Apple takes $9m kick down under after bricking iPhones Apple is facing a $9m (AUS) slap-on-the-wrist for kicking out a firmware update that disabled some repaired iOS devices in Australia. The Australian Competition and Consumer Commission (ACCC) says the Cupertino Newton-builder lied to customers when it said it could not properly update the firmware on iPhones and iPads with …
Of course, irrespective of what people think about the repair policy, Apple are completely right about third party hardware being a security risk. Yes even swapping out a screen. To ensure security you need to be able to authenticate every hardware component and disable any that have not from a known to be secure source. This is a clear case of consumer law conflicting with sound security principles.
@SuccessCase
Funny, but when the car companies tried the same thing in Europe - i.e. wanted to force car owners to use genuine Ford/BMW/etc parts installed by genuine Ford/BMW/etc dealers on the basis of safety those same consumers with their inconvenient laws told them to sod off.
The only reason that Apple did what they did is because they could. I don't use the fingerprint sensor, so I don't give a toss if it's secure or not - so why should I get ripped off for a "genuine Apple part" which is probably made in the same factory by the same woman who makes the cheap one. My phone, my choice and if it's a bad choice then my tough shit. But it's a choice I'd rather have.
If in the good old days when they tried the same thing Ford/BMW/etc had had the ability to brick a car because its owner put Halfords brake pads on it then they would have done - and all in the interests of safety and nothing to do with the fact that a set of pattern brake pads is much cheaper than OEM ones..
Funny enough the car companies found a legal way around this anti competitive behaviour. Microchips!
They put them in everything now to increase the costs. Seatbelts for modern Audi's now cost more than £200 and have to be coded to the car like a key fob.
Want to buy legal, safe second hand or insurance approved replicas for ~£10? You can...They'll just beep forever as the on-board computer won't recognise them.
Audi: "buy our parts or we'll annoy you FOREVER!"
Your friendly independent garage might be able to disable the seatbelt alarm for you, assuming they've got approved diagnostics kit. Or you could buy a Chinese knock-off of VAG-Com/VCDS and try it yourself at home. It's option-tastic and very tempting to fiddle. Could be risky, but not as dangerous as using a 1.3A cable to charge at 2.1A, though!
I find what apple did right in principle but ok, I agree that some people can't or won't pay the apple tax again for the same device. However apple should leave a setting on phone which allows me to set the security checks on hardware high so that my phone doesn't get a spying screen or fingerprint sensor while I'm leaving it unattended (which happens when I sleep or in the gym).
If you are the security engineer implementing this, then the most secure thing to do when you can't guarantee the authenticity of the fingerprint reader is to brick the phone. Whoever implemented this initially was acting under the assumption that evil hackers were replacing fingerprint readers and didn't think that third-party repairs could have the same result.
When Apple figured out that there were many of these repaired devices around, I would think that security engineer took some time to find out whether a malicious fingerprint reader that has been deactivated can cause any security risk, and after finding no risk or fixing risks they switched from bricking to deactivating the reader.
What big_D says is very obvious - but only in hindsight. But for example with ApplePay, if someone stole my iPhone and somehow managed to replace the fingerprint reader so they can use it, they might be equal to empty my bank account. Apple had to stop that kind of risk, and they did.
This post has been deleted by its author
It pains me to write this (ouch) but Apple is right.
If the third-party used a touch sensor which was not recognized then the phone was not repaired to its original state. End of story.
Oh, what's that? You're complaining that I replaced the dead CPU in your computer with a cabbage and that's why your computer refuses to boot up? Nah, I repaired it mate. The replacement component doesn't meet the manufacturer's specs for the part, but so what? If you have a complaint, take it to the manufacturer, not me. There's an Australian court that will back me up on this.
I don't think so. If I "repaired" something with a part that doesn't work, then I'm the one at fault. However, what was installed was a touch sensor that, while not the one made by apple, did the job it was meant to do. All apple did was to go in and break it. They probably could have gotten away with allowing the driver for the screen to become deprecated and fail, as they aren't obligated to support it, but writing code that essentially does
if (screen.manufacturer != "apple") {
brick_phone();
}
isn't OK. A better analogy would be if your computer broke, a friend replaced the processor with another one that did processing just fine and with the same instruction set, and I, as the software writer, chose to decide that I didn't like that and I'd just make it fail for you. You can't do something the sole purpose of which is to break someone else's thing.
However, what was installed was a touch sensor that, while not the one made by apple, did the job it was meant to do.
So you admit that it was not the right part. It did not do the job it was meant to do, because one part of the job it was meant to do was give the correct response to a specific query. You might as well have fitted a cabbage.
Yes, it would have been possible for Apple to rewrite the firmware to accept responses from parts that were not fully compatible with the manufacturer's original. Why would you expect them to do that in advance, not knowing what some third-party might fit that was almost compatible?
It doesn't matter that with different firmware, it would have worked. If you fit a part that doesn't work then you've fitted the wrong part. It doesn't matter that it performs most functions just the same, if it doesn't perform all of them then it's the wrong fucking part.
It's not a consumable like an inkjet cartridge, where such practises are questionable. It's a part that should only need replacing as part of a repair, and that repair should use the right fucking part. Otherwise you might as well fit a cabbage.
Now there might be a case against Apple for refusing to supply replacement screens, at a reasonable cost, to third parties. But a case against Apple because the third party fitted the wrong fucking part is ridiculous.
It doesn't matter that with different firmware, it would have worked. If you fit a part that doesn't work then you've fitted the wrong part. It doesn't matter that it performs most functions just the same, if it doesn't perform all of them then it's the wrong fucking part.
So why should I have this useless fucking crap in a phone in the first place? I don't use it for secured computing, I certainly don't let it handle my money for me. More useless shit crammed into any device (TV, car, phone, etc) means more stuff to BREAK. All the more reason not to use Apple tat and equivalent ilk from other manufacturers.
However, what was installed was a touch sensor that, while not the one made by apple, did the job it was meant to do.
Ah, but that is exactly the problem (and why I can see Apple's point) it does NOT do the job it was meant to do. The reader is part of a secure chain, and you just broke that. By doing so, you screwed over the security mechanism in the phone so you now have a phone that is no longer as secure as Apple made it. Now who will you go and blame when it then leaks exciting data like your credit card details? Yes, Apple - hence the kill.
That said, I agree with you that the way it was handled was wrong. Apple should have warned the user that their phone was now unsafe, made the user accept the risk and disable their access to the Apple Pay and the App Store from that specific device but from nowhere else. That would contain the risk for Apple, but would leave people who choose the equivalent of a zip tie to lock their homes perfectly free to do as they please.
"If the third-party used a touch sensor which was not recognized then the phone was not repaired to its original state. End of story"
The replaced touch sensor is perfectly fine , however because it's not an Apple approved sensor the firmware won't work with it installed.
Apple were bricking Apple parts!
That, I'll admit, is wrong. Nuke-them-from-orbit wrong.
Unless (and I have no knowledge either way) those phones were different build revisions, using slightly different parts that therefore returned different part IDs because of slightly different behaviour. If they were merely returning different serial numbers for the exact same part, then nuke them from orbit.
oh no! who would have thought that happens when the communication between the subsystems of a modern phone are secured? Ben, NontechnicalBen.
The A7 forwards the data to the Secure Enclave but cannot read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
So, how does this magically impossible system work with the rest of the whole world?
Oh wait, they don't brick the entire internet if one PC fails security.
But they brick your entire phone if one part fails?
Also, if you are so technical, explain how to source and fit a legitimate Apple Id fingerprint scanner?
"Apple were bricking Apple parts! If you swapped the Touch ID sensor from one phone to the other, to (for example) fix two and old broken phones you had spare into 1 working one... it still bricked!!!"
It's even worse than that, it bricked if it didn't detect a sensor, I replaced the screen on my partner's 6 and managed to tear the cable for the fingerprint sensor, she was fine with that because she didn't use the fingerprint sensor but a week or so and one iOS update later, error #53 in red on the screen.
It was a blatant attempt to brick devices that had been repaired, absolutely nothing to do with security.
This has nothing to do with "Apple approved". It's not just a touch sensor, it's a fingerprint reader. I'm sure someone could build a fingerprint reader that accepts any fingerprint as yours. Would you want a repaired phone that any thief can use to make purchases with ApplePay? With the money coming from your bank account?
A better punishment is to make the Tim Cook pay $9 million. If we hold the CEO financially responsible for malfeasance then junk like this would die overnight. Making the business pay is just a tax write-off. The people responsible or the people who approve of bad decisions are not affected at all and so they have no motivation for doing the right thing. Touch their wallet and suddenly they will straighten up and fly right.
Apple has created a situation where it's impossible to replace a failed part with an identical one -- each part has a programmed unique ID (and perhaps related encryption).
What consumers have done is repair the phone with an *equivalent* part -- quite similar to what an Apple Store would have done.
Apple has the technical capability to allow the firmware to accept or reject the repair part. They can even do that with a process that retains the designed-in security. But they choose not to in order to lock in consumers.
Apple has the technical capability to allow the firmware to accept or reject the repair part. They can even do that with a process that retains the designed-in security. But they choose not to in order to lock in consumers ensure that repairs are properly done, with the required full reset of the security chain.
I know a couple of non-Apple outfits that have been certified to do this, and they have a number of hoops to jump through. One of the reasons is because the phones are now so secure that stealing the full phone for resell after a reset is simply no longer possible, so now they're stolen for parts. By serialising the parts, Apple can now also render theft for parts less interesting despite the high value of the phone.
What Apple is trying to do actually makes sense, but that would require studying what exactly they do, which is a big no no nowadays. Can't have the facts interfering with a good tweet/rant now, can we..
If they didn't load all this shit in the phone, it wouldn't have to be repaired in the first place. But no, they have to weigh it down with "standard options" (as was and may still be a favourite oxymoron of the auto industry), then since the cost of making that "fully-optioned" product is so much more, they jack the price up, and it doesn't matter if you wanted *ANY* of that extra crap. Oh, and make sure you can't get the stripped-down model.
replacing a sensor that generates a mathematical representation of a fingerprint is playing with fire. You don't know the new sensor doesn't generate the same representation for all fingerprints or for some spy agency standard artificial fingerprint or even uses an algorithm that is similar to Apple's. Non-approved means non-known. this is not just an apple issue... it applies to all sensors used for security.
description of what it does for laymen, because some of these comments show ignorance https://support.apple.com/en-us/HT204587
Please.
If you are clueless of how the tech works shut the Eff up. Trust me, a chinese knockoff fingerprint scanner is not "phoning home" nor installing malware. It might return the same data no matter the finger. . . Testable. But it can't take over your phone and send your bank data to china. The main issue with this cheap hardware is quality. Reads your fingerprint just fine . . . For about 6 months, then just refuses to respond. Mixed bag. Your call, just like the tires on your car.
Be that as at may, some really intersting IOT hardware runs these components. I'd worry about somone leaving a gadget plugged in on the home net like these new fridges, way before replacement hardware in my cupertino engineered candy bar.
It doesn't need to send the bank data to China. It's bad enough if it allows a thief to steal my phone and send my bank data to the till of ten phone stores where the thief has just bought 5 expensive phones each. With the money coming out of my bank account.
And your iPhone only knows that the chip is dodgy. They can't know if it is dodgy because it was made by some cheap Chinese company that wants to make some money, or because some foreign government targets you to get at the company secrets or company secrets you own.
Regarding the argument that the fingerprint sensor might be insecure, that's a risk that is taken when parts are switched. You have to understand that the cheaper part might be problematic, or in fact that something might be dodgy with it. However, the risk doesn't mean I can do whatever I'd like. For example, I can build you a hard drive that contains sneaky ransomware on board. Use it for six months and the ransomware activates, encrypting the disk and booting your machine to ask for money. The fact that I could do this doesn't mean you are justified in never buying a disk again, nor does it make it logical for you to say "Any disks I approve are fine, all others aren't". If I buy a disk, I assume the risk for it. If it turns out someone's sneaking ransomware into them, find them and report them.
@arthoss - I could almost give you that argument except for the fact that Apple does the same for a simple Lightning connector. Apple doesn't build authentication into a data cable to protect me - it does it to protect its business model. Same with the fingerprint sensor.
Apple doesn't build authentication into a data cable to protect me - it does it to protect its business model.
Ah, and thus the ignorance showeth. Time for a bit of education.
The spec for micro USB (and thus the cables) did not allow for the 2.1A that a Lightening cable can charge with. Apple had a simple choice: go with micro USB and only get 1.3A for charging, or go it alone, use a higher spec cable and put a chip in it so a charger could detect the cable in use was actually rated for that current instead of a cheap knock off that would thus create a fire hazard. Voilà, quick charging Lightning, comfortable with 2.1A of current with a chipped cable.
