Tagged: The Guardian

iPhone “Error 53,” or Security > Convenience

In information technology, there’s almost always a tradeoff between security and convenience. The more convenient something is to use, the less secure it is. Otherwise, you could leave your front door unlocked, leave your car running, and have 123456 be your password for everything. However, as you know, that is far from secure. You need to lock your front door, you need to turn off the ignition, and you need to have unique, strong passwords for each of your online accounts. This inconvenience yields some measure of security.

The Guardian reported last week about a “fury” from iPhone users against Apple for bricking iPhones that have had their screens replaced by an unauthorized, third-party repair outfit, which inadvertently tampered with the Touch ID sensors during the repair process. Thereafter, the phones stopped working altogether.

The Device Shop on Mercer St, New York City

If I were to open a repair shop, such as this one, I would call it “Error 53.”

According to various users quoted in the article, an iPhone 6 or later will report an “Error 53” and not function if a third-party repair person has replaced the screen or the home button and if the user has upgraded the phone’s operating system to iOS 9. The issue is prevalent enough that iFixit reports over 180,000 queries to their user forums about “Error 53.” The maligned users and Miles Brignall, the Guardian author who reported on the “fury,” all but accuse Apple of bricking these repaired iPhones in order to force users to only repair their phones through Apple or to buy a new replacement.

Could Apple’s move, which appears to be designed to squeeze out independent repairers, contravene competition rules? Car manufacturers, for example, are not allowed to insist that buyers only get their car serviced by them. Apple charges £236 for a repair to the home button on an iPhone 6 in the UK, while an independent repairer would demand a fraction of that.

Pointing to an economic motive is all too simplistic. Although Apple is certainly concerned with being profitable, these accusations always surface when Apple does something to “brick” someone’s computing device or peripheral. It happened when Apple…

  • replaced the serial port with USB and rendered a lot of printers obsolete,
  • eliminated the floppy disk drive in favor of optical drives on the iMac,
  • replaced SCSI with FireWire,
  • eliminated swappable batteries in their notebooks,
  • and, most recently, replaced the 30-pin connector with Lightning.

And when these changes occurred, critics accused Apple of doing so in order to sell expensive adapters.

Instead, these are moves to destined improve the product and the experience. USB and FireWire were far superior to the serial port, ADB, and SCSI, as Lightning has been over the previous 2001-era iPod connector. Similarly, the only reason anyone ever needed a swappable notebook battery was to work longer than two hours, and the built-in batteries in the newer notebooks far exceeded that runtime, making toting those bulky batteries obsolete.

In this case, “Error 53” is to protect the security of the device. An Apple spokeswomen, quoted in the article, says as much:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.

Emphasis mine.

However, Brignall scoffs at this explanation, labelling it overloaded with “jargon.”

But, to any reasonable technologically competent person, this explanation is certainly sound. Apple’s own philosophy is that iPhone users store all kinds of private information on their devices, and that is Apple’s responsibility to prioritize the security of that device, even at the expense of user’s going to the corner repair shop to fix a cracked screen.

Poor Little Rich Broadband

At first I thought it was an April Fool’s joke, but The Guardian reported yesterday, on April 6, that the wealthy are stranded in digital dark age as expensive properties lack fast internet in London’s most exclusive housing developments:

Only the most wealthy can afford a pied-à-terre at the One Hyde Park development opposite Harrods, in Knightsbridge, but it seems even the average £22m price tag is not enough to buy a superfast internet connection. The flats went on sale just three years ago, but their broadband speed is well below the national average.

While it might be tempting to shed a crocodile tear for these poor little rich people, it turns out their broadband speeds aren’t all that slow, at least compared to the United States.

One Hyde Park has a top speed of around 10 megabits per second – well below the 18Mbps national average.

By comparison, the average broadband speed in the United States is 10 megabits per second, the same as the relatively “slow” speeds of One Hyde Park and well below the average data rate of the United Kingdom.

But, of course, in the early twenty-first century, being rich has its perks. The developer is looking to accelerate those broadband speeds.

The building’s developer, Candy & Candy, says it is now negotiating with BT to install a 100Mbps service.

In the United States, one hundred megabits per second for residential broadband is almost science-fiction fast.

Computer Generated Papers

From Ian Sample at The Guardian on how computer-generated fake papers are flooding academia:

The students wrote a simple computer program that churned out gobbledegook and presented it as an academic paper. They put their names on one of the papers, sent it to a conference, and promptly had it accepted. The sting, in 2005, revealed a farce that lay at the heart of science.

The farce is not just that academics are being duped by computers writing “gobbledegook.” It is that there are “dodgy” conference organizers and journal publishers that are ready to accept anything so they can bilk an author. This hoax was a valiant attempt to expose those.

Conferences aren’t free. If you write a paper and have it accepted at a conference, don’t expect any payment. You will have to pay a registration fee to attend the conference and likely pay for your own travel. Most reputable conferences charge a reasonable fee to cover their expenses, which can be substantial, but you do see some conferences with some exorbitant, jaw-dropping registration fees. It is wise to stay away from those.

You can see a similar trend in the proliferation of “open access” journals. These journals are available online for free instead of charing an individual a cover price or a library for a subscription. Instead, they charge the author a publishing fee.

Publishing anything, even “gobbledegook,” for a fee is a predictable result of conferences and journals that exist primarily to generate a profit.

When hoaxes like these get reported in the press, readers assume that authors submit conference papers or journal articles as completed works. They do not. It’s possible that some of the paper proposals submitted as “gobbledegook” had a sound kernel of an idea that could develop into a solid paper with some revisions. A panel chair or an editor will often shepherd a conference paper or a journal article so the author can revise it. But it’s hard to judge whether the conference organizers were duped because they accept anything to generate a registration fee or whether they accepted it with revisions. As the Social Text–Sokal incident made clear, no one expects a hoax.