{"id":13438,"date":"2016-02-07T16:56:50","date_gmt":"2016-02-07T21:56:50","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=13438"},"modified":"2019-08-08T16:45:59","modified_gmt":"2019-08-08T20:45:59","slug":"error-53","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/02\/07\/error-53\/","title":{"rendered":"Error 53"},"content":{"rendered":"

Miles Brignall<\/a> (via Hacker News<\/a>):<\/p>\n

Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician.<\/p>\n

Relatively few people outside the tech world are aware of the so-called “error 53” problem, but if it happens to you you’ll know about it. And according to one specialist journalist, it “will kill your iPhone”.<\/p><\/blockquote>\n\n

tristanj<\/a>:<\/p>\n

In summary, Apple iOS uses a validation system to ensure Touch ID sensor is not maliciously replaced or modified. The Touch ID sensor has access to the iPhone Security Enclave, where fingerprint data is kept. A malicious sensor could, hypothetically, steal fingerprints from an iPhone user unknowingly. This could be used to unlock the phone and make purchases through Apple Pay without the owner’s permission. To prevent this, Apple uses a validation system whenever the Touch ID sensor is repaired. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the validation paring is updated. Third-party repairs to the sensor will not update the pairing, and will fail validation when using Touch ID. This validation error is shown to users as the mysterious “Error 53”.<\/p>\n

If the validation fails, the device will function mostly fine, although with Touch ID disabled. However, the device will be prevented from restoring or updating to a new version. Restoring from backup still works. I’m not too sure why restoring or updating is blocked, but my guess is that they want to prevent malicious software from being uploaded in this process.<\/p><\/blockquote>\n\n

qb45<\/a>:<\/p>\n

No, the CPU reads encrypted data from the sensor and sends them to the SE for decryption and analysis. See the PDF<\/a> linked here by somebody. What a malicious sensor could do is store user’s fingerprint for retrieval by unauthorized parties.<\/p><\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

It seems very reasonable to me that iOS should check for a trusted Touch ID sensor. But, if the sensor can’t be trusted, clearly the whole phone should not be bricked — it should simply disable Touch ID and Apple Pay<\/a>. And, obviously, it should inform the user why<\/em>. Putting up an alert that just says “Error 53” is almost comically bad.<\/p><\/blockquote>\n\n

Update (2016-02-11): Gwynne Raskind<\/a>:<\/p>\n

\nYou must predicate everything you do in the name of security on the presumption that users are hopelessly lacking in knowledge.\n<\/p>

\nThey ​WILL<\/i>​ be socially engineered into giving up credentials.\n<\/p>

\nThey ​WILL<\/i>​ be socially engineered into turning off security features that give them even a moment’s annoyance even just once.\n<\/p>

[…]<\/p>

A number of people have asked why Apple didn’t disable just Apple Pay and leave the rest of the phone functional. Technically speaking, I can’t do more than guess at the details, but it’s my presumption that this is the only way they could prevent jailbreaks and other “the user will do any stupid thing rather than actually listen to security warnings” (the effect of user arrogance on security is a whole separate issue from user ignorance that I’m not going to get into) from getting around the error, which would have rendered it useless.<\/p><\/blockquote>\n\n

Update (2016-02-16): Josh Centers<\/a>:<\/p>\n

\n

We reached out to an Apple Authorized Service Provider who is familiar with the matter. While he confirmed that Apple’s requirement is a security feature, he also sees it as Apple pushing several agendas: selling AppleCare+, pushing customers into buying new phones after AppleCare+ expires, shutting out non-authorized repairers and suppliers, and shutting out fake devices built from knock-off parts. It turns out that all iPhone screen repairs have to go back to Apple for screen replacements; Apple has a machine that restores the pairing between the Touch ID sensor and the secure enclave.<\/p>\n

[…]<\/p>\n

Apple’s handling of the situation has prompted the Seattle law firm PVCA to file a class action suit against Apple<\/a>; if you’ve experienced Error 53, consider getting in touch with them.<\/p>\n

[…]<\/p>\n

However, it’s not all bad news. In order to deal with unauthorized repairs, Apple has drastically reduced the price for out-of-warranty screen repairs. Without AppleCare+, the company now charges between $109 to $149 for a screen replacement, which isn’t much more than what you’d pay with AppleCare+. However, if you have AppleCare+, Apple will give you a loaner phone and likely move your repair up in its priority list.<\/p>\n<\/blockquote>\n

Adam Minter<\/a> (via Slashdot<\/a>):<\/p>\n

That’s not a unique business model, of course. For decades, auto manufacturers and dealerships have done their best to undermine independent garages by limiting access to original parts and diagnostic tools. The results, in both industries, are predictable: Repair shops have to turn away willing customers, and consumers lose the benefits of free competition, notably lower prices and more convenience.<\/p>

In 2000, under threat of so-called “right to repair” legislation, U.S. automakers, dealerships and service shops formed a union<\/a> to share information on repairing today’s high-tech cars. Because membership was voluntary, however, there was little incentive to cough up any useful data, especially in a prompt manner<\/a>.<\/p><\/blockquote>\n\n

Update (2016-02-18): Matthew Panzarino<\/a> (via John Gruber<\/a>, comments<\/a>):<\/p>\n

\n

The update is not for users who update their iPhones over the air (OTA) via iCloud. If you update your phone that way, you should never have encountered Error 53 in the first place. If, however, you update via iTunes or your phone is bricked, you should be able to plug it into iTunes to get the update today, restoring your phone’s functionality.<\/p>\n<\/blockquote>\n\n

Mike Ash<\/a>:<\/p>\n

That Error 53 thing everybody said was Super Important Security Stuff™ was an inadvertently released factory test.<\/p><\/blockquote>\n\n

Gwynne Raskind<\/a>:<\/p>\n

\n

I’m not trying to accuse Apple of anything here; I’m personally satisfied with how they’ve handled the Error 53 situation. While I favor “right to repair”, and strongly dislike the trend towards hardware that the customer doesn’t effectively own, security of a device carrying important data in the context of the infamous gullibility and technical inexperience of the majority of users is a knotty problem at best and Apple is walking a fine line with relatively few missteps (though the “few” here is a long, long way from zero). What I do wonder about is what more there is behind some of the decisions that were made, and the timing of those decisions. If nothing else, it’s a matter of curiosity.<\/p>\n<\/blockquote>\n\n

Update (2016-02-20): Alex Cranz<\/a>:<\/p>\n

AJ Forsythe is familiar with Error 53. He’s the CEO of iCracked and like many iPhone repair services, they’ve been aware of the problem for over a year now. […] Most third party repair agencies have learned to live with the quirk and have standardized their training of repair agents to accommodate this specific issue. (The companies that didn’t are the ones likely leading to the majority of brickings).<\/p><\/blockquote>\n\n

Update (2016-05-25): Husain Sumra<\/a>:<\/p>\n

Apple argued the lawsuit should be dismissed because the company issued a fix for the error and offered to reimburse customers who had paid to have their devices replaced or repaired. However, the plaintiffs are now arguing that Apple failed to properly alert users to the reimbursement program. They argue the “vague” announcement on Apple’s website and a support document published in April isn’t sufficient enough to inform affected customers.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"

Miles Brignall (via Hacker News): Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician. Relatively few people outside the tech world are aware of the so-called “error […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-06-01T01:29:57Z","apple_news_api_id":"d9d0ad3f-7052-4fbb-8437-401b6fdd43cd","apple_news_api_modified_at":"2019-08-08T20:46:05Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/A2dCtP3BST7uEN0Abb91DzQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[416,31,1137,41,355,1679,48,573,1860],"class_list":["post-13438","post","type-post","status-publish","format-standard","hentry","category-technology","tag-applecare","tag-ios","tag-ios-9","tag-lawsuit","tag-privacy","tag-secure-enclave","tag-security","tag-touch-id","tag-unauthorized-repair"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=13438"}],"version-history":[{"count":12,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13438\/revisions"}],"predecessor-version":[{"id":21587,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13438\/revisions\/21587"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=13438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=13438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=13438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}