Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
If the Touch ID enclave has been compromised AT ALL the phone needs to be bricked.
Maybe. But, if this is such a critical security issue why does the check only take place when the OS is updated? Why wouldn't the check take place every time the phone is booted? Oh yeah, if someone steals my phone and tampers with the Touch ID system, before they try to read all of my data they are going to first let the phone contact Apple's servers, download, and install the latest updates.
Utter nonsense. Certainly the Touch ID system has to be deactivated. You could even argue that the phone get locked with only Apple being able to unlock it. But to think that permanently bricking the phone is the right solution is crazy. And no, I don't really think this was an intentional ploy by Apple to force users to only use authorized repair services (to the envy of car dealers across the US). It's probably a small enough revenue stream to not really care about. More likely it's just arrogance and/or short-sightedness to not fully think through the consequences of their system designs.
Why do people still (incorrectly) say this is a "new" problem with iOS 9? It's not, and has been around since at least iOS 8 (and possibly sooner, though I didn't see any in a quick search).
This guy went from iOS 8.3 to 8.4 and it happened. Another Apple Support thread has someone with it on 8.2. So clearly this is not new or unique to the latest version of iOS 9.
As to why it only occurs when updating, a little common sense/logic needs applying. When you repair an iPhone you obviously turn it off. When turned back on, it "knows" the Touch ID sensor is different. At this point is when your authorized repair person would connect your iPhone to their system and perform the pairing procedure.
If your iPhone bricked immediately upon power up, how could you ever properly repair (and then pair) Touch ID. When you do an update to a newer iOS version is when it bricks. At this point Apple realizes this was an unauthorized repair and no technician is going to do any pairing. The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
So you just gave another good reason why the phone should not be bricked at all - and instead just the TouchID disabled. You really can't argue it both ways - if the detection of a new TouchID/button module is such a serious threat that the phone needs to be disabled, then anything less than immediately is pointless. Otherwise the malicious entity, hacker, or whatever now has until the next iOS update to break into the phone or whatever you imagine the threat to be? That could be weeks or months. How is that a secure solution? But you already noticed that flaw in the argument.
Why do people still (incorrectly) say this is a "new" problem with iOS 9? It's not, and has been around since at least iOS 8 (and possibly sooner, though I didn't see any in a quick search).
This guy went from iOS 8.3 to 8.4 and it happened. Another Apple Support thread has someone with it on 8.2. So clearly this is not new or unique to the latest version of iOS 9.
As to why it only occurs when updating, a little common sense/logic needs applying. When you repair an iPhone you obviously turn it off. When turned back on, it "knows" the Touch ID sensor is different. At this point is when your authorized repair person would connect your iPhone to their system and perform the pairing procedure.
If your iPhone bricked immediately upon power up, how could you ever properly repair (and then pair) Touch ID. When you do an update to a newer iOS version is when it bricks. At this point Apple realizes this was an unauthorized repair and no technician is going to do any pairing. The ONLY thing I think Apple could do different is put a warning after power up notifying the user and telling them their iPhone will be disabled after X amount of time. Then the customer would know at the time of repair what happened.
Yes, a little common sense... because at this point if your phone is in the hands of the bad guys who figured out a way to circumvent Touch ID it utterly too late anyway. The bad guys aren't ever going to install any updates (this is the common sense part) so the bricking is a completely useless action as it only affects the legitimate owner of the phone.
I would imagine Apple pushes an update that has to be loaded through iTunes that allows the affected devices to function with several features disabled like Touch ID, Apple Pay, etc. This is how iOS and the phones acted before the latest release of iOS 9. I really think Error 53 is a bug.
Also, the issue is not only for iPhones that have crappy replacement parts, OEM parts could be affected too. Technicians have to complete a process that identifies the Touch ID hardware to the secure enclave. If this is not done properly regardless if it's Apple's actual hardware or crappy 3rd party hardware the user will have issues.
Like most if these issues, in a few weeks we will have already moved onto the next ambulance.
Doubtful
The most likely scenario is that affected consumers will be told to go to the Apple Store with a proof of purchase, they will look up the purchase date, region and who bought it, plug in the device to some blackbox that will wipe the phone to factory with the secure parts also re-keyed. Sucks to be someone who bought one off craigslist.
And don't for a minute think that Samsung/Google aren't on their way to do the very same thing. Android devices have been about 4 steps behind the iPhone, even when they thought they were ahead with bigger phones and more cpu cores. It is far more likely that this perceived gaff will have the Android vendors create "cloud backdoors" into recovering the device.
I don't think Apple intended to brick people's phones. I suspect they wanted to disable TouchID and access to the secure enclave on phones that may have been compromised, and allow for the user to take it to Apple or an authorised repair agent to fix it. This would allow for people who are in areas without access to such services to get emergency repairs done to keep their phone working.
That said, if the story had been "I got my phone repaired, and now I can't use ApplePay!" would the reaction have been any different? Seriously, Apple were going to take a hit however this panned out, and in a way bricking the phones means when they fix it so that it only disables TouchID and the secure enclave people will be more accepting of that as a solution. I'm not saying it was a deliberate ploy by Apple, but I think they can make it work for them
In many ways, the fact that it continues to work until the next time iOS is installed on the phone (either an upgrade or a restore) is more of a concern from a security standpoint.
Maybe. I don't know whether Keychain info might be compromised. I would be happier if the phone had to be restored after the re-pair.
Exactly! Touch ID is a lot more than just Apple Pay. It gives you access to everything on the phone including all iCloud stuff.
Touch ID is OPTIONAL. What secures the phone, and even Touch ID is your password. No reason to brick the whole phone as long as it's otherwise protected by the password.
Actually, in the USA anyway, one is under zero obligation to have warranty work done by the manufacturer. Here, we have a free marker philosophy that goes back to the Anti-trust laws of 1890. The idea was to encourage small shops to flourish. Apple knows this (because they have been in court over "restraint of trade" before). If they refuse to supply OEM parts to other shops, they then cannot do what they have just done: force people to use Apple to repair their phones. This has nothing to do with technology. Though Apple wants you to think that. If this were just about tech, why would they completely nuke the phone? And everything on it? Irredeemably? You can brick a Blackberry 10 phone by violating its security credentials. But Blackberry gives you the option of sending them the phone, with proof of ownership, and they will unbrick it. Apple, with it's many store fronts, could easily do the same.
Not remotely true if you want the bill paid by the issuer of the warranty. The issuers/manufacturer has every right to require repairs done by an authorized representative. This issue has been backed by the courts time after time. You may have anyone you wish repair your device, you just can't have a warranty claim paid if it is done by an unauthorized repair service. Additionally, Apple has no legal obligation to sell OEM parts to someone they choose not to. If the terms of the sale include warranty/repair terms (which all Apple hardware product sales do) this issue is clearly laid out. Apple will or will absolutely have to unbrick the phones, but they will not be required to pay someone else to fix broken Touch ID hardware. You are so far off base regarding this particular issue. Some things are just too bad when you make a mistake. When Dewey, Cheatem & Howe has the stupidity to go into court and if it got that far, they will face legitimate claims of trade secrets and maintaining product features that the court will back up. Your problem is you have the wrong issue. It's not remotely an Anti-Trust issue. Mobile devices, Apple products, etc. are freely available from a wide range of manufacturers and dealers. You have infinite choices. The previous issue Apple had with restraint of trade bear no resemblance to this type of transaction.
I get it. You don't like Apple at all. Your comment is only the second one you have made here under that username. My guess is you are a hit and run Apple hater and Android fanboi who thought they saw an opportunity.
Nonsense! Replacing the Touch-ID with HW that is appropriate should just clear all the secure information in the ID chip and erase all Apple Pay information, not render the phone useless. The user then has to start over entering fingerprints and CC information, assuming they know the iCloud account that was tied to the phone. Why is that such a big deal for Apple to deal with?
This is exactly right. If Apple considers to be a car maker, it should look at car key fobs that can be paired by the user. Also, Apple allows the user to pair the SIM card (by entering the key) or asks if a Mac can be trusted with your iPhone. So, my guess is that it is a missing feature that will (must) be implemented in the future.
There are a couple of issues here. Some owners have had to get their phones repaired where there are no authorised Apple repairers. Shock horror! Apple doesn't have repair centres in every corner of the globe! Also, some owners have had their phones brick when they haven't even known that they might be damaged (if they were at all). Arbitrarily bricking your phone is not on. If you had the alternator replaced in your car with a non original part, would you think it reasonable for the manufacturer to remotely disable the vehicle?
That said, the immediate leap to start a law suit before Apple can address the problem is pretty ridiculous. But I guess that's the American Way...
It's about disclosure. If a repair that worked fine is suddenly going to brick a phone after a software update, then Apple has an obligation to warn people about that when they release the update. And don't hide behind the EULA provision about unauthorized repairs. That's untested in the courts and EULA provisions are automatically invalid if they are against the laws, statutory and case law. It is one thing to say your warranty is voided because of an unauthorized repair, a totally different thing to say we are making your phone permanently inoperable because of an unauthorized repair. There are too many Apple apologists. I'm a big Apple fan but I don't let that affect my ability to distinguish right from wrong.
Just to make it clear to you then, the 'stunt' was bricking phones through a software update without warning people who might be affected that their phones will die, and furthermore not coming up with a remedy for said people once they present their bona fides. (e.g. prove that the phone isn't stolen.)
And by the way, I haven't heard of any law that says a company can get away with intentionally and permanently disabling a product because of an unauthorized repair. Have you?
PayPal will permanently lock access to an account if evidence of fraud or hacking are discovered. No different. This isn't a bloody vacuum cleaner we're talking about. It's a bank vault.
In the eyes of the law there is no difference between a bloody vacuum cleaner and an actual bank vault when it comes to the manufacturer unilaterally rendering a physical product permanently inoperable. Paypal is a service. It exists in the ether. It is not a conglomeration of real atoms that people pay for like a $150 bloody vacuum cleaner, or a $600 smart phone, or a million dollar bank vault. Don't let your mindless devotion to Apple shut your logical faculties down and turn you into an Apple apology robot.
Companies aren't allowed to make up rules as they go along. Made-up rules like "Well, it's for security and privacy reasons, so we claim that we have the right to secretly and unilaterally reach into your phone and smash it to bits from the inside. And without compensating you." Apple is so wrong on this one.
PayPal will permanently lock access to an account if evidence of fraud or hacking are discovered. No different. This isn't a bloody vacuum cleaner we're talking about. It's a bank vault.
In the eyes of the law there is no difference between a bloody vacuum cleaner and an actual bank vault when it comes to the manufacturer unilaterally rendering a physical product permanently inoperable. Paypal is a service. It exists in the ether. It is not a conglomeration of real atoms that people pay for like a $150 bloody vacuum cleaner, or a $600 smart phone, or a million dollar bank vault. Don't let your mindless devotion to Apple shut your logical faculties down and turn you into an Apple apology robot.
Companies aren't allowed to make up rules as they go along. Made-up rules like "Well, it's for security and privacy reasons, so we claim that we have the right to secretly and unilaterally reach into your phone and smash it to bits from the inside. And without compensating you." Apple is so wrong on this one.
PayPal will permanently lock access to an account if evidence of fraud or hacking are discovered. No different. This isn't a bloody vacuum cleaner we're talking about. It's a bank vault.
In the eyes of the law there is no difference between a bloody vacuum cleaner and an actual bank vault when it comes to the manufacturer unilaterally rendering a physical product permanently inoperable. Paypal is a service. It exists in the ether. It is not a conglomeration of real atoms that people pay for like a $150 bloody vacuum cleaner, or a $600 smart phone, or a million dollar bank vault. Don't let your mindless devotion to Apple shut your logical faculties down and turn you into an Apple apology robot.
Companies aren't allowed to make up rules as they go along. Made-up rules like "Well, it's for security and privacy reasons, so we claim that we have the right to secretly and unilaterally reach into your phone and smash it to bits from the inside. And without compensating you." Apple is so wrong on this one.
When this thing goes to court and they fracking lose, and they will, will you shut the hell up with your inane rants, or just move on to some other posturing.
What about the people who didn't take their iphone to an non Apple repair place, but are still getting this error. I have felt this affect personally And I've also read about a lot of people who didn't get their home button replaced and are still having this problem. Yes Apple may not be trying to trick people into using their repair service, but what about someone whose phone is rendered useless just because the home button isn't working or has broken. Yes I believe that it is good security but should be reworked from where just because your home button breaks you have to be stuck with a nonworking device. Before you could use your iPhone even if you didn't have a working home button even after a reset, but now you have to buy a new phone if you don't have warranty or your phone is considered Unrepairable by Apple, which I think is the real problem here.
Comments
Utter nonsense. Certainly the Touch ID system has to be deactivated. You could even argue that the phone get locked with only Apple being able to unlock it. But to think that permanently bricking the phone is the right solution is crazy. And no, I don't really think this was an intentional ploy by Apple to force users to only use authorized repair services (to the envy of car dealers across the US). It's probably a small enough revenue stream to not really care about. More likely it's just arrogance and/or short-sightedness to not fully think through the consequences of their system designs.
The most likely scenario is that affected consumers will be told to go to the Apple Store with a proof of purchase, they will look up the purchase date, region and who bought it, plug in the device to some blackbox that will wipe the phone to factory with the secure parts also re-keyed. Sucks to be someone who bought one off craigslist.
And don't for a minute think that Samsung/Google aren't on their way to do the very same thing. Android devices have been about 4 steps behind the iPhone, even when they thought they were ahead with bigger phones and more cpu cores. It is far more likely that this perceived gaff will have the Android vendors create "cloud backdoors" into recovering the device.
I don't think Apple intended to brick people's phones. I suspect they wanted to disable TouchID and access to the secure enclave on phones that may have been compromised, and allow for the user to take it to Apple or an authorised repair agent to fix it. This would allow for people who are in areas without access to such services to get emergency repairs done to keep their phone working.
That said, if the story had been "I got my phone repaired, and now I can't use ApplePay!" would the reaction have been any different? Seriously, Apple were going to take a hit however this panned out, and in a way bricking the phones means when they fix it so that it only disables TouchID and the secure enclave people will be more accepting of that as a solution. I'm not saying it was a deliberate ploy by Apple, but I think they can make it work for them
In many ways, the fact that it continues to work until the next time iOS is installed on the phone (either an upgrade or a restore) is more of a concern from a security standpoint.
I get it. You don't like Apple at all. Your comment is only the second one you have made here under that username. My guess is you are a hit and run Apple hater and Android fanboi who thought they saw an opportunity.
If Apple considers to be a car maker, it should look at car key fobs that can be paired by the user.
Also, Apple allows the user to pair the SIM card (by entering the key) or asks if a Mac can be trusted with your iPhone. So, my guess is that it is a missing feature that will (must) be implemented in the future.
That said, the immediate leap to start a law suit before Apple can address the problem is pretty ridiculous. But I guess that's the American Way...
Get an authorised repair.
Companies aren't allowed to make up rules as they go along. Made-up rules like "Well, it's for security and privacy reasons, so we claim that we have the right to secretly and unilaterally reach into your phone and smash it to bits from the inside. And without compensating you." Apple is so wrong on this one.