking fails, for whichever reason. And the consequences of something like this happening - potentially some rogue hardware has access to the secure area of the phone which contains credit card details etc.- are so potentially terrifying that you can see why someone would have reacted this way.
I suspect it might take a while for an iOS update that unbricks the unfortunate phones, if only because there's probably an inherent assumption in all of the code that this error 53 can Never Happen. (Which is probably why it bricks your phone.) And it might take a while for the core iOS dev team to work out how to get around that, and to track down all of the code that assumes that if you have iPhone model x or above, you have a touch ID sensor, so you can trust that etc. etc.
The joys of DMCA and the US's increasingly asinine IP laws are creating an environment where such sabotage may become legal. In cases where Apple personnel screwed it up, then there's a clear case for legal liability. But blocking modification by unauthorized parties, even unauthorized parties who are just trying to get the damned thing working again? Gray area. The folks at ifixit have formed a lobby to go after such asshattery.
Agree, completely, I was defending the existence of minimal usage security that's user friendly for immediate use cases (pull out of pocket, confirm payment, etc). A sensor is better than nothing, but it's still an Apple product therefore I only know how they work as stepdaughter's Dad buys them for her.
Bricking it is completely unacceptable and I'll be amased if they don't get sued for huge amounts over it, with EU action as well (the EU's pissed with them on multiple points already anyway).
I've heard a few minimal-effort ways to defeat it, though gummy bears are new to me.
To be fair, it works within its designated spec-- it's expected to provide about the same security as a four-digit PIN. While there are much more secure fingerprint readers out there, this one (like just about all smartphone fingerprint readers) are expected to perform quickly in highly varied conditions for a user base with no training.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2016-02-08 08:54 pm (UTC)Yeah it's defensible that the system goes into lockdown if there's evidence of hardware hacking**, but it's indefensible that there's no way to back out of it.
(**the fact that legitimate third party repair shops don't have a way to validate themselves is itself an illustration of the problems of Apple's closed market, though)
(no subject)
Date: 2016-02-08 09:16 pm (UTC)(no subject)
Date: 2016-02-08 09:30 pm (UTC)Turning the device *off* in response to suspected hardware hacking is unacceptable. Permanent bricking is so far beyond "unacceptable" that it's even shocking to me, and I'm well aware of how much Apple hates its users and how hard they work to make their user experience less pleasant.
(no subject)
Date: 2016-02-08 09:58 pm (UTC)As it is, we have a confluence of narrow-in-house-testing cases + Apple's flagrant tendency to punish the user for taking the smallest step outside of Apple's supply chain ("Error 53? That only happens to apostates so we won't worry about it.") Considering that Apple's worldwide market share is far from non-trivial, reaching (as the article points out) far beyond the locations of Official Apple
TemplesStores, it's unconscionable that they punish those who rely on third-party repair shops.(no subject)
Date: 2016-02-08 10:37 pm (UTC)Leaving aside that, y'know, "product is not repairable except by manufacturer, because manufacturer HAS SABOTAGED IT" is blatantly illegal everywhere in the civilised world.
(no subject)
Date: 2016-02-08 10:39 pm (UTC)(no subject)
Date: 2016-02-08 10:46 pm (UTC)(no subject)
Date: 2016-02-08 10:56 pm (UTC)(no subject)
Date: 2016-02-09 02:46 am (UTC)I try to be accepting and broadminded and I like to peel off plastic from new hardware, but "unboxing experience" videos still leave me shaking my head.
(no subject)
Date: 2016-02-09 03:15 am (UTC)And it's true it can't happen in ordinary factory-standard iPhones. The only way this can happen is if someone replaces a component and the security handshaking fails, for whichever reason. And the consequences of something like this happening - potentially some rogue hardware has access to the secure area of the phone which contains credit card details etc.- are so potentially terrifying that you can see why someone would have reacted this way.
I suspect it might take a while for an iOS update that unbricks the unfortunate phones, if only because there's probably an inherent assumption in all of the code that this error 53 can Never Happen. (Which is probably why it bricks your phone.) And it might take a while for the core iOS dev team to work out how to get around that, and to track down all of the code that assumes that if you have iPhone model x or above, you have a touch ID sensor, so you can trust that etc. etc.
(no subject)
Date: 2016-02-09 05:03 pm (UTC)(no subject)
Date: 2016-02-10 02:54 am (UTC)I mean, if we get right down to it, just equip the camera with retinal scan tech and be done with it.
(no subject)
Date: 2016-02-10 08:04 pm (UTC)(no subject)
Date: 2016-02-10 08:58 pm (UTC)I'm quite happy with my cards being 100% separate from my phone thankee, but others think it's a fucking wonderful thing, security is thus important.
(no subject)
Date: 2016-02-10 09:06 pm (UTC)And, I think we can both agree, "bricking the device, permanently" is not the correct response to detecting a possible error from a single sensor.
(no subject)
Date: 2016-02-10 10:05 pm (UTC)"Okay, let's change your password."
=====
"Someone got my fingerprint."
"Uhhhhhhhhhhh..."
(no subject)
Date: 2016-02-10 11:25 pm (UTC)Bricking it is completely unacceptable and I'll be amased if they don't get sued for huge amounts over it, with EU action as well (the EU's pissed with them on multiple points already anyway).
(no subject)
Date: 2016-02-11 02:54 am (UTC)(no subject)
Date: 2016-02-11 07:02 pm (UTC)To be fair, it works within its designated spec-- it's expected to provide about the same security as a four-digit PIN. While there are much more secure fingerprint readers out there, this one (like just about all smartphone fingerprint readers) are expected to perform quickly in highly varied conditions for a user base with no training.
(no subject)
Date: 2016-02-11 08:29 pm (UTC)One of these things is not like the others....
(no subject)
Date: 2016-02-12 05:30 pm (UTC)