Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com)

Posted by timothy on from the cheap-is-expensive-don'tcha-know? dept.

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...

38 of 410 comments (clear)

  1. Solution! by Anonymous Coward · · Score: 5, Insightful

    Sell your bricked piece of shit and buy an Android phone, which does not have this problem.

    Solved.

    1. Re:Solution! by oh_my_080980980 · · Score: 5, Insightful

      RTFA ass-hole:

      “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

    2. Re:Solution! by Maritz · · Score: 5, Funny

      Go back and complain to the company that botched the repair and stop complaining about the company that made your OS more secure.

      Yeah. A phone that won't boot is pretty fucking secure.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    3. Re:Solution! by Anonymous Coward · · Score: 3, Insightful

      a phone that wont boot when a different fingerprint device is installed is working properly

    4. Re:Solution! by Anonymous Coward · · Score: 5, Insightful

      This should have failed gracefully. The phone should have de-functioned the fingerprint scanner to just a home button, and asked for a PIN/password, which all iPhones pre-5S have been able to do without issue. Forcing the device to an inoperative state because one component was replaced is not ethical, nor needed.

    5. Re:Solution! by Anonymous Coward · · Score: 4, Interesting

      Just to let you know... as someone IN the advertising industry targeting these devices. iOS sends consistently more data than android. Android is kindof hit or miss on data depending on where its coming from. iOS doesn't miss all that often.

    6. Re:Solution! by l.a.rossmann · · Score: 5, Informative

      I had someone email me about this nine months ago, and I suggested he go to an Apple Authorized service facility.

      He replied and said the nearest one is a six hour, $1200 flight away.

      No home button for him I guess.

  2. Maybe a good thing by Anonymous Coward · · Score: 3, Insightful

    Probably to prevent hardware attacks on phone encryption

    1. Re:Maybe a good thing by Anonymous Coward · · Score: 4, Insightful

      I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

      So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

      OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

    2. Re:Maybe a good thing by Anonymous Coward · · Score: 5, Insightful

      So just disable the fingerprint part of the button, no need to brick a device.

    3. Re:Maybe a good thing by AmiMoJo · · Score: 5, Insightful

      Makes no sense. The flash memory is encrypted and the key is stored in a secure area of the CPU. The CPU is hardened so that you can't exact the key with an electron microscope or by de-capping it. It might be possible to get that key, but only with specialist equipment and unpublished vulnerabilities.

      Replacing the fingerprint sensor won't get you anywhere. To unlock the phone after boot you need the passcode. Okay, say you keep it powered up while replacing the sensor. So what, you still need to send the phone the fingerprint data that matches the owner's finger, so it got you nothing.

      We I were being generous I'd suggest that Apple just screwed up and made the list of "panic, erase key!" events a bit too long. More likely they just want to discourage people from getting third party repairs, because they know you have money and they want it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Maybe a good thing by cyn1c77 · · Score: 4, Insightful

      OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

      It's still a security risk. You could imaging intercepting new iPhones, replacing the fingerprint sensor with a compromised one containing a backdoor, then reimaging the phones, putting them back in the box, and selling them to your target. After your target loads their sensitive data on to them, you could then retrieve it using the compromised sensor.

      I agree this is somewhat contrived and Apple is likely just looking to block third party repairs, but it still is a valid security risk.

    5. Re:Maybe a good thing by The+Rizz · · Score: 5, Insightful

      I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

      So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

      No. Refusing all access to your device because one small component is damaged does not make sense. Not using that component to do the unlock - and making you use the non-fingerprint method - is what would make sense.

    6. Re:Maybe a good thing by dkman · · Score: 3, Insightful

      Seems to me that of the phone doesn't like the sensor instead of bricking itself it should disable the sensor and move on, so you can type in your passcode and use the phone. I know that so 2007, but it's better than having a fancy paperweight.

      --
      I refuse to sign
    7. Re:Maybe a good thing by Tharkkun · · Score: 3, Interesting

      The sensor does not do the decryption or authentication. The attack vector would be a sensor that has been replaced with a mechanism that replays a snapshot of the phone owner's fingerprint and sends that down the wire to the mainboard. Apple is attempting to curtail that type of attack by authenticating the physical sensor to the mainboard.

      So disable the sensor if it's found to be invalid. You don't destroy a $500 phone. What if the sensor goes bad? New phone? Seriously people.

    8. Re:Maybe a good thing by shawn2772 · · Score: 3, Interesting

      1. Steal phone.
      2. Lift owner's print from the phone.
      3. Replace sensor with device that sends data of your choice.
      3. Feed fingerprint image to unlock device.

      The owner's fingerprints are generally all over a phone.

  3. Getting away with it? by Z00L00K · · Score: 5, Insightful

    If Apple gets away with this we may see more vendors doing the same thing to the stuff we own.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Getting away with it? by gstoddart · · Score: 5, Insightful

      You don't own it, and you know you don't own it. You merely paid money for the right to use the hardware under the terms of their license.

      Your ownership of these things ended some years ago as far as they're concerned.

      This is no different from Microsoft deciding it's their computer, and they'll do whatever the fuck they want with it.

      Consumers have more or less had the concept of ownership yanked out from underneath them, and had it replaced with a licensing agreement which the company can change at will.

      --
      Lost at C:>. Found at C.
    2. Re:Getting away with it? by mrchaotica · · Score: 3, Informative

      We have a law like that in the US too (and for all products -- which should include iPhones -- not just cars): the Magnuson-Moss Warranty Act.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    3. Re:Getting away with it? by Jason+Levine · · Score: 4, Insightful

      Can't find the right moderation. Where's "+1 Shaking My Head Sadly At The State Of The Tech World"?

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    4. Re:Getting away with it? by Penguinisto · · Score: 3, Informative

      It's not a question of ownership. It's a question of warranty. He still owns his (now-bricked) phone.

      In this case, the dude dropped his phone, gets it repaired at some no-name shop with dodgy parts, then complains when the security loophole the dodgy parts used got closed. If anything, the fault lies with the shop that did the repair.

      Hell, Apple told him they'd do out-of-warranty replacement for it (not sure what that costs, but likely still less than full price), and that's because the problems began when he dropped it (which is not covered under warranty anyway, though some 3rd-party sellers do offer such warranty protection for a nominal fee).

      Fair warning: If I bought anything from any other OEM and went through the same rigamarole, I'm certain that I'd get the same (or worse) treatment from the OEM... so this isn't just an Apple thing.

      (...and this boys and girls, is why I buy just-behind-bleeding-edge Android stuff, so a total loss of the phone is only like $200, not $600 or more).

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    5. Re:Getting away with it? by pak9rabid · · Score: 4, Informative
      Here's the relevant part of the Magnuson-Moss Warranty Act:

      Warrantors cannot require that only branded parts be used with the product in order to retain the warranty.[7] This is commonly referred to as the "tie-in sales" provisions,[8] and is frequently mentioned in the context of third-party computer parts, such as memory and hard drives.

  4. Damned if you do, damned if you don't by Anonymous Coward · · Score: 4, Insightful

    It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components. Then everyone would be up in arms, demanding this exact software change, and complaining about how Apple is reactionary and not proactive in fixing security issues.

    Of course, "Apple fixes vulnerabilities in iOS 9" is not really a catchy flambait title for an article.

    1. Re:Damned if you do, damned if you don't by Anonymous Coward · · Score: 5, Insightful

      Or instead of Error 53 they could just disable Touch ID and require you to enter you PIN code.

      Which would make sense since you need the PIN to enable Touch ID in the first place, as it's automatically turned off when the phone first starts and if the phone isn't unlocked for over 48 hours.

      No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.

    2. Re:Damned if you do, damned if you don't by Austerity+Empowers · · Score: 4, Insightful

      You could replace the fingerprint sensor with something that could provide arbitrary fingerprints, possibly based on a collection you have made of them. Then use your collection to buy stuff. Requires no memory in the sensor at all. This is much faster than creating molds of fingerprints and applying them to the sensor. I can see Apple not wanting to tolerate replacing things tied in to your CC #.

      Replacing a battery seems less defensible to me, if that aspect is true. It's hard to argue this is tied in to any trust chain.

    3. Re:Damned if you do, damned if you don't by adamstew · · Score: 5, Informative

      It's not the fingerprint sensor itself that decides. The fingerprint sensor sends an image of the fingerprint to the Secure Enclave, which is a chip on the device that handles all of the encryption. The secure enclave itself does the analysis and makes the decision. This line of communication between the fingerprint sensor and the secure enclave is encrypted with a key exchange between the sensor and the secure enclave. This pairs your specific secure enclave with the Touch ID sensor. There is anti-replay techniques involved here as well.

      The point of pairing the sensor to the secure enclave is so that someone can't open up the phone, install a sniffer on the bus between the secure enclave and the sensor to then collect the fingerprint data for later collection and replay it to the secure enclave to get it to unlock. It also prevents someone from just replacing the touch ID sensor to provide a known good fingerprint to the secure enclave via a hardware hack. You have to, in theory, have an authorized finger pressed up against a trusted sensor.

    4. Re:Damned if you do, damned if you don't by Anonymous Coward · · Score: 4, Informative

      Apple already treats the PIN as more secure than Touch ID. If you find an iPhone with the fingerprint reader, try opening it with your finger. After a while the phone will lock into "Touch ID disabled" state and require the PIN. At this point the only way to reenable Touch ID is with the PIN.

    5. Re:Damned if you do, damned if you don't by tlambert · · Score: 4, Informative

      Why should the touch ID sensor need to, or be actually doing, store any data or provide authentication?

      Because the encryption key for the device is stored in an NVRAM knapsack in the touch sensor. The CPU uses a public key to establish an encrypted connection via the bus which connects it to the touch sensor, and then sends a block down to decrypt the contents of the knapsack, and then uses that to decrypt the user data key that's stored in the NVRAM attached to the CPU, and then uses that to decrypt the user data.

      By forcing a pairing of the touch sensor with the CPU, it means you can not do a two stage attack by topping just one chip, you'd have to top both chips, and if you did that, your half-of-a-key-pair that you obtained wouldn't work with another device.

      The way Apple handles this in the repair cases is it just replaces your device guts with completely new device guts (so that your cheesy engraving is not taken away -- and neither are your scratches in non-critical areas), and pops a new sensor chip (with an uninitialized PROM) into the device, and sends those guts to someone else as a refurbish.

      But that does mean that third party repair for either of the two components is theoretically possible, but practically speaking, Apple will not sell you the chip you need to replace to do the same repair that an authorized service center would do. On the other hand... it means that Apple won't get the blame if you put in some third party battery or charging circuitry, and burn down your damn house because you wanted to save $5 or whatever.

  5. Context On the Issue by Galaga88 · · Score: 5, Informative

    This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with, which seems to be a reasonable precaution for a device component that can authenticate you across the device and also external services including financial transactions.

    A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.

    1. Re:Context On the Issue by pushing-robot · · Score: 5, Informative

      Apple's response, by way of MacRumors:

      An Apple spokeswoman commented on the issue, referring to protective security features intended to prevent "malicious" third-party components from potentially compromising a user's iPhone as the main reason for the "error 53" message.

      We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”

      She adds: “When an iPhone is serviced by an unauthorized repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an ‘error 53’ being displayed If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.

      --
      How can I believe you when you tell me what I don't want to hear?
    2. Re:Context On the Issue by adamstew · · Score: 4, Interesting

      Because there was a flaw in the security before the update that allowed you to swap out the Touch ID sensor. The update patched a flaw and then the phone noticed a problem with the trust of the hardware.

    3. Re:Context On the Issue by Maritz · · Score: 3, Insightful

      When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.

      Which is achieved by making the phone completely inoperable? Sounds like overkill, especially if the touch ID itself is configured by first entering the PIN. Sounds like it would be perfectly reasonable for it to fall back to PIN, unless of course the goal is to generate a new sale by bricking the phone.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  6. Magnuson Moss Warranty Act? by apenzott · · Score: 4, Insightful
    I would like to see how this squares with the Magnuson Moss Warranty Act.

    The provisions for the FTC and the resultant class action provisions could get expensive.

    --
    The Roman Rule: The one who says it cannot be done shall not interrupt the one who is doing it.
  7. Um.... duh? by ilsaloving · · Score: 4, Insightful

    Apple has made it abundantly clear that they are selling a *secure* device. Always on encryption, etc etc.

    How would you expect such a device to behave when it is compromised with unauthorized components? A phone with 3rd party components could do pretty much *anything*, including sending everything on the device to an unknown third party, without your knowledge or consent.

    Heck, this sort of "problem" just makes me appreciate Apple's commitment to security even more.

    My only complaint is that the phone doesn't brick soon enough. It should brick itself immediately upon the next boot up.

  8. Violation of the Magnuson-Moss Warranty Act by BarbaraHudson · · Score: 4, Informative
    Here you go

    The federal minimum standards for full warranties are waived if the warrantor can show that the problem associated with a warranted consumer product was caused by damage while in the possession of the consumer, or by unreasonable use, including a failure to provide reasonable and necessary maintenance.

    There is clearly an implied warranty that updates won't be malicious, even after the warranty period. The phone wasn't damaged by the consumer - Apple chose to brick it willingly. Even if the phone was out of warranty, they don't have the right to purposefully damage it, any more than a car company can claim lack of responsibility because an oil change was done at a competitor, unless they can show that the product's failure was because of the competitor's actions.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  9. Re:Yes. Yes MS does brick hardware if you are not by SecurityGuy · · Score: 3, Informative

    That's not bricking. Bricking would be MS rendering components in the computer or the entire computer unusable.

  10. Apple always gets away with it. by Ecuador · · Score: 5, Interesting

    Apple always gets away with it and the other vendors don't follow, because they don't have customers who will eat up anything.
    Let me give you an example just from my experience. My 3rd iPhone 4S in a row has failed in the same exact way: wifi/gps disabled. Just do a quick google about the "grayed out wifi" problem, you will find thousands of posts and also a lot of iPhone 4/4S phones on ebay with that fault. Only the first of the 3 failed within warranty in my case and all three where always in an office and used once a week for testing/debugging (that's why I kept replacing it, I test on various devices). People have actually pinpointed the problem: the overheat detection of the wifi/gps module fails and the software disables it. In fact, this disabling was a "feature" introduced with iOS 6 IIRC, so people who had stayed with iOS 5 did not get the issue. For any other company there would have been a recall, since it would have been an easy class action otherwise, and even a software patch would fix it. But apple is happy with customers getting a new phone and their average customer doesn't mind much.
    Ooh, another example, my boss, who you would call a dedicated Apple fan, had bought a mac mini 5-6 years ago. After 6 months it started killing his keyboards. He went through a few expensive/fancy keyboards before figuring out it was the mac mini and so he took it to the Apple store (Manhattan) where they diagnosed a faulty MB and told him it would take a week to have it replaced. He left it there, got a call about a delay and finally went to get it almost two weeks later. Instead of returning a fixed mac mini they told him they had voided the warranty because they found "dust" inside!!! And the only solution they offered was a 10%-off a new mac mini!!! And he took it!!! Bought the same thing, at a 10% discount!!! He didn't even flinch, I mean, I only found out because I asked, he did not find it interesting enough to mention. My jaw dropped when I heard it, I told him there is no such thing as warranty voided because of "dust", that if the device maker thinks they should not have dust they put a little filter in the computer intake (I do that in my custom builds), that a 6-month old mac mini in a no-pet no-smoke office would not have any dust anyway (and even if it did, why would it fail when decade old dusty components work fine). For all my arguments his response was "the apple genius told me my warranty is voided there is nothing I can do". He actually believed they were right. Even after I showed him the warranty which of course does not mentions dust he though they were right somehow...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  11. Re:This is what real choice looks like by ChumpusRex2003 · · Score: 3, Interesting

    I agree. Think of it this way, Apple are trying to push Apple pay which makes use of the system security provided by the fingerprint scanner (the private keys for apple pay are split between the fingerprint scanner chip and the crypto engine chip on the motherboard, so that compromising one chip doesn't reveal the whole key).

    At present, the OS will disable apple pay when it finds that the finger print scanner fails to negotiate key exchange correctly; this potentially ends up with a tech support call to apple, or a social media posting saying, "why does my apple pay keep screwing up?".

    Now consider what happens when there are a large number of field-repaired phones with knock-off fingerprint scanners. They appear to work fine, but some features are broken in subtle ways. The customer is confused; they may not relate it to the repair they had done; it creates an impression of an unreliable product and an expensive customer support nightmare. Clearly, apple want to stop this before it becomes endemic.

    With the OS doing a full power-on self test on the security infrastructure, such a fault would be detected at the first reboot after the damage occurred, or after a repair using an incorrect part was performed. The security failure can now be easily attributed to the damage/repair, even by users of social media and journalists. This ensures that repairers don't perform half-assed repair jobs which can lead to incomplete or faulty operation (on what is marketed as a premium product).