Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com)

Posted by timothy on from the cheap-is-expensive-don'tcha-know? dept.

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...

16 of 410 comments (clear)

  1. Solution! by Anonymous Coward · · Score: 5, Insightful

    Sell your bricked piece of shit and buy an Android phone, which does not have this problem.

    Solved.

    1. Re:Solution! by oh_my_080980980 · · Score: 5, Insightful

      RTFA ass-hole:

      “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

    2. Re:Solution! by Anonymous Coward · · Score: 5, Insightful

      This should have failed gracefully. The phone should have de-functioned the fingerprint scanner to just a home button, and asked for a PIN/password, which all iPhones pre-5S have been able to do without issue. Forcing the device to an inoperative state because one component was replaced is not ethical, nor needed.

  2. Getting away with it? by Z00L00K · · Score: 5, Insightful

    If Apple gets away with this we may see more vendors doing the same thing to the stuff we own.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Getting away with it? by gstoddart · · Score: 5, Insightful

      You don't own it, and you know you don't own it. You merely paid money for the right to use the hardware under the terms of their license.

      Your ownership of these things ended some years ago as far as they're concerned.

      This is no different from Microsoft deciding it's their computer, and they'll do whatever the fuck they want with it.

      Consumers have more or less had the concept of ownership yanked out from underneath them, and had it replaced with a licensing agreement which the company can change at will.

      --
      Lost at C:>. Found at C.
    2. Re:Getting away with it? by Jason+Levine · · Score: 4, Insightful

      Can't find the right moderation. Where's "+1 Shaking My Head Sadly At The State Of The Tech World"?

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  3. Damned if you do, damned if you don't by Anonymous Coward · · Score: 4, Insightful

    It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components. Then everyone would be up in arms, demanding this exact software change, and complaining about how Apple is reactionary and not proactive in fixing security issues.

    Of course, "Apple fixes vulnerabilities in iOS 9" is not really a catchy flambait title for an article.

    1. Re:Damned if you do, damned if you don't by Anonymous Coward · · Score: 5, Insightful

      Or instead of Error 53 they could just disable Touch ID and require you to enter you PIN code.

      Which would make sense since you need the PIN to enable Touch ID in the first place, as it's automatically turned off when the phone first starts and if the phone isn't unlocked for over 48 hours.

      No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.

    2. Re:Damned if you do, damned if you don't by Austerity+Empowers · · Score: 4, Insightful

      You could replace the fingerprint sensor with something that could provide arbitrary fingerprints, possibly based on a collection you have made of them. Then use your collection to buy stuff. Requires no memory in the sensor at all. This is much faster than creating molds of fingerprints and applying them to the sensor. I can see Apple not wanting to tolerate replacing things tied in to your CC #.

      Replacing a battery seems less defensible to me, if that aspect is true. It's hard to argue this is tied in to any trust chain.

  4. Magnuson Moss Warranty Act? by apenzott · · Score: 4, Insightful
    I would like to see how this squares with the Magnuson Moss Warranty Act.

    The provisions for the FTC and the resultant class action provisions could get expensive.

    --
    The Roman Rule: The one who says it cannot be done shall not interrupt the one who is doing it.
  5. Re:Maybe a good thing by Anonymous Coward · · Score: 4, Insightful

    I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

    So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

    OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

  6. Um.... duh? by ilsaloving · · Score: 4, Insightful

    Apple has made it abundantly clear that they are selling a *secure* device. Always on encryption, etc etc.

    How would you expect such a device to behave when it is compromised with unauthorized components? A phone with 3rd party components could do pretty much *anything*, including sending everything on the device to an unknown third party, without your knowledge or consent.

    Heck, this sort of "problem" just makes me appreciate Apple's commitment to security even more.

    My only complaint is that the phone doesn't brick soon enough. It should brick itself immediately upon the next boot up.

  7. Re:Maybe a good thing by Anonymous Coward · · Score: 5, Insightful

    So just disable the fingerprint part of the button, no need to brick a device.

  8. Re:Maybe a good thing by AmiMoJo · · Score: 5, Insightful

    Makes no sense. The flash memory is encrypted and the key is stored in a secure area of the CPU. The CPU is hardened so that you can't exact the key with an electron microscope or by de-capping it. It might be possible to get that key, but only with specialist equipment and unpublished vulnerabilities.

    Replacing the fingerprint sensor won't get you anywhere. To unlock the phone after boot you need the passcode. Okay, say you keep it powered up while replacing the sensor. So what, you still need to send the phone the fingerprint data that matches the owner's finger, so it got you nothing.

    We I were being generous I'd suggest that Apple just screwed up and made the list of "panic, erase key!" events a bit too long. More likely they just want to discourage people from getting third party repairs, because they know you have money and they want it.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. Re:Maybe a good thing by cyn1c77 · · Score: 4, Insightful

    OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

    It's still a security risk. You could imaging intercepting new iPhones, replacing the fingerprint sensor with a compromised one containing a backdoor, then reimaging the phones, putting them back in the box, and selling them to your target. After your target loads their sensitive data on to them, you could then retrieve it using the compromised sensor.

    I agree this is somewhat contrived and Apple is likely just looking to block third party repairs, but it still is a valid security risk.

  10. Re:Maybe a good thing by The+Rizz · · Score: 5, Insightful

    I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

    So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

    No. Refusing all access to your device because one small component is damaged does not make sense. Not using that component to do the unlock - and making you use the non-fingerprint method - is what would make sense.