Apple acknowledges 'Error 53' glitch, says it's part of Touch ID security [u]

AppleInsiderAppleInsider
Posted:
in iPhone edited February 2016
Apple on Friday publicly acknowledged an unusual "Error 53" message, triggered by updating an iPhone 6 to iOS 9 or later after having the phone's Touch ID sensor fixed by an unofficial technician. [Updated]




"We protect fingerprint data using a Secure Enclave, which is uniquely paired to the Touch ID sensor," a spokeswoman explained to The Guardian. "When [an] iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the Touch ID sensor, the pairing is re-validated."

With an unofficial repair, the representative warned, that pairing can go unvalidated and lead to Error 53 once iOS is updated, or even restored. People running into the glitch should contact Apple support, the spokeswoman suggested.

The problem renders an iPhone unusable however, and affected owners will likely have no choice but to buy a new phone, since an unofficial repair violates Apple's warranty terms.

The Guardian observed that many regions lack Apple Stores, which can sometimes make it hard to find a place to get authorized repairs done in a timely manner.

When Apple launched Touch ID it went to great lengths to assure people that the associated data couldn't be leaked online, or even captured by installed apps. The need to re-validate appears to be a defense against thieves (or other parties) extracting fingerprint data via hardware modifications.

Update: Apple has issued a separate statement to AppleInsider.

"We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers," the company said. "iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device's other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support."
«134567

Comments

  • Reply 1 of 140
    gatorguygatorguy Posts: 24,213member
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Mr_Greywonkothesanebobschlobbdkennedy1002SpamSandwichnolamacguyigorskyirelandlatifbppunkndrublic
  • Reply 2 of 140
    volcanvolcan Posts: 1,799member
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    I agree in principle, however, the error message should provide better communication to the user, not just Error 53. You know something like "iOS has detected a security issue with Touch ID. Please visit an authorized Apple repair location. Error 53."
    edited February 2016 dws-2bdkennedy1002lymfcornchipabedossmaxit[Deleted User]
  • Reply 3 of 140
    cnocbuicnocbui Posts: 3,613member
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Ireland doesn't have an Apple store. I'm not sure about authorised repairers who could do the job. Why isn't there an option for getting Apple to do the authorisation and not having to get a new phone?
    cornchipabedoss
  • Reply 4 of 140
    Mr_GreyMr_Grey Posts: 118member
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed.  But that won't stop the shit storm.  
    People will agree out of one side of their mouth that it sounds reasonable for Apple to do this, but still demand that they "fix" it anyway.  To do otherwise would be to take responsibility for one's actions.  Something that's been an anachronism for many years now.  
    lolliver
  • Reply 5 of 140
    Mr_GreyMr_Grey Posts: 118member
    volcan said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    I agree in principle, however, the error message should provide better communication to the user, not just Error 53. You know something like "iOS has detected a security issue with Touch ID. Please visit an authorized Apple repair location. Error 53."
    On thinking about it ... it might also make more sense to simply disable TouchID on the device instead of bricking it.  The error message could tell you what you did and what the consequences were instead of being obtuse and killing the phone as well.  
    [Deleted User]
  • Reply 6 of 140
    muppetrymuppetry Posts: 3,331member
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
  • Reply 7 of 140
    lkrupplkrupp Posts: 10,557member
    muppetry said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    Because you know exactly how it all works?
    Rayz2016lolliver
  • Reply 8 of 140
    gatorguygatorguy Posts: 24,213member
    muppetry said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    I don't think Apple has said it can't be reauthorized have they? I don't know what Apple's advice is if you call/contact them as they suggest. 
    lolliver
  • Reply 9 of 140
    Mr_GreyMr_Grey Posts: 118member
    muppetry said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    Well, at the very least, this path would require Apple to take out the "repaired" element and replace it with a verified Apple element, so a person would have to do the repair all over again, lose all the money for the first repair and pay Apple probably double what they would have, if they had just let them repair it in the first place.  

    The kind of people who would consider a cheap third party repair, and the kind of people that are hot under the collar about their phones being bricked, are unlikely to consider any of that "fair" or to be inclined to do it.  It seems very likely to me that the folks who have been bitten by this are sitting at home right now demanding (to their wives or whomever is forced to listen) that Apple fix it all up "for free."  They aren't going to just smack themselves in the forehead and say "Oh, this is all my fault!  I hope Apple can fix it for me, I'd pay them whatever they want to too so."  
    lolliver[Deleted User]
  • Reply 10 of 140
    dws-2dws-2 Posts: 276member
    This is good. My concern is that it should have happened before iOS 9. Also, I agree that it would be nice to get a better error message.

    As for needing a new iPhone because of the unauthorized repair, I think the implication is that Apple could charge to replace the TouchID sensor properly, not that you're going to need a new phone.
  • Reply 11 of 140
    rob53rob53 Posts: 3,251member
    muppetry said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    I'm not sure Apple could reauthorize it anyway. If they could, the NSA and FBI would have a way to force Apple to break into an iPhone and bypass the TouchID security. I'm sure the secure element is matched to one TouchID part and that's all it works with. I'd much rather have it this way than have it able to be so easily bypassed.
    Rayz2016lolliver
  • Reply 12 of 140
    muppetrymuppetry Posts: 3,331member
    gatorguy said:
    muppetry said:
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    I don't think Apple has said it can't be reauthorized have they? I don't know what Apple's advice is if you call/contact them as they suggest. 
    I would hope that's how it works, but several other articles on the subject indicate that Apple have been telling users that they will need a new phone and that there is no way to recover any data from the old phone. 

    http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair
  • Reply 13 of 140
    volcanvolcan Posts: 1,799member
    muppetry said:

     I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    Did you read the article? Apple has no way to know what was done to the phone by the unauthorized tampering/repairing and they can't be sure that a thief hasn't extracted the fingerprint information on the hardware. Bricking is the only foolproof way to eliminate any possibility of fraud. AND... unauthorized dismantling of Touch ID on the phone violates the Apple warranty so they are not obligated to fix it.
    nolamacguylollivermaxitawilliams87
  • Reply 14 of 140
    bobschlobbobschlob Posts: 1,074member
    muppetry said:
    gatorguy said:
    Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    I'm pretty sure that would mean a new touch ID module. And just as it is with a 'new battery module" that basically just means a 'new phone'. (just swap the phone)
    In any case, there should definitely be no way to simply fix this issue with some sort of software or "reauthorization" (or have you not been listening to what Apple has been saying to the government about security, backdoors, and access?)
    lolliver
  • Reply 15 of 140
    bobschlobbobschlob Posts: 1,074member

    muppetry said:
    gatorguy said:
    I don't think Apple has said it can't be reauthorized have they? I don't know what Apple's advice is if you call/contact them as they suggest. 
    I would hope that's how it works, but several other articles on the subject indicate that Apple have been telling users that they will need a new phone and that there is no way to recover any data from the old phone. 

    http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair
    Of course there is no way to recover the data (except from your own authorized backup). That's the IDEA.
    awilliams87
  • Reply 16 of 140
    linkmanlinkman Posts: 1,035member
    Why not fix the problem by having iOS wipe out the data in the secure enclave/Touch ID, thus ensuring the data is not compromised instead of bricking it? Or at least let the phone work without use of Touch ID (yikes, it'd be like using an iPhone 5). Yes, this would allow non-Apple authorized repairs to actually succeed and possibly deprive Apple of a bit of revenue. As for the person quoted in the Guardian article that lost all of his/her data: backup your stuff! Data-wise this is no different than losing your iPhone. Apple makes it so easy to backup and restore that there should be no excuses. If you value the information then back it up.
    edited February 2016 lolliverwebweasel
  • Reply 17 of 140
    bobschlobbobschlob Posts: 1,074member
    It's hilarious that people want these phones to be un-hackable, and then complain when, after mucking about with the chief security feature of the phone, they find that the data can't be accessed. (That's what's supposed to happen)
    lolliverawilliams87
  • Reply 18 of 140
    muppetrymuppetry Posts: 3,331member
    volcan said:
    muppetry said:

     I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    Did you read the article? Apple has no way to know what was done to the phone by the unauthorized tampering/repairing and they can't be sure that a thief hasn't extracted the fingerprint information on the hardware. Bricking is the only foolproof way to eliminate any possibility of fraud. AND... unauthorized dismantling of Touch ID on the phone violates the Apple warranty so they are not obligated to fix it.
    Of course I read the article - that's why I'm commenting on the omission of any detail on what Apple will do if one follows their advice and contacts customer support. That suggests that there are options beyond "you are SOL, buy a new one". You clearly did not bother to read the article that I linked. None of your comments above are even remotely relevant to the question of whether Apple can reactivate the phone, even if that does mean another new module. If a thief has already extracted data from the old module, then that's done - too late to do anything. If they suspect that the new module might be compromised then they could replace it. No one said anything about Apple being obligated to do that for free.
    bobschlobicoco3
  • Reply 19 of 140
    cnocbuicnocbui Posts: 3,613member
    dws-2 said:
    This is good. My concern is that it should have happened before iOS 9. Also, I agree that it would be nice to get a better error message.

    As for needing a new iPhone because of the unauthorized repair, I think the implication is that Apple could charge to replace the TouchID sensor properly, not that you're going to need a new phone.
    The article didn't imply what you say you think it did:
    The problem renders an iPhone unusable however, and affected owners will likely have no choice but to buy a new phone, since an unofficial repair violates Apple's warranty terms.
    lkrupp said:
    muppetry said:
    Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
    Because you know exactly how it all works?
    Stop pretending you know. Apple can perform an authorisation, therefore there is a process that can accomplish this. There is nothing illogical about supposing Apple could do the authorisation after a 3rd part repair attempt.
  • Reply 20 of 140
    cpsrocpsro Posts: 3,198member
    OT:
    Oh, dear, Apple is the most valuable company again. Such a pity for Alphabet.
Sign In or Register to comment.