Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.

The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.



That wouldn't really be a good idea. Someone could steal your phone and replace the TouchID hardware. Then this popup comes up and they say, oh yeah this hardware is totally legit! Then they get your data, impersonate you, charge stuff etc.


The prompt would have to be after you authenticated your phone in some other way, like via the passcode.

I think it's totally OK not to accept authentication from an unvalidated device, but a legitimate user should be able to do the validation.


I think the post is referring to a hotel maid scenario.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: