Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What you didn't mention is that this verification only happens on a software upgrade. In the meantime either one of these two things could happen (I don't know which): 1. The sensor could do all the malicious things you mention 2. The sensor is blocked from accessing the security enclave.

The former doesn't seem like a secure solution that one should be really glad of. The latter would also be possible after a software upgrade so there is no need to disable the device completely. In short, they didn't choose a good solution.

Simply disabling a phone at some point well after a repair is just bad.

Edit: The parent post was edited a bit, so my point is now mostly covered. I still don't see a security-related reason to disable the complete device on a software upgrade. Maybe it could enable an attacker to modify the OS somehow in the process. However, I don't agree that this issue is "overblown". This presents a real problem for users that now have an unusable phone. It's important to note that Apple doesn't offer repairs everywhere in the world so many users now can't repair their phone at all.



My mistake, added that part into the parent post. The coverage of this story is all over the place and it's hard to keep track.

You are right though, allowing users to update/restore but disabling the sensor is a better solution. I'm not too sure why Apple chose this route. They haven't commented on the technical reasons behind it so it's hard to say for sure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: