Over the past few days, there have been a number of articles as people discover that their iPhones are bricked after undergoing third-party repairs. Apple has a FAQ about it, and iFixit has a good article with details, though I don’t necessarily agree with all their conclusions, and they do have a vested interest in third-party repair options. Not that that’s a bad thing – I’ve been a customer in the past myself, but will full knowledge that I was voiding my warranty by doing so.
So a couple of specific points:
“As long as the device requires a PIN on boot, then the device would be just as secure as it was before the part swap.”
The secure paring between the sensor and the fingerprint reader (from published information), protects the biometric data in the secure enclave from compromise by a malicious sensor. The PIN is a different subsystem, and may protect the device, but not necessarily the biometric data.
“repair professionals should be able to unlock devices—and that they should have access to the same parts and the same tools that “authorized” repair shops do”
This is a widespread practice: witness key and lock manufacturers restricting secure blanks to licensed locksmiths, and the entire automotive industry requiring that new ‘smart’ keys be programmed at the dealership. So the question is, should it be? I’m annoyed at the hour’s time and $100-200 charge for a spare key to my car. That “feels” like gouging. But those keys have made a big impact on car theft, and my lower insurance rates reflect that. It’s tough to know the difference between security and a scam without a lot of details.
And that’s rub. Apple isn’t disclosing enough details about the paring process to understand if that’s possible. What I do know is this – Apple got the security of their fingerprint reader right. From storing the biometric data securely, to paring the sensor, to enforcing a maximum number of attempts before triggering a PIN. If someone’s TouchID is compromised because of a malicious sensor, who will be blamed/sued/dragged through the media? Apple. I can’t blame them for locking down the secure subsystems to authorized repair agents.
You know, demands that Apple ‘should be able to allow unauthorized repairs’ sound a lot like demands that Apple ‘should be able to implement a backdoor in their encryption’. In the latter case, it can’t be done (math is hard after all). In the former? We need more details to know for sure.
But, in the end, my recommendation is to only use authorized repair services for secure components – for any product, not just Apple’s. It’s more money, but it’s worth it.
2/18 Update: Apple’s stopped bricking the device, but still won’t allow TouchID to be used until an authorized repair is completed. That seems a lot more reasonable than bricking the device, and still maintains TouchID security.
Victor Grund says
I really must agree with this advice. Mobile is becoming increasingly important as an attack vector. This is akin to handing over your keys to a random person versus a reputable locksmith.