‘Error 53’ fury mounts as Apple software update kills some iPhones ‘fixed’ by non-Apple repair shops

“Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician,” Miles Brignall reports for The Guardian. “The issue appears to affect handsets where the home button, which has touch ID fingerprint recognition built-in, has been repaired by a ‘non-official’ company or individual. It has also reportedly affected customers whose phone has been damaged but who have been able to carry on using it without the need for a repair.”

“But the problem only comes to light when the latest version of Apple’s iPhone software, iOS 9, is installed. Indeed, the phone may have been working perfectly for weeks or months since a repair or being damaged,” Brignall reports. “After installation a growing number of people have watched in horror as their phone, which may well have cost them £500-plus, is rendered useless. Any photos or other data held on the handset is lost – and irretrievable.”

“Tech experts claim Apple knows all about the problem but has done nothing to warn users that their phone will be ‘bricked’ (ie, rendered as technologically useful as a brick) if they install the iOS upgrade,” Brignall reports. “Apple charges £236 for a repair to the home button on an iPhone 6 in the UK, while an independent repairer would demand a fraction of that.”

MacDailyNews Take: Wrong. The link that Brignall supplies takes you to Apple UK’s iPhone repair page which clearly states: £79 to fix “accidental damage” for those with AppleCare+ coverage. It costs £256.44 for those without AppleCare+ warranty.

“Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. ‘I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly,'” Brignall reports. “When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious. ‘The whole thing is extraordinary. How can a company deliberately make their own products useless with an upgrade and not warn their own customers about it? Outside of the big industrialised nations, Apple stores are few and far between, and damaged phones can only be brought back to life by small third-party repairers.'”

MacDailyNews Take: You should have had AppleCare+, Antonio. You take your iPhone to cover a crisis in the Balkans and you don’t have proper insurance coverage? Or proper backup? No sympathy. If your iPhone is so important for your work and you know you are going to an area without proper repair services, maybe you should take along a backup iPhone? You know, like a smart person?

Instead you go whining to the media, trumpeting your own ineptitude and glaring lack of preparedness in your work. Have some effing personal responsibility, will you? It’s not Apple’s fault you’re a butterfingered klutz without even a wisp of a backup plan.

Some people have to learn lessons the hard way.

Read more in the full article here.

MacDailyNews Take: Security first. Back up your iPhone and you won’t lose any data if you’re an international photojournalist or otherwise prone to breaking your iPhone, who has no backup and is therefore likely to panickedly resort to getting it serviced in an insecure way by an unauthorized technician, and therefore ultimately have to get a new one.

Apple’s statement:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorized Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure. When an iPhone is serviced by an unauthorised repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an “error 53” being displayed… If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.

[Thanks to MacDailyNews Readers “Sarasota” and “Dialtone” for the heads up.]

49 Comments

  1. Rather than “bricking” it, a better solution would have been to permanently flash “SECURITY COMPROMISED” whenever the phone did any action requiring fingerprint security.

    For example, on unlocking the iPhone with TouchID the message would pop up and ask for a 4 digit code instead.

    For another example, on using Apple Pay the message would pop up and fail the transaction.

      1. Too bad, most do. Of all the iPhone users I know only one uses a passphrase instead of a PIN.

        In fact Apple still considers a 4- or 6-digit PIN more authoritative than the fingerprint for physical device access, since you cannot use Touch ID to update iOS, to sign in to an iDevice after a restart, or if it’s been over 48 hours since last sign-in.

        If a 4 or 6 digit PIN (which can be stupid simple) is still being offered as an option that’s secure enough for your device and its data (user judgement call), then the *correct* way to handle a suspected TouchID tampering should have been to disable Touch ID and related functionality *only*, warn the user in some way about suspected tampering, and fall back to passcode access until user takes it into Apple to fix.

      2. An unusually large number of red herrings in this thread:

        1. “The guy should have had AppleCare or insurance.” Who says that he didn’t? Neither of them would have done him any good if the damage to his phone was due to unauthorized repairs. His problem was that his screen broke where an authorized repair facility was not available within the timeframe when he needed the phone. AppleCare could not have helped with that, so it is a red herring.

        2. “The guy should have backed up his data.” Again, who says that he didn’t? The complaint is not about loss of data, but that he had to replace his entire device. The article just mentions in passing that all of the data on the phone was lost with it, irretrievably in the case of data that had not yet been backed up. Even perfect backups do no good without a working phone to restore them to, so this is another red herring.

        3. Specifically, “The guy should have backed up to iCloud.” Imagine that you have a 128GB iPhone in rural Macedonia, then try to imagine how long a backup to iCloud might take over the available cellular network and how much it might cost as roaming data. Would you be making backups more than once a day or so?

        4. “Bricking the phone was a *necessary* security measure.” Why would simply disabling the compromised fingerprint scanner/secure enclave subsystem not have been sufficient? Any more than that was unnecessary. Tampering with a car’s security system may lock out the ignition and transmission, but it does not require the owner to replace the vehicle.

        5. “The sanctity of that subsystem is essential to security.” Apple itself regards the combination of physical possession of the phone + knowledge of the ID or passcode + the ability to log into a valid iCloud account as adequate security for absolutely everything except Apple Pay. Those methods are no less safe without the fingerprint scanner than with it.

        6. “This is necessary to protect the fingerprint data in the secure enclave.” Really? If the NSA or a hacker has physical possession of my phone, they don’t need the hashed fingerprint data in the enclave. They can just lift a full set of my prints off the case. Do you always wear gloves when you use a touchscreen device?

        7. “Bricking the phone was an *urgent* security measure.” If so, why was he able to continue using the phone after the repair until his next system upgrade? By then, bricking the phone was just closing the barn doors on a potentially emptied stable.

        8. “The guy should have known better.” Users since the Apple II have been aware that the company will void the warranty on their products for unauthorized repairs. That seems fair. What seems unfair is not warning users that hiring a trained but unapproved tech to make a simple repair that is seemingly unrelated to security, like replacing a cracked screen, will probably destroy the device. Clearly, nobody outside the company knew that was the situation.

        Again, I have no problem with Apple looking out for our security, but let’s debate this using arguments that stick to the main roadway, not red herring trails that have nothing to do with the real issues.

    1. I am confused here. According to the Apple note above, its the fingerprint sensor not being paired with the secure enclave.

      OK, have Apple put in a new fingerprint sensor and pair it with the enclave. They can check to be sure you are in fact you!

      Should be a no brainer…. unless people are bitching cause they want it done for FREE!!!

      I say, missing data here.

      Any thoughts?

      1. Perhaps that is not an option, as the author wrote when he returned to London and took his phone to the Apple Store they told him there was nothing they could do and it was junked.

    1. Forgot to add:
      It should do this upon power up right after the repair, so the user knows this is a direct effect of something not right with the repair. Then they “could” ask to put the bad parts back in and seek a better solution or at least back it up first.

      1. That would identify the source of the problem, but would be too late to fix it. Apparently, there is no remedy other than replacing the entire phone once it is dead. Not even Apple can simply put in a new scanner and pair it to the disabled secure enclave (which is on the same chip as the CPU). Apple apparently has a way to do screen repairs and the like without disturbing the pairing, but not even they can undo the damage once an unpairing occurs.

    2. What it says is, “If there’s been any unauthorized tampering with the Touch ID system, you can be sure your data will remain secure.”

      Throwing up a message saying “Security Comprised” means absolutely nothing if in fact it left the system in a nonsecure state so that anyone could have access to your data.

    1. @Greg: So you have the most secure handset in the world, that even Apple can’t hack into. You then have the security function (the fingerprint scanner) of that handset compromised by trusting its repair or replacement to an unauthorized backstreet repair shop. And then you’re upset that no-one can get access to the data on your handset?? That’s the whole purpose of the unbreakable security function.

    2. I think they do have a legal leg to stand on here. I can’t speak to all states, let alone all countries, but in most states in the US, it’s considered anti-competitive to intentionally block 3rd party repairs. That doesn’t mean that a company is obligated to support 3rd party repairs in any way. It’s up to the 3rd party to make sure the repairs are compatible and work properly.

      Apple appears not to be intentionally blocking 3rd party repairs. It’s not as if there are sensors in the iPhone that detect if it’s been opened by a 3rd party for any repair at all and then brick the device.

      Instead, what happens is that when the unique pairing identifier no longer matches, an Error 53 occurs due to the security being compromised.

      This is why no 3rd party could replace the home button and have Touch ID still working. The logic board needs to be replaced in pair.

      Apple may have decided that simply disabling Touch ID and Apple Pay when the unique pairing didn’t match wasn’t enough and the device needed to be bricked. If so, Apple is completely justified from a legal perspective.

      Apple may have made changes in iOS with disregard to the 3rd party repairs which ended up inadvertently bricking the devices. If so, again, Apple is completely justified from a legal perspective.

      The only way “a class action suit would be in order” would be if Apple intentionally updated iOS to brick iPhones with 3rd party home buttons solely to prevent 3rd parties from doing this and without any intention of doing so to improve security (or anything else) in any way.

      That’s a hell of a thing to prove.

      1. “Apple may have decided that simply disabling Touch ID and Apple Pay when the unique pairing didn’t match wasn’t enough and the device needed to be bricked”

        The problem with this reasoning is that you can use TouchID-equipped iPhones with just PIN/passphrase, and never register a single fingerprint. Since Apple still lets you use just PINs/PPs (which can be as weak as the user wants) to access the device, and doesn’t even let you use TouchID for iOS updates or the first post-restart sign-in, then totally bricking the device with no hope of recovery (since Apple support is saying you must replace the entire device) is severe overkill.

        If security is the excuse, then at this point in time the most they should be doing is disabling all TouchID and related functionality, allow only PIN/PP sign-in, and maybe splash a security warning from time to time advising user of compromised TouchID security. If ongoing warnings detract from user experience, then show the warning the first time the problem is detected, and then again only if the user tries to set up fingerprints again.

        1. First, my comment is only addressing the legal aspect of this and what merit a potential class action lawsuit would have.

          “If security is the excuse, then at this point in time the most they should be doing is disabling all TouchID and related functionality, allow only PIN/PP sign-in…”

          Can you say for sure that nobody at Apple discovered a way that potentially a home button could be spoofed and replaced without restarting the iPhone, and thus presenting a security risk? That’s not even the bar here (legally). The bar would be set at saying nobody at Apple even thought it could be potentially possible that someone else could eventually come up with a way to do this. Because if Apple thought this could be a security issue some day, then they’re totally legally justified in doing what they did… even if what Apple thought ended up being wrong.

          “…maybe splash a security warning from time to time advising user of compromised TouchID security.”

          You’d be warning the wrong person. The concern here is that someone could steal your iPhone, replace the home button without restarting, and then have access to all of your data. Warning the thief that security has been compromised is like giving them an achievement badge.

          Again, this doesn’t ever have to be possible for Apple to be legally justified in what they did. Apple just has to have thought that it could be possible some day to have legally justified what they did.

          Also again, if the whole thing was inadvertent, Apple is in the legal clear. A lawsuit would need to prove that Apple intended solely to prevent 3rd party repairs, not just that Apple failed to support 3rd party repairs.

        2. +200. you seem to be the only one who clearly understands the problem and who proposes a reasonable response by Apple.
          BTW, I absolutely abhor the standpoint of all the rednecks who say: your own fault, you should have Applecare+++!!! Even the +++ plan doesn’t include free repairs. In some countries, a 2 year warranty is standard, soon to be 3 years!

  2. Ok, so how would AppleCare have helped the journalist in Macedonia? He have abandoned his job and flown to the nearest Apple authorized repair facility. He would at least have had a phone while arranging job interviews. He could get it fixed and void his warranty, in which case he would be out for the cost of both AppleCare and a new phone, but would at least have a job.

    Again, the MDN take assumes that we all live within a short distance of an Apple dealer, just as other takes assume we all have big hands and have broadband capable of serving a couple of TV sets and a computer or two with SuperHiDef programming with no buffering.

  3. Totally understand why Apple would approach this in a seemly harsh way. If individual have compromised devices, knowingly- you do now want to alert them. kill the devices. If devices are in the wild , even better. It seems harsh, but remember Apple puts a high price on data integrity and user security. As for the photo journalist, no backup? A complete idiot. If your jobs relies on devices… Make sure you have more than one way to recover data. Lima a portable drive to offload images with a secure encryption method.

    In the world of systems or security, once and a while ones actions or lack there, will pose a problem when system integrity is a core focused feature. However, the lack of said is even sorest of a fate.

  4. MacDailyNews Take: You should have had AppleCare+, Antonio. You take your iPhone to cover a crisis in the Balkans and you don’t have proper insurance coverage? Or proper backup? No sympathy. Some people have to learn lessons the hard way.

    Neither AppleCare+ nor insurance changes the fact that there weren’t any Apple stores in that area.

    Where does the article say that lack of a backup was the issue? Even if it were an issue, there is no backup system that is 100% effective.

    1. People are whining about losing their data and photos because they need a new iPhone. If they had backed up, it wouldn’t be an issue.

      MDN stated it pretty clearly: “Back up your iPhone and you won’t lose any data if you’re an international photojournalist or otherwise prone to breaking your iPhone, who has no backup and is therefore likely to panickedly resort to getting it serviced in an insecure way by an unauthorized technician, and therefore ultimately have to get a new one.”

      1. You sir are a moron.

        Perhaps if enough people with the problem bring it to the attention of the right people, a class action lawsuit could be mounted against the mfg for deliberately breaking someone’s prvate property. Last I heard that was called vandalism.

        1. No, you are wrong. You are one of those people who never take personal responsibility, who blame others for things of your own doing, and who likely endlessly sucks off the public teat.

          MDN is right:

          If your iPhone is so important for your work and you know you are going to an area without proper repair services, maybe you should take along a backup iPhone? You know, like a smart person?

          Instead you go whining to the media, trumpeting your own ineptitude and glaring lack of preparedness in your work. Have some effing personal responsibility, will you? It’s not Apple’s fault you’re a butterfingered klutz without even a wisp of a backup plan.

          Some people have to learn lessons the hard way.

      2. “People are whining about losing their data and photos because they need a new iPhone. If they had backed up, it wouldn’t be an issue.”

        1) The photographer did not state that the lack of a backup was an issue, which is what was implied in the MDN take that I quoted.

        2) Having a backup system does not guarantee that you will never lose any data.

        3) The issue as stated in the article is about more than just the potential for lost data. There is a definite and real monetary impact as well.

  5. This is the current director Tim Cooke has taken Apple. FORCE customers to pay for overpriced repairs, overpriced memory upgrades, non user repairable computers. I’ve been a Apple Fan boy for a long time, but now I’m thinking of jumping ship over to windows, just so I can do the upgrades I want and fix it myself. Tim Cooke is the worst thing to happen to Apple.

  6. Well the pricing is an outright lie. I know for a fact that a an issue with a home button requires display replacement which through Apple is £79 on an iPhone 6, out of warranty. If there is damage to the device preventing repair then worse case it’s £229 to replace the whole iPhone. Half the retail value.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.