[Pomfers]

When Apple introduced a fingerprint unlock in the home button, it wanted to keep the fingerprint scans secure. The security chip that stores the fingerprint scans needs to verify that the home button's fingerprint scanner is trustworthy, to prevent man in the middle attacks.

However, when an unauthorized or unofficial button is used as a replacement for repair, the phone will permanently brick itself. No warning is given that the fingerprint scanner's trustworthiness can not be verified, no ability to just use the phone with the fingerprint scanner disabled. Just straight to a permanent bricking.

[Retric]

IMO it wasn’t nearly as egregious as the other examples. I only defend them because they didn’t do this when you replaced the screen etc.

You don’t want phones to work if someone swaps out that specific piece of hardware without your knowledge. Bricking the phone forever makes it harder for people to find back doors around that security feature as they would risk large numbers of expensive phones. Presumably people developing replacement fingerprint readers would notice the issue before most customers where harmed. Further, anyone actually harmed would have gotten hardware from an very untrustworthy source.

They reversed course after a backlash, but I can see an argument for them standing their ground on this one.

[themagician]

As a user, that’s what I’d want it to do. If someone is trying to bypass the fingerprint sensor by replacing it because they know that’s where the authorization is stored, that’s exactly what I’d want the phone to do.

[Pomfers]

The fingerprint scanner is just a scanner, it doesn't handle authorization, that's what the security chip does. The scanner has two ways of communicating with the security chip. It can authenticate itself with the chip, and it can send the chip images of fingerprints.

If a compromised scanner fails to authenticate, then the security chip can just ignore the scanner. Not much it can do if its only avenue of communication is cut off. A warning message telling users to not touch their compromised fingerprint scanner would have been sufficient.

[circuit10]

You want your whole phone bricked by an update when it worked before, even though they can just disable the fingerprint scanner instead?

[lynx23]

You are assuming it is fine to swap authentification hardware for incompatible parts? I guess this is from the spirit of "right t repair". While I get the idea in princple, I still think going dark is the best option you have if essential hardware was apparently tampered with. Find a back-alley smartphone shop which at least swaps your FP reader with compatible hardware. But if someone gained access to my phone, and put a piece of hardware in which is not recognized by the OS, I want it to stop right there. That doesn't feel like bricking, more like a security feature.

[mrguyorama]

This attack scenario doesn't make any sense. If your phone is out of your sight and unsecured for long enough to take it apart and replace the fingerprint sensor, it's unsecured and out of sight long enough to be entirely replaced by a clone that will steal all your credentials and send everything to whatever bad guy you are imagining

[circuit10]

And it won’t work anyway because the phone will detect and reject the sensor and just fall back to PIN authentication which is how it worked before the update

[themagician]

Ah, I see the use case now-where you get it replaced by a 3rd party or buy a stolen phone, do you want it bricked by a software update? I don't know. I don't know that I care much about that use case TBH.

What I don't want is this: someone steals my phone and then replaces the fingerprint sensor and has access to everything, including the ability to reset and resell the phone.

[circuit10]

That’s not possible anyway because the phone can detect and reject the replacement sensor. If it couldn’t then how would it know to brick itself? Instead it should just fall back to PIN authentication, which is actually more secure and how it worked before the update

[halper]

Not just bricked but permanently and securely wiped, would be my preference.

[circuit10]

You want your own phone that you paid money for wiped and bricked remotely at random without your permission while you’re using it for no security advantage whatsoever (since it can just fall back to PIN authentication which is actually more secure than a fingerprint) until you give Apple money to “repair” it?

[sombragris]

Nice how some people try to justify Apple here.

I think the problem lies in this point:

>No warning is given ... Just straight to a permanent bricking.

There should have been a warning, at least, but there was none.