Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...

Solution!

Sell your bricked piece of shit and buy an Android phone, which does not have this problem.

Solved.

Re:Solution!

[oh_my_080980980]

RTFA ass-hole:

“I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

Re:Solution!

[Maritz]

Go back and complain to the company that botched the repair and stop complaining about the company that made your OS more secure.

Yeah. A phone that won't boot is pretty fucking secure.

Re:Solution!

This should have failed gracefully. The phone should have de-functioned the fingerprint scanner to just a home button, and asked for a PIN/password, which all iPhones pre-5S have been able to do without issue. Forcing the device to an inoperative state because one component was replaced is not ethical, nor needed.

Re:Solution!

Just to let you know... as someone IN the advertising industry targeting these devices. iOS sends consistently more data than android. Android is kindof hit or miss on data depending on where its coming from. iOS doesn't miss all that often.

Re:Solution!

[l.a.rossmann]

I had someone email me about this nine months ago, and I suggested he go to an Apple Authorized service facility.

He replied and said the nearest one is a six hour, $1200 flight away.

No home button for him I guess.

Getting away with it?

[Z00L00K]

If Apple gets away with this we may see more vendors doing the same thing to the stuff we own.

Re:Getting away with it?

[gstoddart]

You don't own it, and you know you don't own it. You merely paid money for the right to use the hardware under the terms of their license.

Your ownership of these things ended some years ago as far as they're concerned.

This is no different from Microsoft deciding it's their computer, and they'll do whatever the fuck they want with it.

Consumers have more or less had the concept of ownership yanked out from underneath them, and had it replaced with a licensing agreement which the company can change at will.

Re:Getting away with it?

[Jason+Levine]

Can't find the right moderation. Where's "+1 Shaking My Head Sadly At The State Of The Tech World"?

Re:Getting away with it?

[pak9rabid]

Here's the relevant part of the Magnuson-Moss Warranty Act:

Warrantors cannot require that only branded parts be used with the product in order to retain the warranty.[7] This is commonly referred to as the "tie-in sales" provisions,[8] and is frequently mentioned in the context of third-party computer parts, such as memory and hard drives.

Damned if you do, damned if you don't

It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components. Then everyone would be up in arms, demanding this exact software change, and complaining about how Apple is reactionary and not proactive in fixing security issues.

Of course, "Apple fixes vulnerabilities in iOS 9" is not really a catchy flambait title for an article.

Re:Damned if you do, damned if you don't

Or instead of Error 53 they could just disable Touch ID and require you to enter you PIN code.

Which would make sense since you need the PIN to enable Touch ID in the first place, as it's automatically turned off when the phone first starts and if the phone isn't unlocked for over 48 hours.

No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.

Re:Damned if you do, damned if you don't

[Austerity+Empowers]

You could replace the fingerprint sensor with something that could provide arbitrary fingerprints, possibly based on a collection you have made of them. Then use your collection to buy stuff. Requires no memory in the sensor at all. This is much faster than creating molds of fingerprints and applying them to the sensor. I can see Apple not wanting to tolerate replacing things tied in to your CC #.

Replacing a battery seems less defensible to me, if that aspect is true. It's hard to argue this is tied in to any trust chain.

Re:Damned if you do, damned if you don't

[adamstew]

It's not the fingerprint sensor itself that decides. The fingerprint sensor sends an image of the fingerprint to the Secure Enclave, which is a chip on the device that handles all of the encryption. The secure enclave itself does the analysis and makes the decision. This line of communication between the fingerprint sensor and the secure enclave is encrypted with a key exchange between the sensor and the secure enclave. This pairs your specific secure enclave with the Touch ID sensor. There is anti-replay techniques involved here as well.

The point of pairing the sensor to the secure enclave is so that someone can't open up the phone, install a sniffer on the bus between the secure enclave and the sensor to then collect the fingerprint data for later collection and replay it to the secure enclave to get it to unlock. It also prevents someone from just replacing the touch ID sensor to provide a known good fingerprint to the secure enclave via a hardware hack. You have to, in theory, have an authorized finger pressed up against a trusted sensor.

Re:Damned if you do, damned if you don't

Apple already treats the PIN as more secure than Touch ID. If you find an iPhone with the fingerprint reader, try opening it with your finger. After a while the phone will lock into "Touch ID disabled" state and require the PIN. At this point the only way to reenable Touch ID is with the PIN.

Re:Damned if you do, damned if you don't

[tlambert]

Why should the touch ID sensor need to, or be actually doing, store any data or provide authentication?

Because the encryption key for the device is stored in an NVRAM knapsack in the touch sensor. The CPU uses a public key to establish an encrypted connection via the bus which connects it to the touch sensor, and then sends a block down to decrypt the contents of the knapsack, and then uses that to decrypt the user data key that's stored in the NVRAM attached to the CPU, and then uses that to decrypt the user data.

By forcing a pairing of the touch sensor with the CPU, it means you can not do a two stage attack by topping just one chip, you'd have to top both chips, and if you did that, your half-of-a-key-pair that you obtained wouldn't work with another device.

The way Apple handles this in the repair cases is it just replaces your device guts with completely new device guts (so that your cheesy engraving is not taken away -- and neither are your scratches in non-critical areas), and pops a new sensor chip (with an uninitialized PROM) into the device, and sends those guts to someone else as a refurbish.

But that does mean that third party repair for either of the two components is theoretically possible, but practically speaking, Apple will not sell you the chip you need to replace to do the same repair that an authorized service center would do. On the other hand... it means that Apple won't get the blame if you put in some third party battery or charging circuitry, and burn down your damn house because you wanted to save $5 or whatever.

Context On the Issue

[Galaga88]

This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with, which seems to be a reasonable precaution for a device component that can authenticate you across the device and also external services including financial transactions.

A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.

Re:Context On the Issue

[pushing-robot]

Apple's response, by way of MacRumors:

An Apple spokeswoman commented on the issue, referring to protective security features intended to prevent "malicious" third-party components from potentially compromising a user's iPhone as the main reason for the "error 53" message.

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”

She adds: “When an iPhone is serviced by an unauthorized repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an ‘error 53’ being displayed If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.

Re:Context On the Issue

[adamstew]

Because there was a flaw in the security before the update that allowed you to swap out the Touch ID sensor. The update patched a flaw and then the phone noticed a problem with the trust of the hardware.

Magnuson Moss Warranty Act?

[apenzott]

I would like to see how this squares with the Magnuson Moss Warranty Act.

The provisions for the FTC and the resultant class action provisions could get expensive.

Re:Maybe a good thing

I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

Um.... duh?

[ilsaloving]

Apple has made it abundantly clear that they are selling a *secure* device. Always on encryption, etc etc.

How would you expect such a device to behave when it is compromised with unauthorized components? A phone with 3rd party components could do pretty much *anything*, including sending everything on the device to an unknown third party, without your knowledge or consent.

Heck, this sort of "problem" just makes me appreciate Apple's commitment to security even more.

My only complaint is that the phone doesn't brick soon enough. It should brick itself immediately upon the next boot up.

Re:Maybe a good thing

So just disable the fingerprint part of the button, no need to brick a device.

Re:Maybe a good thing

[AmiMoJo]

Makes no sense. The flash memory is encrypted and the key is stored in a secure area of the CPU. The CPU is hardened so that you can't exact the key with an electron microscope or by de-capping it. It might be possible to get that key, but only with specialist equipment and unpublished vulnerabilities.

Replacing the fingerprint sensor won't get you anywhere. To unlock the phone after boot you need the passcode. Okay, say you keep it powered up while replacing the sensor. So what, you still need to send the phone the fingerprint data that matches the owner's finger, so it got you nothing.

We I were being generous I'd suggest that Apple just screwed up and made the list of "panic, erase key!" events a bit too long. More likely they just want to discourage people from getting third party repairs, because they know you have money and they want it.

Violation of the Magnuson-Moss Warranty Act

[BarbaraHudson]

Here you go

The federal minimum standards for full warranties are waived if the warrantor can show that the problem associated with a warranted consumer product was caused by damage while in the possession of the consumer, or by unreasonable use, including a failure to provide reasonable and necessary maintenance.

There is clearly an implied warranty that updates won't be malicious, even after the warranty period. The phone wasn't damaged by the consumer - Apple chose to brick it willingly. Even if the phone was out of warranty, they don't have the right to purposefully damage it, any more than a car company can claim lack of responsibility because an oil change was done at a competitor, unless they can show that the product's failure was because of the competitor's actions.

Re:Maybe a good thing

[cyn1c77]

OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

It's still a security risk. You could imaging intercepting new iPhones, replacing the fingerprint sensor with a compromised one containing a backdoor, then reimaging the phones, putting them back in the box, and selling them to your target. After your target loads their sensitive data on to them, you could then retrieve it using the compromised sensor.

I agree this is somewhat contrived and Apple is likely just looking to block third party repairs, but it still is a valid security risk.

Re:Maybe a good thing

[The+Rizz]

I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

No. Refusing all access to your device because one small component is damaged does not make sense. Not using that component to do the unlock - and making you use the non-fingerprint method - is what would make sense.

Apple always gets away with it.

[Ecuador]

Apple always gets away with it and the other vendors don't follow, because they don't have customers who will eat up anything.
Let me give you an example just from my experience. My 3rd iPhone 4S in a row has failed in the same exact way: wifi/gps disabled. Just do a quick google about the "grayed out wifi" problem, you will find thousands of posts and also a lot of iPhone 4/4S phones on ebay with that fault. Only the first of the 3 failed within warranty in my case and all three where always in an office and used once a week for testing/debugging (that's why I kept replacing it, I test on various devices). People have actually pinpointed the problem: the overheat detection of the wifi/gps module fails and the software disables it. In fact, this disabling was a "feature" introduced with iOS 6 IIRC, so people who had stayed with iOS 5 did not get the issue. For any other company there would have been a recall, since it would have been an easy class action otherwise, and even a software patch would fix it. But apple is happy with customers getting a new phone and their average customer doesn't mind much.
Ooh, another example, my boss, who you would call a dedicated Apple fan, had bought a mac mini 5-6 years ago. After 6 months it started killing his keyboards. He went through a few expensive/fancy keyboards before figuring out it was the mac mini and so he took it to the Apple store (Manhattan) where they diagnosed a faulty MB and told him it would take a week to have it replaced. He left it there, got a call about a delay and finally went to get it almost two weeks later. Instead of returning a fixed mac mini they told him they had voided the warranty because they found "dust" inside!!! And the only solution they offered was a 10%-off a new mac mini!!! And he took it!!! Bought the same thing, at a 10% discount!!! He didn't even flinch, I mean, I only found out because I asked, he did not find it interesting enough to mention. My jaw dropped when I heard it, I told him there is no such thing as warranty voided because of "dust", that if the device maker thinks they should not have dust they put a little filter in the computer intake (I do that in my custom builds), that a 6-month old mac mini in a no-pet no-smoke office would not have any dust anyway (and even if it did, why would it fail when decade old dusty components work fine). For all my arguments his response was "the apple genius told me my warranty is voided there is nothing I can do". He actually believed they were right. Even after I showed him the warranty which of course does not mentions dust he though they were right somehow...