Apple under pressure as lawyers pledge action over ‘Error 53’ iPhones

“Apple has come under pressure to scrap its controversial policy of permanently disabling repaired iPhone 6s when software is upgraded, following a global consumer backlash and claims the company could be acting illegally,” Miles Brignall reports for The Guardian. “At least one firm of US lawyers said it hopes to bring a class action against the technology giant on behalf of victims whose £500 phones have been rendered worthless by an Apple software upgrade.”

The Guardian revealed on Friday how thousands of iPhone 6 users found an iOS software upgrade permanently disabled their phone, which was left displaying an ‘Error 53’ code. Nothing could be done to restore it to working order,” Brignall reports. “The Apple iOS 9 software update which it launched last autumn will, in the jargon, ‘brick’ the handset if it detects that the touch ID fingerprint recognition and/or the home button is not the original.”

“Within hours of publication of the Guardian story, the Seattle-based law firm PCVA called for victims to get in touch, with a view to bringing a class action suit,” Brignall reports. “Apple has so far declined to comment other than a revised statement issued on Saturday saying: ‘This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support.'”

Read more in the full article here.

MacDailyNews Take: This is a security issue.

Apple’s previous statement regarding the matter:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorized Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure. When an iPhone is serviced by an unauthorised repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an “error 53” being displayed… If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.

SEE ALSO:
‘Error 53’ fury mounts as Apple software update kills some iPhones ‘fixed’ by non-Apple repair shops – February 5, 2016

73 Comments

  1. Seems a most reasonable precaution that also would prevent people coming after Apple having installed a potentially malicious touch sensor. Ironically they come after Apple anyway. Damned if they do, damned if they don’t…

        1. No bad tires can kill me. Screw the bank account. An aftermarket radio can allow my car to be hacked (it’s happened). We would not accept bricking the car in either case. A notice would be sent.

          You also completely discount simply disabling Touch ID.

          1. Cynic: And you discount the fact that the enclave stores your passcode information as well as the fingerprint data. This is why iPhones are unhackable – a very hot topic right now given the Feds’ pressure to force Apple to create a way to access the data on its customers’ phones. Simply put, if changing the fingerprint reader and/or enclave would allow a third party to access the phone, it wouldn’t be secure. Security 101. Imagine allowing an unauthorized burglar alarm repair guy to set his own disarm code on your alarm, and then wondering why your house gets burglarized.

            1. Several shortcomings with your argument. If my security system is compromised, my security company calls me to tell me and prepare to service it. They don’t burn my house down, you know, so I don’t get robbed.

              Secondly, did Apple back up the phones before they hosed them?

              Third, this is probably a bug (even I’m not that cynical). Inspect the phone, offer a free replacement for the property that they broke. If Touch ID has been replaced by a third party, charge them only for that.

            2. Your security company only calls you if you have a service agreement with them. If you had a service agreement with Apple (Applecare), they would have repaired your phone properly. Even if you don’t have an alarm service agreement, you could get your alarm repaired by the alarm company. If you choose not to, you put yourself at risk of your system being compromised. Which is exactly what has happened to these phones. The owners, for whatever reason, decided to have their ultra secure, expensive pieces of equipment repaired in such a way that it would have compromised the security of the phone. People would have sued Apple had their data been stolen. Instead, Apple makes sure your data is secure. It’s the owner’s responsibility to back up his/her phone, not Apple’s. The so-called repairer should also have advised the owner to do so.
              These cheap repairs turned out not so cheap. But still a lot cheaper than having your identity and all your data stolen.

          2. Make your suggestions to Apple. Gone are the days when tires were allowed to be retread, come apart and “kill you.” Still not a good analogy. Apple may not have a software switch that can disable Touch ID yet. Apple allows you can contact their support and I would assume find a way to reenable your phone. Might require genuine Apple parts and additional expense though. I don’t know how dumb any repair service can be even attempting this kind of repair and not know the ramifications for customers.

            1. “Apple may not have a software switch that can disable TouchID yet”

              And this is my problem? They should, if they are going to be responsible for security. So the answer is to brick the phone without warning? How about going back to the passcode?

              I repeat, did they back up the data before doing so? Are they offering a free fix for the damage they’ve done? Can I choose to live with TouchID broken and use a passcode?

            2. So Apple should anticipate every cheapskate doofus and how they might sabotage their phone? Pretty disingenuous statement. Yes brick the phone so you HAVE to call Apple and correct your stupid mistake. Lesson then learned, data be damned (though unknown if data is automatically deleted – once fixed the data may still be there). That damage was done by the idiot customer and Apple unauthorized repair service who should have warned them or known – the true culprit. Sometimes (actually ALL the time) we must take the hit for the folly of our actions and not expect the world to be at fault instead. I suspect in any case Apple will issue a fix for this.

            3. A price should always be paid for foolishness so you learn by it. Who ever said we get a free pass in life for our own mistakes? If this person had done things correctly through Apple we wouldn’t be talking about it.

            4. Yes, it is your problem, because you chose to have your device repaired by an incompetent repair service. Your beef is with the incompetent repair service who is responsible for bricking your iPhone not Apple. Their incompetence, plus your cheapness in choosing them, is what is causing your later problems, not Apple. Choosing a non-authorized repair is NOT Apple’s fault. Apple’s service agreement which YOU agreed to every time you accept a software upgrade warns you of such possibilities.

            5. With all those iPhone users out there I would think that there are some that through some mishap their Touch ID sensor stopped working and is temporarily resorting to using a PIN to access their iPhone. As such it may be no fault of their own for their phone to be ‘bricked’ by the new iOS update. Do you expect Apple to say “Sorry, your iPhone was not in complete working order so we bricked your phone.”? Since there is a class action suit in progress now, I am guessing Apple stores are not able to help you access those phones.

            6. The suit has not been filed. They have not found a suitable plaintiff. Nor does that stop Apple from assisting people with iPhones and iPads that are not working. Your assumption that a merely broken or not working sensor would cause this problem is unwarranted. No one has made that claim. You are going off the tracks.

            7. I’m simply bring up the possibility that since pairing is involved it means that both ends of the TouchID subsystem are responding in some way that they are ‘working’ and are valid. This assumption is reasonably supported by repaired but otherwise working though unpaired TouchID systems working fine till the OS update. Does it not follow then that a TouchID system that is no working properly would be affected adversely by the iOS update?

            8. If as you say contacting Apple would allow users to regain access to their iPhones I doubt this class action suit would even exist at this stage.

            9. The only “repair” may be replacement unless Apple issues a software fix or some reasonable solution. But honestly what kind of doofus would not back up an iPhone before it went into the repair shop?

            10. Probably one not in an environment that allows for a good backup and also lacking a registered Apple service center for their urgent repair needs.

      1. I would say this would be more along the lines of a car owner replacing their ignition system and all their door locks with an after market system and then suing the car manufacturer when their car won’t start or gets stolen. If as a phone owner you cut corners on an un-authorized 3rd party replacement part as significant as a fingerprint scanner, you shouldn’t be surprised when Apple says we will no longer guarantee the security of your information and therefore have to disable your device to protect ourselves from litigation.

        1. No, you would only sue the manufacturer for bricking everything else. I can choose not to lock my car, and yes, I would yell at the guy for the defective locks and ignition. I would get that fixed, but bricking my car? The whole car?

          Never mind the computer parts of the iPhone, you can’t even make a call.

      2. Let’s follow through with your strawman for a minute… If the car could detect that the aftermarket tires were not properly installed (paired) with the vehicle rims, then I would certainly be in favor of the car being disabled from driving until the problem was fixed.

      1. Why is it Apple’s PR? It is Apple’s fault you did not bother to read the contract when you started using your iPhone or accepted any of the software updates to that iPhone? No, frankly it isn’t. You CHOSE to skip to the end and click accept without reading it! Ergo, you accepted the risks of signing a contract without reading it. If you don’t want to accept the terms of that contract, don’t click, package the iPhone back up, and return it to the vendor you got it from and select another phone.

        1. No…effective PR defuses a situation before it gets viral legs. Perception about a company’s brand is not found in the contract, rather it’s what people are led to believe is real. Maybe you ought to have a chat with Olivia Pope before you read contracts 😉

          1. The number of people who have had a TouchID sensor replaced by a third party repair shop is minuscule compared to the hundreds of millions of iPhones and iPads in the wild with TouchID sensors. Apple has no way to contact those individuals who have had theirs replaced by unauthorized shops or DIY, because they are done by unauthorized shops or DIY. It is also unreasonable for Apple to even cover this people who have done so with pre-warnings. They assumed that risk on their own. Sorry, that is just they way it is. Apple is doing enough to offer to fix the problem those people took on themselves by going outside the authorized repair channels for this very rare repair. They voided any expectation of support from Apple for a problem they’ve brought on themselves. They can go back to the repair shop who created the problem in the first place by taking on a repair they were simply NOT competent to do properly in the first place.

  2. “If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.”

    So people are just too damned lazy to contact Apple support, would rather bitch, then answer an ambulance chaser lawyer’s siren’s call for unhappy iPhone owners, and join a class action lawsuit against Apple.

    The judge should throw this out in less than a heartbeat, but knowing the U.S. legal system this will likely drag on for years, give Apple a continuous bad name in the general media and tech focused media, and eventually cost Apple a few hundred million dollars.

    1. How about rather than bricking the device, they simply send a notification to contact Apple support for an urgent matter?

      This is property destruction, which is illegal, unless it’s buried in the EULA somewhere.

      1. Actually, it’s the unauthorized repair guy who should have told you that his repair would brick your phone. It’s his fault he doesn’t know enough about the equipment he’s “repairing.” If he sets himself up as a qualified repair guy, he should know everything about the phone and the effect his work will have on it.

          1. And there’s the rub. You just want someone to blame.
            Life should be fair. Accidents shouldn’t kill people. There should be no catastrophic storms or floods. There should be equality for all with no discrimination of any kind. Poverty should be abolished. People should be nice to each other.
            But, failing all those things, you could just take personal responsibility for your actions in trying to get a cheap repair on an expensive piece of equipment.

            1. It’s you that suggested I blame the repair guy. At most, it’s his fault if TouchID doesn’t work after that, and the user would be stuck using a passcode. Destroying property without consent or warning tells me there’s other interests involved. At best, it’s just arrogance, and that’s at best.

            2. Ummm. No. If your car mechanic repairs your brakes wrong and causes you to crash, he’s not just responsible for the defective brakes. He’s responsible for the consequential damage. It’s a legal principle. Look it up.
              And while I think the unauthorized iPhone repair guy is legally responsible if his work bricks your phone, it’s also a learning experience for you that cheapest isn’t always any good, let alone best.

            3. I agree. That’s not what the rub is over. And Apple has to live up to the same legal consequences. They disabled non-malfunctioning parts.

              If they are going to own security, then they have to own security. This would absolve them over the security risks, not non-use of the whole device.

        1. Wrong. In the original story I read the repair shop did their repairs and everything was fine until the user applied an iOS update later.

          In other words, Error 53 is a *new* thing. The repair shop *didn’t know* that Apple would add bricking code in a subsequent update. The *user* didn’t know it either.

          Voiding a warranty is perfectly valid after an unauthorized 3rd party repair. Disable all TouchID related functionality, fine. Deliberately bricking the entire device is not, since TouchID *is still not* the authoritative access method for iOS, the passcode/phrase still is. If you doubt that, try using TouchID to install an iOS update, or to access it after restarting your device.

      2. I see, in the meantime, everyone who has their iPhone stolen, is at risk of the thief merely swapping out the TouchID sensor with a malicious knock-off sensor and Voila, instant access to all of the victim’s pass codes, passwords, proprietary data, bank accounts, and everything else that is private that he or she thought was private and protected by his secure passcode and fingerprint? I don’t think that is a good thing at all. You are completely delusional if you think that could be covered in an email notification when such a substitution could take just a few minutes, especially if the victim is unaware his iPhone had not even been stolen. Or, Applecynic, what about the case where the owner has been arrested? The authorities now have a way into the iPhone without the owner’s OK. Right, no search warrant needed, no passcode, no fingerprint required. Instant access. No, you are delusional if you think that is OK.

        1. Easy solution instead of bricking the phone would be simply to disable use of TouchID. I don’t think you can create a TouchID w/o first registering a passcode so the user will still have a secure means of ‘locking’ the phone. Since the current case is about the new update ‘bricking’ the phone, wouldn’t it be reasonable to say that ‘bricking’ the iPhone due to security concerns on a OS update is ‘too late’? The malicious access would probably have long been completed.

          If someone is arrested, can’t the police simply lift fingerprints from the phone to access the phone w/o fiddling with the TouchID?

          1. No. A fingerprint copy cannot activate the TouchID. The TouchID doesn’t actually read “fingerprints” it reads the subcutaneous ridges under the fingerprints.

            1. Then the warrant should order the owner of the object to be opened to open it. Not put the onus on some third part to do so. If the owner refuses, then he should sit in jail until he cooperates in opening the object to be opened.

              That is the way a search warrant is designed to work. It does not put the onus of opening it on the manufacturer.

        2. I believe in warrants. If they obtain a warrant from a judge, after demonstrating probable cause, then I’m okay with it. Same as searching my house now and for generations. What they can’t do is make me incriminate myself and give them my passcode.

    1. False. TouchID is not the authoritative access method for iOS. The passcode/passphrase still is. Error 53 could affect users who never set up TouchID but got a 3rd party repair to the Home button.

      The correct approach would’ve been to disable TouchID and all related functionality, but still allow passcode/phrase access.

      1. False. TouchID will never be open for third party nor will they be able to deactivate/disconnect it when opening up a device servicing the home button. When you go for service, at an Apple store, with a faulty iPhone you either get a new one (hence Apple care) or if it is serviced, you will have to re-enter your fingerprint.

        1. You are technically correct but you’re replying to some comment that has nothing to do with what I actually wrote. Try again.

          Hint: The “False” was to your “It’s about TouchID” and “Case closed”. Bricking the entire iPhone was *not* necessary because TouchID is *not* the authoritative way to access the device.

  3. Do we have any verification that thousands of people have really had their iPhones bricked in this way after having had unauthorised home button replacements?

    We all know about the one case of the guy visiting the Balkans, but what about the others?

    Exactly what is it about the iPhone 6 that appears to make it the only model susceptible to this issue and not the 5S or 6S? It could be that just the one person has had this issue and he has the iPhone 6.

    1. That might hold up if the unauthorized repair facility was the one that damaged the phone at the time the repair was done.

      That probably won’t hold if a subsequent iOS update from Apple itself contains code that causes the phone to become permanently inoperable.

  4. No matter how much you fanboys argue the point the simple fact is that Apple will loose this one in court, period end of story. They simply aren’t allowed to render a device inoperable because of a third party repair. The most they can do is void any warranty. Security will have nothing to do with this.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.