Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Damned if they do, and damned if they don't.

"Anyone can access your private photos and emails! Just replace the home button with one programmed with your own fingerprints!"

Can you imagine the comments if that were a story?

The problem here is that Apple didn't find a way to tell repair shops and users that this could be an issue.



It doesn't have to be either or. Apple could provide a better fail over behavior for the home key, including a way for a consumer to validate the changed hardware.

For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.

Bottom line, when one authentication method fails, you need a fail over to something more difficult.


> Please contact apple secure support to confirm that your device is still secure

There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.


If they can issue an auth code for apple hardware then presumably it's possible to issue one for non apple hardware. They just have to make some effort to confirm the owner of the phone has it rather than a thief.


I'm sure no nation-state level actor would ever infiltrate this process..


At which point you have much bigger problems than a compromised iPhone.


Therefore... Apple shouldn't try to protect you?


Only to the extent I protect my own data. If I don't use the fingerprint scanner (or even a simple password), don't brick my phone because the fingerprint scanner failed validation.

Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.


The bad guy can then walk the user through that security verification process, and the user is screwed. Think it through.


Let's extrapolate this to UEFI/Secure Boot.

If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.

Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.


Wouldn't touchID get disabled until the verification process was finished? They would need the user's password.


If you're targeted by a "bad guy" at this level of play, you have much bigger problems than an untrustworthy fingerprint sensor.


They could invent another architecture which doesn't tie a mechanically failible element with an identity system.


Then the user would still need to input their passcode after the button was replaced before anything could be stolen.


That works, if and only if you already know the user's pin to unlock the phone.

This attack you suppose Apple is defending against is not possible.

The only attack Apple is really defending against is the attack of non-Apple phone repair companies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: