Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com)

Posted by timothy on from the cheap-is-expensive-don'tcha-know? dept.

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...

15 of 410 comments (clear)

  1. Solution! by Anonymous Coward · · Score: 5, Insightful

    Sell your bricked piece of shit and buy an Android phone, which does not have this problem.

    Solved.

    1. Re:Solution! by oh_my_080980980 · · Score: 5, Insightful

      RTFA ass-hole:

      “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

    2. Re:Solution! by Maritz · · Score: 5, Funny

      Go back and complain to the company that botched the repair and stop complaining about the company that made your OS more secure.

      Yeah. A phone that won't boot is pretty fucking secure.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    3. Re:Solution! by Anonymous Coward · · Score: 5, Insightful

      This should have failed gracefully. The phone should have de-functioned the fingerprint scanner to just a home button, and asked for a PIN/password, which all iPhones pre-5S have been able to do without issue. Forcing the device to an inoperative state because one component was replaced is not ethical, nor needed.

    4. Re:Solution! by l.a.rossmann · · Score: 5, Informative

      I had someone email me about this nine months ago, and I suggested he go to an Apple Authorized service facility.

      He replied and said the nearest one is a six hour, $1200 flight away.

      No home button for him I guess.

  2. Getting away with it? by Z00L00K · · Score: 5, Insightful

    If Apple gets away with this we may see more vendors doing the same thing to the stuff we own.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Getting away with it? by gstoddart · · Score: 5, Insightful

      You don't own it, and you know you don't own it. You merely paid money for the right to use the hardware under the terms of their license.

      Your ownership of these things ended some years ago as far as they're concerned.

      This is no different from Microsoft deciding it's their computer, and they'll do whatever the fuck they want with it.

      Consumers have more or less had the concept of ownership yanked out from underneath them, and had it replaced with a licensing agreement which the company can change at will.

      --
      Lost at C:>. Found at C.
  3. Context On the Issue by Galaga88 · · Score: 5, Informative

    This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with, which seems to be a reasonable precaution for a device component that can authenticate you across the device and also external services including financial transactions.

    A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.

    1. Re:Context On the Issue by pushing-robot · · Score: 5, Informative

      Apple's response, by way of MacRumors:

      An Apple spokeswoman commented on the issue, referring to protective security features intended to prevent "malicious" third-party components from potentially compromising a user's iPhone as the main reason for the "error 53" message.

      We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”

      She adds: “When an iPhone is serviced by an unauthorized repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an ‘error 53’ being displayed If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.

      --
      How can I believe you when you tell me what I don't want to hear?
  4. Re:Damned if you do, damned if you don't by Anonymous Coward · · Score: 5, Insightful

    Or instead of Error 53 they could just disable Touch ID and require you to enter you PIN code.

    Which would make sense since you need the PIN to enable Touch ID in the first place, as it's automatically turned off when the phone first starts and if the phone isn't unlocked for over 48 hours.

    No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.

  5. Re:Damned if you do, damned if you don't by adamstew · · Score: 5, Informative

    It's not the fingerprint sensor itself that decides. The fingerprint sensor sends an image of the fingerprint to the Secure Enclave, which is a chip on the device that handles all of the encryption. The secure enclave itself does the analysis and makes the decision. This line of communication between the fingerprint sensor and the secure enclave is encrypted with a key exchange between the sensor and the secure enclave. This pairs your specific secure enclave with the Touch ID sensor. There is anti-replay techniques involved here as well.

    The point of pairing the sensor to the secure enclave is so that someone can't open up the phone, install a sniffer on the bus between the secure enclave and the sensor to then collect the fingerprint data for later collection and replay it to the secure enclave to get it to unlock. It also prevents someone from just replacing the touch ID sensor to provide a known good fingerprint to the secure enclave via a hardware hack. You have to, in theory, have an authorized finger pressed up against a trusted sensor.

  6. Re:Maybe a good thing by Anonymous Coward · · Score: 5, Insightful

    So just disable the fingerprint part of the button, no need to brick a device.

  7. Re:Maybe a good thing by AmiMoJo · · Score: 5, Insightful

    Makes no sense. The flash memory is encrypted and the key is stored in a secure area of the CPU. The CPU is hardened so that you can't exact the key with an electron microscope or by de-capping it. It might be possible to get that key, but only with specialist equipment and unpublished vulnerabilities.

    Replacing the fingerprint sensor won't get you anywhere. To unlock the phone after boot you need the passcode. Okay, say you keep it powered up while replacing the sensor. So what, you still need to send the phone the fingerprint data that matches the owner's finger, so it got you nothing.

    We I were being generous I'd suggest that Apple just screwed up and made the list of "panic, erase key!" events a bit too long. More likely they just want to discourage people from getting third party repairs, because they know you have money and they want it.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  8. Re:Maybe a good thing by The+Rizz · · Score: 5, Insightful

    I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

    So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

    No. Refusing all access to your device because one small component is damaged does not make sense. Not using that component to do the unlock - and making you use the non-fingerprint method - is what would make sense.

  9. Apple always gets away with it. by Ecuador · · Score: 5, Interesting

    Apple always gets away with it and the other vendors don't follow, because they don't have customers who will eat up anything.
    Let me give you an example just from my experience. My 3rd iPhone 4S in a row has failed in the same exact way: wifi/gps disabled. Just do a quick google about the "grayed out wifi" problem, you will find thousands of posts and also a lot of iPhone 4/4S phones on ebay with that fault. Only the first of the 3 failed within warranty in my case and all three where always in an office and used once a week for testing/debugging (that's why I kept replacing it, I test on various devices). People have actually pinpointed the problem: the overheat detection of the wifi/gps module fails and the software disables it. In fact, this disabling was a "feature" introduced with iOS 6 IIRC, so people who had stayed with iOS 5 did not get the issue. For any other company there would have been a recall, since it would have been an easy class action otherwise, and even a software patch would fix it. But apple is happy with customers getting a new phone and their average customer doesn't mind much.
    Ooh, another example, my boss, who you would call a dedicated Apple fan, had bought a mac mini 5-6 years ago. After 6 months it started killing his keyboards. He went through a few expensive/fancy keyboards before figuring out it was the mac mini and so he took it to the Apple store (Manhattan) where they diagnosed a faulty MB and told him it would take a week to have it replaced. He left it there, got a call about a delay and finally went to get it almost two weeks later. Instead of returning a fixed mac mini they told him they had voided the warranty because they found "dust" inside!!! And the only solution they offered was a 10%-off a new mac mini!!! And he took it!!! Bought the same thing, at a 10% discount!!! He didn't even flinch, I mean, I only found out because I asked, he did not find it interesting enough to mention. My jaw dropped when I heard it, I told him there is no such thing as warranty voided because of "dust", that if the device maker thinks they should not have dust they put a little filter in the computer intake (I do that in my custom builds), that a 6-month old mac mini in a no-pet no-smoke office would not have any dust anyway (and even if it did, why would it fail when decade old dusty components work fine). For all my arguments his response was "the apple genius told me my warranty is voided there is nothing I can do". He actually believed they were right. Even after I showed him the warranty which of course does not mentions dust he though they were right somehow...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS