Apple Says Sorry For iPhone Error 53 and Issues IOS 9.2.1 Update To Fix It

Mark Wilson writes: Apple has a lot of support at the moment for its stance on encryption and refusing the FBI access to an iPhone's contents, but it's only a couple of weeks since the company was seen in a less favorable light. There was quite a backlash when users found that installing an update to iOS resulted in Error 53 and a bricked iPhone. Apple initially said that Error 53 was caused 'for security reasons' following speculation that it was a bid to stop people from using third party repair shops. iFixit suggested that the problem was a result of a failure of parts to correctly sync, and Apple has been rounding criticized for failing to come up with a fix. Today the company has issued an apology, along with an update that ensures Error 53 won't happen again. But there's more good news ... If you were talked into paying for an out of warranty replacement as a result of Error 53, you could be in line to get your money back.

It's a trap!

[xombo]

Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?

Re:It's a trap!

[bobbied]

We will never know for sure.

Re:It's a trap!

[sjames]

Complete nonsense. If there is reason to suspect the fingerprint scanner, it should be ignored, that is all.

Re:It's a trap!

Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?

Try loosening the tin foil. It's cutting off too much blood.

Re:It's a trap!

[BronsCon]

Now what will happen is you'll use a insecure sensor, apple will still allow the phone to boot, and a bunch of dumbasses will go ahead and use the phone with a compromised sensor

You mean, what happens now? You do realize that Error 53 doesn't happen immediately (it would possibly be a security feature if it did) but, instead, happens weeks or months later when software updates are applied. A proper security feature would be deactivating power and data pins for the sensor if it fails to authenticate itself at boot, permanently disabling it after a set number of failures. No need to disable the entire phone; the non-working sensor should alert the user to the problem.

Re:It's a trap!

[myowntrueself]

The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.

You are travelling and in some 3rd world location, it might be for your job. You might need your phone for survival (trust me, if you travel in out of the way places a smart phone really can be a survival accessory). The screen breaks. Shipping it to a certified Apple repair place might take months and cost rather a lot, what with secure shipping etc. So you get it repaired locally. It happens and its not 'cheaping out'.

Re:It's a trap!

[110010001000]

If you are depending on an iPhone for your life then you might want to reconsider your life.

Re: It's a trap!

[Applehu+Akbar]

It falls back to authenticating with passcode in this case.

Re:It's a trap!

[uncqual]

The court order specifically specifies that:

Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user partition or system partition on the device's flash memory.

So, an ordinary install of a crippled version of iOS would not meet the requirements anyway.

Re:It's a trap!

[burtosis]

I regularly work with these kinds of devices and technologies. A few tiny screws, heat sensitive adhesive, and some flat flex cables will not and have not deterred me from fixing the phone for $2-12 instead of a ridiculous $100 and a long wait or some just as ridiculous maintenance plan.

Re:It's a trap!

[BitZtream]

You're missing his point.

You can not update a locked phone, at best you can wipe it. Even if Apple provides what they want, the ONLY way to get it on there, is to wipe the device.

To install new software on the phone, it requires that you unlock it, so that people can't do exactly what the court is requesting (though I doubt Apple had the courts in mind and probably was thinking general malicious code.

Re:It's a trap!

[Silicon-Surfer]

If you're in an isolated 3rd world location, and so dependant on your iPhone, you might consider not smashing it! Maybe a quality cover to protect your vital piece of equipment would be a wise investment?

Re:It's a trap!

[marcansoft]

You jest, but they can already crack the Secure Enclave. Even if the FBI were asking them to crack a phone that actually had it, it would make no difference, because the Secure Enclave is just a security processor. It's not a tamperproof HSM and Apple can sign and load whatever code it wants into it at any time.

Re:It's a trap!

[marcansoft]

The sensor will not take fingerprint scans. Having a replaced TouchID module means TouchID won't work (due to pairing failure). It'll still boot though. The old recovery mode installer just barfed on this expected condition instead of working around it like the regular OS does.

Re:It's a trap!

[marcansoft]

Uhm, no. You can just run code from RAM via DFU mode. Every jailbreaker knows this. That code can do whatever you want.

Re:It's a trap!

[sociocapitalist]

The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.

You are travelling and in some 3rd world location, it might be for your job. You might need your phone for survival (trust me, if you travel in out of the way places a smart phone really can be a survival accessory). The screen breaks. Shipping it to a certified Apple repair place might take months and cost rather a lot, what with secure shipping etc. So you get it repaired locally. It happens and its not 'cheaping out'.

Even moreso, if you pay 655+ for a device that device should be your own to get fixed where you want to get it fixed.

Re:It's a trap!

[stealth_finger]

The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.

You are travelling and in some 3rd world location .

The third world contry with enough power points to keep your phone charged all the time while travelling and has a bunch of iphone repair shops all over the place.

Re:It's a trap!

[uncqual]

Yes, YOU (the consumer) can probably only wipe it. If you open the phone, use JTAG et al, you can almost certianly do much more. You notice Cook didn't say "we can't do this", instead he said something like "it would be a bad idea for us to do this".

BTW, the court order indicates the phone is a 5C so has the A6 SOC, not a 5S (or later) with A7 or later. I believe more of security, including some of the unlock logic, moved into the chip/firmware in A7 but was more accessible in A6 models.

The order prohibits installing a new version of iOS - so that obviously is not the expected solution.

I'm sure that FBI has a number of iPhone/iOS experts at it's disposal and also knows much more about iPhones and iOS based on disclosures from Apple than the general public has. It's pretty clear the FBI (who, obviously, wrote the court order the judge signed - as is the norm in cases like this) is pretty sure Apple can do this because they have provided quite specific instructions on one way to do it.

Re:It's a trap!

[AmiMoJo]

This is actually a pretty common scenario for people who follow route guidance in Apple Maps.

Re:It's a trap!

[AmiMoJo]

You can not update a locked phone

Look carefully at what the FBI is requesting. They want software that runs from RAM, loaded via the DFU. The DFU, or Device Firmware Update, is a special bootloader designed to be used at the factory for programming. It's a common feature with ARM processors, and usually burned into a ROM somewhere so that software can be loaded at the factory without a special programmer using existing ports.

If you check the instructions for accessing the DFU (hold some buttons while turning the device on), you can see that no pass code is needed. Obviously the flash memory is encrypted so you can't do an OS update, but you can load arbitrary code into RAM and execute it. That means you can update the software on the Secure Enclave to remove the delays between PIN attempts and the attempt limit, and then execute a brute force attack, all in RAM.

The FBI has found a way in, they just want Apple's help to exploit it. They know Apple can do it, because Apple has demonstrated the ability to update the Secure Enclave firmware in the past, and the DFU is well documented. It's just a genuine security screw-up on Apple's part.

Re:It's a trap!

[Maritz]

Well look at you doubling down. I figured all the people defending the error 53 stuff would melt away into the shadows.

Re:It's a trap!

[Maritz]

You've just revolutionised the world of phone repair and put tens of thousands out of work. People - stop breaking your phones. Thank you.

Re:It's a trap!

[Maritz]

No, it's apple's fault they disabled people's *phones* for no good reason when all they needed to do was disable the fingerprint sensor and demand entry of a password. Anything beyond that was disgusting gratuitous damage.

That right there is the bit you won't even be able to get him to acknowledge, let alone concede - even though Apple themselves appear to have done so.

Re: It's a trap!

[myowntrueself]

Oh, by third world, you must mean, outside of any major city in the us of a. And not everyone can get away from work long enough during the workday to take their i phone to an authorized shop, but there are the other phone shops that have a simular, as in made by the same company, in the same plant, in the same run, etc but put on a different phone, at half the price, and installed for maybe even less the half the price. Damn, that sounds familiar...

The USA is a 3rd world country with a bunch of 1st world city-states.

Re:It's a trap!

[myowntrueself]

The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.

You are travelling and in some 3rd world location .

The third world contry with enough power points to keep your phone charged all the time while travelling and has a bunch of iphone repair shops all over the place.

Absolutely. But not, typically, ones that have been blessed by Apple to repair the Holy Apple Hardware. Hence the bricking.

Re:It's a trap!

[sh00z]

No, just introducing another security flaw in general thanks to the mass number of ignorant people who think this is a good idea..

It's not just the fingerprint sensor. My daughter had her screen replaced AT AN APPLE STORE. Update 9.2 gave Error 53. I'll try 9.2.1 this weekend, and then take it in if that doesn't fix it,

Re: It's a trap!

[KGIII]

I'm gonna guess that you've never actually been to a "third-world" or impoverished nation? Why? I have. I've also explored the US in great detail - well and above that which is normally seen and very seldom in the urban areas. If you expect your comment to be taken seriously, you might want to make some serious adjustments. I can assure you, the US is much better than you seem to think. Get out of the city in South Africa, go to Nigeria, visit Haiti, go to the more remote areas of even Mexico - then compare and contrast. Hell, there are parts of *Canada* that are fucked up in multiple ways.

Re: It's a trap!

[Cochonou]

I do not know about the cost of his time, but mine is certainly free when performing work for myself.

Re: It's a trap!

[myowntrueself]

I've lived and worked in 3rd world nations.

Re: It's a trap!

[KGIII]

Then you have a very strange definition for third world or are hyperbolic and should know that you're being disingenuous.

Re:Sorry for what?

[bobbied]

OK... Before I get savaged.... They ARE refunding anybody who has paid Apple to repair their phone.... No mention of those who just purchased a new phone though...

wait a second

[davecotter]

i thought the point of this error 53 was to purposely render your data inaccessible in the case where the touchID had been tampered with? when i read about it, i was like, the people that are whining about this don't fully understand security, that this bricking thing is actually good, cuz a bad guy could replace a real touch sensor with a compromised one, then unlock the phone with a fake fingerprint. now, with this "fix", it seems a bad guy could do exactly that? i'm sure i'm missing something.

Re:wait a second

[Anubis+IV]

This update doesn't re-enable TouchID. It simply allows people to unlock using their passcode.

More or less, the Secure Enclave can be accessed via user passcode or TouchID. Error 53 was a means of securing iPhones against possible breaches resulting from the use of untrusted TouchID components, but the approach was overly heavy-handed, since it also prevented users from using their passcode. This update restores that ability, while still disabling the untrusted, third-party TouchID components.

Re:wait a second

[AmiMoJo]

The security claim made no sense to anyone who understood how fingerprint scanners work. Apple spun some bullshit line and Apple fans bought it, inventing elaborate and ridiculous explanations to back it up.

Hint: Much easier and more effective than building a custom fingerprint sensor that records the fingerprint data, just passively snoop the touchscreen data lines which are analogue and unencrypted. Capture the user's PIN/password.

Re:wait a second

[gweihir]

A sufficiently competent "bad guy" could already do that. The whole thing is a trade-off. Apple apologized for being too restrictive, possibly without any real security benefit.

Re:wait a second

[gweihir]

Indeed. Passive snooping on analog sensors is not that hard.

Re:wait a second

[davecotter]

okay, THAT makes much more sense.

Re:wait a second

[BronsCon]

You would potentially have thought correctly if not for the fact that Error 53 crops up weeks or months after the repair, when software updates are applied. If it were immediate, it might be a security feature; but, then, that the sensor and phone are paired and a replacement sensor shouldn't be able to work at all without Apple's blessing should be enough to prevent such an attack.

Re:wait a second

[BronsCon]

If that is, in fact, what the update is, then I applaud Apple for doing it. There really and truly is no reason to disable any more than the sensor in this case.

Re:wait a second

[myowntrueself]

i thought the point of this error 53 was to purposely render your data inaccessible in the case where the touchID had been tampered with?

If that was the case it would take effect after the hardware change not months later when you get a system update.

Re:wait a second

[Cramer]

So what exactly makes the sensor "untrustable"? It's not sequencing DNA; it takes a freakin' picture of your finger and "securely" communicates it to the SE. (i.e. a camera accessed via SSL from the SE) I'm pretty sure a fingerprint can be suitably replicated to fool the TouchID system. ('tho I do hope it's not a simple as licking a photocopy...)

Re:wait a second

[Anubis+IV]

Not untrustable, just untrusted. And it's my understanding that they uniquely pair each Secure Enclave with each TouchID sensor, that way the sensor can't be replaced with one that intentionally returns false positives. As you said, there are ways to circumvent a "trusted" sensor, but they require techniques that are a bit more complicated than wetted paper on a finger. ;)

Re:wait a second

[RatherBeAnonymous]

The sensor doesn't return a positive or a negative. It just returns an image to the CPU for it to compare to the stored images.

Re:wait a second

[RatherBeAnonymous]

"cuz a bad guy could replace a real touch sensor with a compromised one, then unlock the phone with a fake fingerprint."

No, he really couldn't. The touch id sensor is essentially a camera that takes a picture of your fingerprint. Apple has said that due to unique properties of each sensor if you change out a sensor you have to re-enroll your fingerprints. I don't know if that's because the sensor salts the image data, or if there is just minor variability between the sensors. But in any case, you can't just hack a sensor. If a bad guy is going to make a fake finger he will be better off leaving the original sensor in place.

Re:wait a second

[Anubis+IV]

Quite right, as you suggest, it's actually a matter of the sensor producing an image, which, in turn, results in the Secure Enclave producing a false positive. That is definitely an important distinction in this case, so I should have been clearer. Thanks for the fact check.

Re: wait a second

[rasmusbr]

In general, if you detect that an input device has been tampered with you can save the user by disabling it, especially if you cut the power to it completely. A fingerprint sensor might have an embedded radio that phones home and sends any fingerprints that it captures to the attacker and an embedded battery to power the radio, so it's not 100% airtight.

An output device is much more serious. Imagine if someone switched your screen for one that contains an embedded computer and an embedded radio. The screen could potentially even detect and reject any warning messages that the system attempts to display.

Re:wait a second

[Falconnan]

This never made a great deal of sense when you consider how not secure a fingerprint really is. Everyone is so worried about the security sensor being hacked (pain in the butt) when it is far easier to just copy a fingerprint and use the pre-existing sensor. This was never a valid security concern. Without dual-factor authentication this was never going to secure a phone.

Re:wait a second

[BronsCon]

You might have missed when this issue first hit the news, months ago, but it did. And, at that time, Error 53 only popped up during a software update. It certainly wasn't a security feature then, when it allowed a would-be attacker to replace the sensor and have it keep working (which also should not have been possible given how Apple claims the sensor works with the Secure Enclave) for weeks or months. And, most likely, that was a bug in the first place.

I was wondering why it was suddenly getting so much attention in the news when is barely got a mention last year; another poster went as far as buying a brand new iPhone to test with and found that it now does trigger the error immediately. Now, that is newsworthy and, most likely, also a bug as Apple has issued an update to fix it and only disable the sensor (e.g. what the story we're discussing here is about in the first place), which is all that is necessary if the sensor is potentially compromised.

Bricking the phone still isn't a good solution

[Chuck+Chunder]

Even if you are defending against a potentially dodgy fingerprint scanner all you need to do is pop up a dialogue on boot saying there's a problem with the fingerprint scanner and that the phone won't accepting fingerprints from it.

Personally I can't imagine what sort of attack it's supposed to prevent, any adversary capable of replacing the fingerprint sensor in your phone is going to be an adversary capable of obtaining and replicating your finger print to the sensor.

If it's just the risk of cheap knock-off parts compromising security by doing something like sending the same "fingerprint" when touched without actually reading the surface then that is a good reason to stop trusting the fingerprint scanner, it's not a good reason to brick the phone.

My wife got a free new phone due to this bug

[leonbev]

The Touch ID sensor died on my wife's iPhone 6S, and it prevented the iOS 9.2.1 update from installing even after doing a factory reset.

The Apple Store couldn't fix the issue, so she got a brand new phone out of the deal. Good thing the phone was still under warranty!

Put two and two together

[Dcnjoe60]

Put two and two together -- Apple puts out an iOS update just after a court order to put a backdoor into their phones. A court order that legal experts say is valid and Apple will be found in contempt if they fail to comply.

Re:Put two and two together

[gl4ss]

meh. it's not so.
it's not about that at all.

however the court order is valid. because that case is on 5C...

Re:Sorry for what?

[sims+2]

"This update will restore phones âbrickedâ(TM) or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled." From the article on techcrunch.

Re:Have it both ways

[sims+2]

Nope keys don't match touch sensor is disabled and you are back to using a password like the rest of us.

Wrong!

[boarder8925]

The latest version of iOS is in fact 9.2.1—but it was released on 19 January 2016. (Screenshot for archival reference.)

Re:Wrong!

[boarder8925]

All right, I'm partially wrong. iOS 9.2.1 is from Jan 2016, but Apple pushed a new build of 9.2.1 on 18 Feb 2016 to fix the Error 53 issue. The /. headline says 9.2.1 came out today, which is why I was confused.

Also, to get the new build of 9.2.1, you apparently need to download it through iTunes, not over your iDevice's Wi-Fi connection.

Re:Wrong!

[Bing+Tsher+E]

So there's a new build of 9.2.1 without any sort of a version bump at all? That's a little weird. Why isn't there a version bump so people can easily verify what they're running?

Re:Wrong!

[dgatwood]

Apple does this quite frequently when they make a minor mistake in an update, silently releasing a new build with the same version number. What this signifies is that for 99.9999% of users, there's no functional difference between the two builds, so they didn't feel the need to turn a new build number and force everyone to update over something that affects probably a single-digit number of users.

By turning the build, they're ensuring that no new users encounter the problem going forwards, and providing a mechanism for the few affected users to get their devices up and running again (by manually reinstalling the current update). It wouldn't be an automated update anyway, because the devices won't let you use them, so for affected users, bumping the version number gains them nothing. And bumping the version number for everyone else would have resulted in everybody downloading a patch that they really don't need, and worse, would have caused anybody upgrading from 9.2 to (for example) 9.2.1a to get hit with a much larger combo update because they skipped the quirky 9.2.1 build.

When the next OS release happens, everybody will be back in sync, and until then, the differences are minor enough that they really don't matter for the most part.

With that said, if you want to know which version you are running, go to Settings > General > About, and look at the Version field. If it says 9.2.1 (13D15), you're running the older build. If it says 9.2.1 (13D20), you're running the newer build.

Re:Wrong!

[dgatwood]

Also, to get the new build of 9.2.1, you apparently need to download it through iTunes, not over your iDevice's Wi-Fi connection [macrumors.com].

Supposedly (though I can't imagine why this would be the case) updating OTA to the earlier 9.2.1 build didn't cause the error to appear. So there may be no need to rev the OTA update.

With that said, I seem to recall that over-the-air updates require additional carrier approval because they're big and they can be DLed over the cellular network (depending on the carrier and the size of the update). So for an emergency update revision like this one, the OTA update could lag behind the normal release. If that recollection is correct, then the OTA update might get revved to match the normal iTunes downloadable update in a few days.

Re:Wrong!

[dgatwood]

Actually, I think I understand why there's a difference. The OTA updates look like they run inside iOS, similar to the way minor OS X updates work, whereas the non-OTA updates seem to involve booting a from a separate installer root like major OS X upgrades work. So if that install DMG's OS contained a bug, it would affect the non-OTA updates during the upgrade process itself, but would have no impact on OTA updates.

That also means that you ought to have been able to get around the problem (albeit without being able to complete the upgrade process) by doing whatever the iOS equivalent of an NVRAM reset is. Does entering and leaving DFU mode have that effect, by any chance?

Re:Have it both ways

[Garybaldy]

Maybe the first article i read else wear had it wrong. It mentioned replacing the sensor by third party vendors will be supported in the update. As well as the screen.

It does happen immediately.

[Brannon]

If you are running iOS 9.2 and swap out the fingerprint sensor you will immediately get Error 53 and it will wedge your phone.

The intention here was security, Apple clearly didn't anticipate or test against phones that got unauthorized sensor replacements and thus the unintentional bricking. The new update just renders the replaced sensor inoperative but otherwise allows the phone to be used normally.

Re:It does happen immediately.

[KGIII]

How about just using a separate profile, with the original data still being encrypted, until a proper device is in place? I understand that iOS doesn't allow separate profiles but it shouldn't be that hard. The second profile would still allow use but there's no risk of their being a private data spill if it's done properly. The second profile could then be used until a proper repair is made, the data can be merged with the original profile, and the new sensor can have a fuse that burns and locks it to the new device.

Am I missing something?

Prevents 'fake fingerprint' attacks.

[Brannon]

The real sensor takes some effort to ensure you are pressing something like a finger to the sensor (a picture of a fingerprint won't work). A fake 'sensor' could just pass images from a database.

It's not undefeatable, but security has nothing to do with perfection, it has to do with making something harder and more expensive.

Or maybe you don't know how to read.

[Brannon]

As of iOS 9.2.1 Apple disables a tainted fingerprint sensor and reverts to passcode security. We eagerly await your retraction.

Re:Or maybe you don't know how to read.

[Garybaldy]

Maybe i read a different article and maybe i don't work in IT and maybe you are a FUCKING ASSHOLE.

Re:Or maybe you don't know how to read.

[AmiMoJo]

So back to the standard level of asshattery, where third party cables/parts are disabled by OS updates. Because fuck you consumer, trying to buy a USB cable for less than $30!

Do you even care that you sound like an idiot?

[Brannon]

Are you just happy to be considered profound by other idiots? Because that is fucking stupid.

Re:Do you even care that you sound like an idiot?

[Dcnjoe60]

Are you just happy to be considered profound by other idiots? Because that is fucking stupid.

Why yes, yes, I am. :)

Any wedged device needs to recover via iTunes

[Brannon]

If it can't boot then it can't do a device-only update.

That's a nice story and all, it's just not true.

[Brannon]

The problem was people who had their phone serviced at an unauthorized shop and then later updated to iOS 9.2.1. That version of iOS included a more thorough check of the fingerprint sensor.

hack

[Smiddi]

So can someone now steal an iPhone, change the fingerprint scanner/button and "hack" into the phone?

Re:hack

[dgatwood]

No more so than they could without changing the scanner. This change doesn't enable fake fingerprint scanners. It just lets you continue to use the device with a passcode as though the fingerprint scanner weren't there.

Certified third party cables exist for $5.

[Brannon]

Apple only locked out the un-certified counterfeit ones. If you recall there was a counterfeit cable that started a fire that killed someone in China, that's when they started cracking down.

They've released a fix.

[Brannon]

That makes the phone functional again, just disables the non-compliant fingerprint sensor and thus you are forced to use your passcode. That seems like a reasonable compromise.

Re:They've released a fix.

[KGIII]

That probably is for the best. I could think of a few cases where it might be handy to still have the functionality but with a different profile only. I'd think that would be optimal, if possible.

Works on bricked phones?

[MoarSauce123]

Will this work on phones that are already bricked?