By the way, the same is true for USB-C cables - what do you think would happen if the design allowed you to plug in a simple data cable and it got to carry the max 80W power the spec allows for (as it also allows power supply feeds)? USB-C cables thus also have them evil chips in them, but it's not to protect a business model, but to protect you. Apple simply got there earlier with Lightning.
As an aside, I'm not sure if they will switch to USB-C in iPhones and iPads unless they lose this thinness fetish - it's a big beast of a connector compared to Lightning.
Or go for a system that uses both? Can they not offer 2.1 amp over compatible cables (tested via data over their charger) and 1.3a over everything else?
Besides. If they offer a standard and a chip, it's proprietary right? I don't think it's wrong for a customer to request to have an option not to use it.
If I buy a table, I am allowed to get my own plates. If you wish to try to enforce DRM on plate shape/supplier, by all means, *try*.
Ah, and thus the ignorance showeth. Time for a bit of education
From the person demonstrating their own ignorance in incorrectly trying to correct someone else's !
Power negotiation over USB cables is a thing that does NOT require the sort of shenanigans done by Apple. Look it up, there are agreed standards for such negotiation - and if there wasn't once that was adequate, then Apple could have done their own in a way that did not prevent use of 3rd party cables.
What Apple DID do was to use technical measures (chip in cable, phone talks to chip, phone refuses to work if right response isn't received) to make it so that cables without the right chip&software would not work for things like playing video to an external screen and so on. Simply, it was a tax - pay Apple's prices, pay "approved" 3rd party prices (which includes fees paid by the 3rd party to Apple), or don't get a fully functioning cable.
It really is that simple - the primary reason for the way it was done was to prevent the option of using inexpensive 3rd party cables. IIRC they dressed it up in the usual "to protect the users from poor quality cables" lies - but ultimately it was protectionism pure and simple.
As a user it would (if I had one of the devices) be my right to choose whether to pay for an Apple (or approved 3rd party) cable or to use a cheap cable and accept that there may be issues. I could (just about) accept Apple putting up a notice when a "cheap" cable is plugged in, warning of the risks, but what they have done is wrong and should be illegal.
This result (on a very related topic) in Australia is one tiny step in the right direction. The money is irrelevant - it's the public slap in the face and the finding that what they did was illegal and wrong that counts.
Ok - let me show my ignorance again, cos I'm really puzzled now. I've got three non-Apple-approved lightning cables. All three work fine as phone chargers, from both wall warts and Mac. What they don't do is work as data cables and when I connect them to the Mac the phone goes ding ding ding. So if the purpose of chipping is to prevent the phone drawing current from a non-approved connector then it's not working.
If the whole purpose of chipping the cable is to work out if the cable can take the current then all the phone has to do is check the cable. If it gets a response to say it's a valid Lightning cable then the phone can go and draw the full 2.1A. If it doesn't get a response then it can draw 1.3A. Unless, of course, it's just a ruse to rip me off for propietary cable.
The spec for micro USB (and thus the cables) did not allow for the 2.1A that a Lightening cable can charge with. Apple had a simple choice: go with micro USB and only get 1.3A for charging, or go it alone, use a higher spec cable and put a chip in it so a charger could detect the cable in use was actually rated for that current instead of a cheap knock off that would thus create a fire hazard. Voilà, quick charging Lightning, comfortable with 2.1A of current with a chipped cable.
There's a big difference between verifying that a cable meets a specification, and creating a proprietary lock-in by licensing out authorized codes and refusing to connect to something made by someone who hasn't paid adequate tributes to the High Lords and Masters of Cupertino, regardless of whether the device meets specifications. IBM tried that with Microchannel; see where *they* are now.
I have Apple kit and have been around IT type stuff since 1971. I maybe technically ignorant, having spent 40 odd years installing, programming, specifying and purchasing this sort of thing. I am also quite cynical. You may not be aware that all you have in life is time - You can trade your time to earn money, or spend time to save money, or use money so that you can have more time to do something else. I am retired and really can’t be arsed to spend the time I have left pratting around trying to get someone’s idea of a consumer device to actually do what the manufacturer tells me it can do.
The Apple stuff that I have generally “just works”, but I may be an edge case - On the rare occasions that my iMac doesn’t do what I want, I can go and do technical Unixy things with the CLI; my phone and iPad do pretty much everything that I would expect without fiddling, and I really don’t want to root-kit them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
