“Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician,” Miles Brignall reports for The Guardian. “The issue appears to affect handsets where the home button, which has touch ID fingerprint recognition built-in, has been repaired by a ‘non-official’ company or individual. It has also reportedly affected customers whose phone has been damaged but who have been able to carry on using it without the need for a repair.”
“But the problem only comes to light when the latest version of Apple’s iPhone software, iOS 9, is installed. Indeed, the phone may have been working perfectly for weeks or months since a repair or being damaged,” Brignall reports. “After installation a growing number of people have watched in horror as their phone, which may well have cost them £500-plus, is rendered useless. Any photos or other data held on the handset is lost – and irretrievable.”
“Tech experts claim Apple knows all about the problem but has done nothing to warn users that their phone will be ‘bricked’ (ie, rendered as technologically useful as a brick) if they install the iOS upgrade,” Brignall reports. “Apple charges £236 for a repair to the home button on an iPhone 6 in the UK, while an independent repairer would demand a fraction of that.”
MacDailyNews Take: Wrong. The link that Brignall supplies takes you to Apple UK’s iPhone repair page which clearly states: £79 to fix “accidental damage” for those with AppleCare+ coverage. It costs £256.44 for those without AppleCare+ warranty.
“Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. ‘I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly,'” Brignall reports. “When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious. ‘The whole thing is extraordinary. How can a company deliberately make their own products useless with an upgrade and not warn their own customers about it? Outside of the big industrialised nations, Apple stores are few and far between, and damaged phones can only be brought back to life by small third-party repairers.'”
MacDailyNews Take: You should have had AppleCare+, Antonio. You take your iPhone to cover a crisis in the Balkans and you don’t have proper insurance coverage? Or proper backup? No sympathy. If your iPhone is so important for your work and you know you are going to an area without proper repair services, maybe you should take along a backup iPhone? You know, like a smart person?
Instead you go whining to the media, trumpeting your own ineptitude and glaring lack of preparedness in your work. Have some effing personal responsibility, will you? It’s not Apple’s fault you’re a butterfingered klutz without even a wisp of a backup plan.
Some people have to learn lessons the hard way.
Read more in the full article here.
MacDailyNews Take: Security first. Back up your iPhone and you won’t lose any data if you’re an international photojournalist or otherwise prone to breaking your iPhone, who has no backup and is therefore likely to panickedly resort to getting it serviced in an insecure way by an unauthorized technician, and therefore ultimately have to get a new one.
Apple’s statement:
We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorized Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure. When an iPhone is serviced by an unauthorised repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an “error 53” being displayed… If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.
[Thanks to MacDailyNews Readers “Sarasota” and “Dialtone” for the heads up.]
Rather than “bricking” it, a better solution would have been to permanently flash “SECURITY COMPROMISED” whenever the phone did any action requiring fingerprint security.
For example, on unlocking the iPhone with TouchID the message would pop up and ask for a 4 digit code instead.
For another example, on using Apple Pay the message would pop up and fail the transaction.
You’d trust your data to a 4 digit code when you have the ability to use a proper security code??? I wouldn’t!
Too bad, most do. Of all the iPhone users I know only one uses a passphrase instead of a PIN.
In fact Apple still considers a 4- or 6-digit PIN more authoritative than the fingerprint for physical device access, since you cannot use Touch ID to update iOS, to sign in to an iDevice after a restart, or if it’s been over 48 hours since last sign-in.
If a 4 or 6 digit PIN (which can be stupid simple) is still being offered as an option that’s secure enough for your device and its data (user judgement call), then the *correct* way to handle a suspected TouchID tampering should have been to disable Touch ID and related functionality *only*, warn the user in some way about suspected tampering, and fall back to passcode access until user takes it into Apple to fix.
An unusually large number of red herrings in this thread:
1. “The guy should have had AppleCare or insurance.” Who says that he didn’t? Neither of them would have done him any good if the damage to his phone was due to unauthorized repairs. His problem was that his screen broke where an authorized repair facility was not available within the timeframe when he needed the phone. AppleCare could not have helped with that, so it is a red herring.
2. “The guy should have backed up his data.” Again, who says that he didn’t? The complaint is not about loss of data, but that he had to replace his entire device. The article just mentions in passing that all of the data on the phone was lost with it, irretrievably in the case of data that had not yet been backed up. Even perfect backups do no good without a working phone to restore them to, so this is another red herring.
3. Specifically, “The guy should have backed up to iCloud.” Imagine that you have a 128GB iPhone in rural Macedonia, then try to imagine how long a backup to iCloud might take over the available cellular network and how much it might cost as roaming data. Would you be making backups more than once a day or so?
4. “Bricking the phone was a *necessary* security measure.” Why would simply disabling the compromised fingerprint scanner/secure enclave subsystem not have been sufficient? Any more than that was unnecessary. Tampering with a car’s security system may lock out the ignition and transmission, but it does not require the owner to replace the vehicle.
5. “The sanctity of that subsystem is essential to security.” Apple itself regards the combination of physical possession of the phone + knowledge of the ID or passcode + the ability to log into a valid iCloud account as adequate security for absolutely everything except Apple Pay. Those methods are no less safe without the fingerprint scanner than with it.
6. “This is necessary to protect the fingerprint data in the secure enclave.” Really? If the NSA or a hacker has physical possession of my phone, they don’t need the hashed fingerprint data in the enclave. They can just lift a full set of my prints off the case. Do you always wear gloves when you use a touchscreen device?
7. “Bricking the phone was an *urgent* security measure.” If so, why was he able to continue using the phone after the repair until his next system upgrade? By then, bricking the phone was just closing the barn doors on a potentially emptied stable.
8. “The guy should have known better.” Users since the Apple II have been aware that the company will void the warranty on their products for unauthorized repairs. That seems fair. What seems unfair is not warning users that hiring a trained but unapproved tech to make a simple repair that is seemingly unrelated to security, like replacing a cracked screen, will probably destroy the device. Clearly, nobody outside the company knew that was the situation.
Again, I have no problem with Apple looking out for our security, but let’s debate this using arguments that stick to the main roadway, not red herring trails that have nothing to do with the real issues.
I am confused here. According to the Apple note above, its the fingerprint sensor not being paired with the secure enclave.
OK, have Apple put in a new fingerprint sensor and pair it with the enclave. They can check to be sure you are in fact you!
Should be a no brainer…. unless people are bitching cause they want it done for FREE!!!
I say, missing data here.
Any thoughts?
Perhaps that is not an option, as the author wrote when he returned to London and took his phone to the Apple Store they told him there was nothing they could do and it was junked.
Yes, to the security and tech literate, this makes sense.
To the general public, this is a losing PR battle.
Forgot to add:
It should do this upon power up right after the repair, so the user knows this is a direct effect of something not right with the repair. Then they “could” ask to put the bad parts back in and seek a better solution or at least back it up first.
That would identify the source of the problem, but would be too late to fix it. Apparently, there is no remedy other than replacing the entire phone once it is dead. Not even Apple can simply put in a new scanner and pair it to the disabled secure enclave (which is on the same chip as the CPU). Apple apparently has a way to do screen repairs and the like without disturbing the pairing, but not even they can undo the damage once an unpairing occurs.
What it says is, “If there’s been any unauthorized tampering with the Touch ID system, you can be sure your data will remain secure.”
Throwing up a message saying “Security Comprised” means absolutely nothing if in fact it left the system in a nonsecure state so that anyone could have access to your data.
Seems like a class action suit is in order. There is no way that Apple should be allowed to do this.
@Greg: So you have the most secure handset in the world, that even Apple can’t hack into. You then have the security function (the fingerprint scanner) of that handset compromised by trusting its repair or replacement to an unauthorized backstreet repair shop. And then you’re upset that no-one can get access to the data on your handset?? That’s the whole purpose of the unbreakable security function.
I think they do have a legal leg to stand on here. I can’t speak to all states, let alone all countries, but in most states in the US, it’s considered anti-competitive to intentionally block 3rd party repairs. That doesn’t mean that a company is obligated to support 3rd party repairs in any way. It’s up to the 3rd party to make sure the repairs are compatible and work properly.
Apple appears not to be intentionally blocking 3rd party repairs. It’s not as if there are sensors in the iPhone that detect if it’s been opened by a 3rd party for any repair at all and then brick the device.
Instead, what happens is that when the unique pairing identifier no longer matches, an Error 53 occurs due to the security being compromised.
This is why no 3rd party could replace the home button and have Touch ID still working. The logic board needs to be replaced in pair.
Apple may have decided that simply disabling Touch ID and Apple Pay when the unique pairing didn’t match wasn’t enough and the device needed to be bricked. If so, Apple is completely justified from a legal perspective.
Apple may have made changes in iOS with disregard to the 3rd party repairs which ended up inadvertently bricking the devices. If so, again, Apple is completely justified from a legal perspective.
The only way “a class action suit would be in order” would be if Apple intentionally updated iOS to brick iPhones with 3rd party home buttons solely to prevent 3rd parties from doing this and without any intention of doing so to improve security (or anything else) in any way.
That’s a hell of a thing to prove.
“Apple may have decided that simply disabling Touch ID and Apple Pay when the unique pairing didn’t match wasn’t enough and the device needed to be bricked”
The problem with this reasoning is that you can use TouchID-equipped iPhones with just PIN/passphrase, and never register a single fingerprint. Since Apple still lets you use just PINs/PPs (which can be as weak as the user wants) to access the device, and doesn’t even let you use TouchID for iOS updates or the first post-restart sign-in, then totally bricking the device with no hope of recovery (since Apple support is saying you must replace the entire device) is severe overkill.
If security is the excuse, then at this point in time the most they should be doing is disabling all TouchID and related functionality, allow only PIN/PP sign-in, and maybe splash a security warning from time to time advising user of compromised TouchID security. If ongoing warnings detract from user experience, then show the warning the first time the problem is detected, and then again only if the user tries to set up fingerprints again.
First, my comment is only addressing the legal aspect of this and what merit a potential class action lawsuit would have.
“If security is the excuse, then at this point in time the most they should be doing is disabling all TouchID and related functionality, allow only PIN/PP sign-in…”
Can you say for sure that nobody at Apple discovered a way that potentially a home button could be spoofed and replaced without restarting the iPhone, and thus presenting a security risk? That’s not even the bar here (legally). The bar would be set at saying nobody at Apple even thought it could be potentially possible that someone else could eventually come up with a way to do this. Because if Apple thought this could be a security issue some day, then they’re totally legally justified in doing what they did… even if what Apple thought ended up being wrong.
“…maybe splash a security warning from time to time advising user of compromised TouchID security.”
You’d be warning the wrong person. The concern here is that someone could steal your iPhone, replace the home button without restarting, and then have access to all of your data. Warning the thief that security has been compromised is like giving them an achievement badge.
Again, this doesn’t ever have to be possible for Apple to be legally justified in what they did. Apple just has to have thought that it could be possible some day to have legally justified what they did.
Also again, if the whole thing was inadvertent, Apple is in the legal clear. A lawsuit would need to prove that Apple intended solely to prevent 3rd party repairs, not just that Apple failed to support 3rd party repairs.
+200. you seem to be the only one who clearly understands the problem and who proposes a reasonable response by Apple.
BTW, I absolutely abhor the standpoint of all the rednecks who say: your own fault, you should have Applecare+++!!! Even the +++ plan doesn’t include free repairs. In some countries, a 2 year warranty is standard, soon to be 3 years!
Why do you hate white people so much?
Ok, so how would AppleCare have helped the journalist in Macedonia? He have abandoned his job and flown to the nearest Apple authorized repair facility. He would at least have had a phone while arranging job interviews. He could get it fixed and void his warranty, in which case he would be out for the cost of both AppleCare and a new phone, but would at least have a job.
Again, the MDN take assumes that we all live within a short distance of an Apple dealer, just as other takes assume we all have big hands and have broadband capable of serving a couple of TV sets and a computer or two with SuperHiDef programming with no buffering.
Bring it to a repair shop that has the correct parts.
Totally understand why Apple would approach this in a seemly harsh way. If individual have compromised devices, knowingly- you do now want to alert them. kill the devices. If devices are in the wild , even better. It seems harsh, but remember Apple puts a high price on data integrity and user security. As for the photo journalist, no backup? A complete idiot. If your jobs relies on devices… Make sure you have more than one way to recover data. Lima a portable drive to offload images with a secure encryption method.
In the world of systems or security, once and a while ones actions or lack there, will pose a problem when system integrity is a core focused feature. However, the lack of said is even sorest of a fate.
MacDailyNews Take: You should have had AppleCare+, Antonio. You take your iPhone to cover a crisis in the Balkans and you don’t have proper insurance coverage? Or proper backup? No sympathy. Some people have to learn lessons the hard way.
Neither AppleCare+ nor insurance changes the fact that there weren’t any Apple stores in that area.
Where does the article say that lack of a backup was the issue? Even if it were an issue, there is no backup system that is 100% effective.
People are whining about losing their data and photos because they need a new iPhone. If they had backed up, it wouldn’t be an issue.
MDN stated it pretty clearly: “Back up your iPhone and you won’t lose any data if you’re an international photojournalist or otherwise prone to breaking your iPhone, who has no backup and is therefore likely to panickedly resort to getting it serviced in an insecure way by an unauthorized technician, and therefore ultimately have to get a new one.”
You sir are a moron.
Perhaps if enough people with the problem bring it to the attention of the right people, a class action lawsuit could be mounted against the mfg for deliberately breaking someone’s prvate property. Last I heard that was called vandalism.
No, you are wrong. You are one of those people who never take personal responsibility, who blame others for things of your own doing, and who likely endlessly sucks off the public teat.
MDN is right:
If your iPhone is so important for your work and you know you are going to an area without proper repair services, maybe you should take along a backup iPhone? You know, like a smart person?
Instead you go whining to the media, trumpeting your own ineptitude and glaring lack of preparedness in your work. Have some effing personal responsibility, will you? It’s not Apple’s fault you’re a butterfingered klutz without even a wisp of a backup plan.
Some people have to learn lessons the hard way.
“People are whining about losing their data and photos because they need a new iPhone. If they had backed up, it wouldn’t be an issue.”
1) The photographer did not state that the lack of a backup was an issue, which is what was implied in the MDN take that I quoted.
2) Having a backup system does not guarantee that you will never lose any data.
3) The issue as stated in the article is about more than just the potential for lost data. There is a definite and real monetary impact as well.
This is the current director Tim Cooke has taken Apple. FORCE customers to pay for overpriced repairs, overpriced memory upgrades, non user repairable computers. I’ve been a Apple Fan boy for a long time, but now I’m thinking of jumping ship over to windows, just so I can do the upgrades I want and fix it myself. Tim Cooke is the worst thing to happen to Apple.
You mean Sam Cooke?
Well the pricing is an outright lie. I know for a fact that a an issue with a home button requires display replacement which through Apple is £79 on an iPhone 6, out of warranty. If there is damage to the device preventing repair then worse case it’s £229 to replace the whole iPhone. Half the retail value.
So everyone is ok with the possibility of having your ID stolen due to some back alley shop that pops open a phone and replaces the sensors that keep your phone secure. Ok.
Apple has seen in past years a ton of damage to their devices and computers when Joe shops think they can properly repair the Apple products. Those same products are then taken into Apple as broken or defective products thinking Apple will fix the issues. Wrong. It’s no different than taking your new BMW to Joes garage to have the interior and security system fixed. Yes Joe can do it, but without the proper training, parts, and security your BMW may not work properly or might fail at a most crucial times. If you crash and your airbag doesn’t go off due to Joe, it was you who took it there in the first place.
The better thing to do would be to make an appointment at the BMW dealer and then get a rental until the job is complete.
If you find yourself in the back parts of the world and your phone breaks, just buy a cheap phone and swap sims out. Then later take your phone to be repaired at the correct place. If your job requires you to rely on your ability to communicate with the office, then take a back up with you.
You know actually my sister owns a 2006 BMW 330i. It was puking out engine coolant and oil. She got a quote from the dealership and it was gonna be a $700 repair job.
Wanna know what the culprit was? A gasket had gone out. The fix? A new gasket. Cost $15 at the local auto parts store and took about an hour to replace at home.
I actually have a 2004 Saturn ION that was making a rattling noise and one day quit running. The culprit? Timing chain tensioner went out, causing the timing chain to fly off and causing damage to the internal timing mechanisim. Dealership quoted me $1,000. The fix? A new timing chain kit that cost $50 at the local auto parts store and a few days to replace.
$700 vs $15. $1,000 vs $50.
I know cars are quite different than phones. But here’s what I’m getting at. Companies like these mark up prices by 1,000% on a regular basis. You know why? Because they know they can rely on people who blindly trust them.
So in these cases you take the risk knowing you may get sub-standard parts or void your warrantly or whatever. In most cases it’s not a problem, but you take the risk on yourself. You don’t sue BMW because they didn’t have a dealership in Macedonia and Aristophanes’s repair shop messed up your ride.
No not sub standard. 90% of the time, the parts you get at the local auto shop place are made by the same exact people who produce parts for dealerships. And the place I go to has a lifetime guarantee on all the parts they sell anyways, but that’s beside the point.
And you’re right. You don’t sue BMW, or Apple because they don’t have a dealership or store in Macedonia. You sue them for releasing a software update that can render peoples cars or phones useless without even so much as a warning beforehand.
I’m on Apple’s side on this one:
This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.
That part, yes. But bricking the phone?
Yeah, why not just fall back to PIN/PP? Bricking is absurdly punitive.
Proof that iPhone users don’t actually own their device.
These 3rd party repair shops are not authorized to service iPhones. Especially screen replacements as they need a calibration machine to calibrate not only the display but also the touch sensor. This is why they are failing.
Apple does offer mail-in Service for authorized repairs as well, the argument about not being near an Apple Store doesn’t work very well.
Additionally, anyone that cannot stand ANY downtime with an iPhone should at least bring a previous model (i.e. the ones most Apple addicts have around the house) or at least plan somehow.
Anyone who purchases such a high cost piece of tech and then decides to have it repaired in a back-alley shop should be prepared to dump it and buy a new device back home anyways.
Where? You do realize there are lots of countries with unreliable mail service and high costs for mailing to the US, right? Not really an option for much of the world.
I have a 6 Plus, but often bring my 4S with me on certain occasions (surgery, hospital visits, some travel, etc.) where I can’t risk losing or damaging my main phone.
You’re right, especially if this is a photojournalist he should have a backup camera and a computer. If the iPhone is his only photo and communications device then he’s pretending he’s a professional.
Considering how many people around the world live far, far away from any authorized Apple servicer, this seems grotesquely punitive. Particularly in less affluent countries where people scrimp and save to get an iPhone, inflicting these kinds of costs is only going to drive a whole lot of people away from Apple. And, now that I think about it, I am now much more inclined to stick with my iPhone 5 than upgrade to a newer model with Touch ID.
Wow you guys must just let anyone write your articles.
I love how you said he should have had Apple Care coverage right underneath the paragraph where he explicitly explains there are no Apple stores in Macedonia.
Even if he does have coverage, how the hell is he supposed to use it with no stores around? Send it through the mail and wait maybe a month before he can start making money again. Yeah let’s do that. Let’s do that instead of waiting maybe a day at a local repair shop. That’s perfectly fucking logical in an emergency situation like that.
Oh no, he should have bought a backup phone. Because, you know, a freelance photographer has money to just throw around like that.
SMH stupidity like this pisses me off.
He sounds like a freelance freeloading loser if he didn’t have a backup camera and computer.
You know, you might actually be right.
A real photographer would be using a real camera instead of an iPhone lol
In other words, User Error. Backup, backup, backup. And I always get Applecare Plus for every product.
I suspect this is yet another bug, rather than a conscious attempt by Apple to brick people’s phones. That would be extreme, even for Apple.
However, many of the comments in this thread are beyond stupid. If Microsoft or Google bricked their owners phones in the name of data security, would this site and its loyal readers be applauding that as the pinnacle of security concern? Hardly. Bricking someone’s device so they can no longer access their own data on their own device is hardly a responsible security policy. Politely informing a user that their security profile had been comprised through use of a 3rd party component would be the more responsible approach that I would expect from a company that cared for its customers.
Let’s hope Apple fixes this bug – or sacks the executive that approved this if it is a feature – and allows users to what they wish with devices that they have paid for and own.
Can you imagine taking your car to the dealer and finding that they’ve disabled the engine management system because you had the exhaust replaced in Quickfit? It’s outrageous.
There are valid arguments for both sides with this issue. Apple needs to explain in clear language what is going on and why. At the moment it’s not a good look for the company and it’s not going to go away any time soon.
I think your blog is much useful to us. We hope that you keep up the pretty job. Can u please also visit our site also?