Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think they are protecting against that scenario so much as not accounting for it. I expect Apple's assumption is that they provide all components for their devices. People who install unauthorised third party components can no longer have those devices serviced by Apple — so it no longer matters to Apple whether those devices are compromised, because they aren't really "Apple" devices at that point anyway.

This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.



There's no need to be so hostile and assume malice when there's plenty of perfectly sound explanations otherwise.

Apple is a fairly security conscious company now so security tradeoffs should not be a surprise.


Assume malice? How do you mean?


There is only one valid reason to authenticate the fingerprint scanner before using it, and that is to prevent the use of aftermarket replacements.

No matter what the motives behind this mechanism were, it was put in place exactly to prevent 3rd party scanners from working.

And if they implemented authentication and didn't even test what happens if it fails, then well... how do they know it works at all?


If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated. It doesn't matter about aftermarket replacements.

The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.

I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.

So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.

The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)


> If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated.

Consider reading the description of iOS security features linked somewhere in this thread.

Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: