Apple Facing Class Action Lawsuit Over 'Error 53' iPhone 6 Bricking

[DevNull0]

After the lawyers take 80% of the cut, Apple will send out $25 vouchers toward the purchase of a new iPhone to those affected.

The only people who win in a class action are the lawyers.

First, as other people have said, your numbers are way out of whack and the class members do share the majority of the payout.

Second, what is your point? In a case like this where Apple is so ****-headed, making Apple bleed is a good enough thing on its own.

Third, these greedy lawyers, would not be kicking in millions of dollars of their own money to fund the lawsuit if they didn't think there was a very, very good chance their 15% cut would cover all their costs and reap a hefty profit. This is going to cost Apple big time.

Fourth, this is a PR disaster for Apple. How many average users will hear "if you do a third party repair to your iPhone, Apple will destroy your phone" and think fond thoughts about Apple? No average person is going to believe it's for their own good.

 

[samcraig]

Heh. I bet they would feel even more safe if Tim Cook kept them in a cage and watched over them so they didn't do something stupid with their iPhones

Yeah - like posting a really blurry photo taken with an iPhone 6 and posting it on twitter. Oh wait...

 

[hackintosh5]

Back stabbing lawyers will try to sue for anything now days!! Some all they want is money and they don't care about anyone else!! A unauthorized repair shop breaks the phone or not knowing what they are doing, to bad and so sad. Just like you take your car to unauthorized repair shop and they mess up you will be the one to pay for it. The car maker could careless. If it was me it should be the repair shop that messed to be the ones to take responsibility for their actions or false promises. I'm sure Apple would get the right fix and unbrick the phone for a price, just try to get money out of the repair shop that didn't know what it's doing since they were not trained officially by Apple. Good luck

 

[C DM]

So has anything new or interesting or useful come up in this thread compared to the last two (each over 30 pages long) about all of this from just days ago?

Or is this basically just rehashing the same things over and over for the nth time?

 

[rdlink]

Error 53 can happen when no repair has been done....... That does not worry you? Suddenly as the end user you are liable and your device is bricked, and if it's out of warranty, apple will not fix it. Guess what happened , the Touch ID failed due to wear and a device never in danger of having its data lost, cause it's in original condition with a hardware fault is now a brick?

Concerning ?

You've invented a ridiculous scenario out of whole cloth that is completely different from the reality of this situation.

If your Touch ID "wears out" and has to be replaced you take it to Apple and they replace it.

If you have a third party put an unapproved, potentially unsafe and insecure Touch ID sensor on your phone Apple employees are no longer authorized to work on it.

As I see it Apple's only sin here is not being clear on the ramifications of being stupid enough to let the electronic equivalent of a shade tree mechanic put unauthorized parts on your phone. If they want to diffuse the situation they should offer to replace the counterfeit parts with genuine Apple parts and re-enable the phone. At the phone owners' expense.

 

[danny_w]

Back stabbing lawyers will try to sue for anything now days!! Some all they want is money and they don't care about anyone else!! A unauthorized repair shop breaks the phone or not knowing what they are doing, to bad and so sad. Just like you take your car to unauthorized repair shop and they mess up you will be the one to pay for it. The car maker could careless. If it was me it should be the repair shop that messed to be the ones to take responsibility for their actions or false promises. I'm sure Apple would get the right fix and unbrick the phone for a price, just try to get money out of the repair shop that didn't know what it's doing since they were not trained officially by Apple. Good luck

I don't think they need any luck, they are pretty certain to win. Lawyers don't take on class action lawsuits and spend their own money unless winning is almost certain.

 

[rdlink]

Apple admits no wrong doing , but has agreed to pay $ 5 itunes card for the total of 1,216 people affected.
Make sure you have your repair receipts or no dice.

$ 12 million or more for the lawyers

Can you share a link to where you found that information?
[doublepost=1455293102][/doublepost]

I don't think they need any luck, they are pretty certain to win. Lawyers don't take on class action lawsuits and spend their own money unless winning is almost certain.

That's pretty much BS. Very few class action lawsuits actually ever go to trial. The real "trial" in a class action is the pre-trial certification of class. If the class is not certified the class action lawyers and their named plaintiffs go away quietly. If the class is certified the defendants usually settle, admitting no liability, providing a nice payday for the lawyers and a few plaintiffs and giving a token, almost worthless fraction to the rest of the class.

 

[LuckyBubba]

So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?

Pretty much the same terms for my Car and home appliances - If I a backyard mechanic replaces parts in my car and it fails - the dealer will not warranty it and I probably will need to bring it to them in order to have it properly fixed and pay the big bucks. Our cars can be Bricked as well

 

[kdarling]

You are spreading misinformation.

The secure enclave does FAR MORE than authenticate fingerprints.
(...)
So, from these examples, the secure enclave handles ACL enforcement, disk encryption, password enforcement, even with TouchID disabled, and software updates.

Sure it does, and I've written about that before.

So what? Its other functions are meaningless in this context.

A compromised Secure Enclave compromises the entire phone.

Uh, a secure enclave that can be compromised is, by definition, NOT a secure enclave

Fortunately, that's not the case here. The key point that you (and some others) are missing is that:

THE SECURE ENCLAVE CANNOT BE COMPROMISED BY A SENSOR THAT SIMPLY SENDS FINGERPRINT DATA OVER A SERIAL LINE (SPI) TO THE CPU. In other words, the sensor cannot send data that modifies (compromises) the secure enclave code or data.

Now yes, it could send an image that would fool the enclave into granting access to the phone. But that's not the same thing as what is meant by compromising the enclave.

Likewise, if I shoulder surf and steal your passcode, I can get into your phone. Ditto if I use a fake fingerprint on a stock sensor to get me into the phone. But again, no one on the planet would claim that was done by "compromising the secure enclave" itself.

Hmm. Perhaps you're misusing or misunderstanding the terminology of a "compromised enclave".

 

[Zellio]

Sure it does, and I've written about that before.

So what? Its other functions are meaningless in this context.



Uh, a secure enclave that can be compromised is, by definition, NOT a secure enclave

Fortunately, that's not the case here. The key point that you (and some others) are missing is that:

THE SECURE ENCLAVE CANNOT BE COMPROMISED BY A SENSOR THAT SIMPLY SENDS FINGERPRINT DATA OVER A SERIAL LINE (SPI) TO THE CPU. In other words, the sensor cannot send data that modifies (compromises) the secure enclave code or data.

Now yes, it could send an image that would fool the enclave into granting access to the phone. But that's not the same thing as what is meant by compromising an enclave.

Likewise, if I shoulder surf and steal your passcode, I can get into your phone. Ditto if I use a fake fingerprint on a stock sensor to get me into the phone. But again, no one on the planet would claim that was done by "compromising the secure enclave" itself.

Hmm. Perhaps you're misusing or misunderstanding the terminology of a "compromised enclave".

They will try to roast you for the 'sending an image' line just FYI. May want to edit saying that you can easily use fake thumbprint images on the 'authorized' apple hardware too..

 

[sualpine]

Sure it does, and I've written about that before.

So what? Its other functions are meaningless in this context.



Uh, a secure enclave that can be compromised is, by definition, NOT a secure enclave

Fortunately, that's not the case here. The key point that you (and some others) are missing is that:

THE SECURE ENCLAVE CANNOT BE COMPROMISED BY A SENSOR THAT SIMPLY SENDS FINGERPRINT DATA OVER A SERIAL LINE (SPI) TO THE CPU. In other words, the sensor cannot send data that modifies (compromises) the secure enclave code or data.

Now yes, it could send an image that would fool the enclave into granting access to the phone. But that's not the same thing as what is meant by compromising the enclave.

Likewise, if I shoulder surf and steal your passcode, I can get into your phone. Ditto if I use a fake fingerprint on a stock sensor to get me into the phone. But again, no one on the planet would claim that was done by "compromising the secure enclave" itself.

Hmm. Perhaps you're misusing or misunderstanding the terminology of a "compromised enclave".

You are arguing that an interruption in the SPI from an unauthorized device connection is not a security concern? If that is your argument than I really can't continue debating you. No one in their right mind in charge of a security system would state that just because there are no code changes that an unauthorized serial connection is not a compromise.

 

[hackintosh5]

I don't think they need any luck, they are pretty certain to win. Lawyers don't take on class action lawsuits and spend their own money unless winning is almost certain.

Please read this http://www.forbes.com/sites/danielf...s-are-mostly-paid-to-do-nothing/#59b46cec63c0

 

[DevNull0]

You are arguing that an interruption in the SPI from an unauthorized device connection is not a security concern? If that is your argument than I really can't continue debating you. No one in their right mind in charge of a security system would state that just because there are no code changes that an unauthorized serial connection is not a compromise.

That comment shows that you have no idea how the SPI protocol works, and you have no idea what the actual issue here is or just what sort of security hole Apple is trying to close (and there really is one). How can you accuse someone else of being too ignorant to debate a security system that you are clueless about.

Here's a hint. SPI is not persistant, and can have many devices connected at once. The master device will request data when it feels like from slave device. So to talk about "an interruption in the SPI from an unauthorized device connection" just shows pure ignorance. The only issue is that an unknown device can be doing things besides reading a fingerprint and sending the encrypted data to the CPU.

You sound like you're saying a telemarketing fraud is caused by a security hole in the phone network so only phones installed by AT&T should be allowed to connect in your home. Installing a third party phone means that your carrier should send someone over to rip all the wires out of your walls.

 

[sualpine]

That comment shows that you have no idea how the SPI protocol works, and you have no idea what the actual issue here is or just what sort of security hole Apple is trying to close (and there really is one). How can you accuse someone else of being too ignorant to debate a security system that you are clueless about.

Here's a hint. SPI is not persistant, and can have many devices connected at once. The master device will request data when it feels like from slave device. So to talk about "an interruption in the SPI from an unauthorized device connection" just shows pure ignorance. The only issue is that an unknown device can be doing things besides reading a fingerprint and sending the encrypted data to the CPU.

You sound like you're saying a telemarketing fraud is caused by a security hole in the phone network so only phones installed by AT&T should be allowed to connect in your home.

Of course it can have many devices connected at once, and Apple is verifying whether they are authorized or not, by checking the responses and supplied keys.

Do you think they should not be making these checks, wiseguy?

 

[Tinmania]

How About your cars remote door opener fails and you replace it with an aftermarket one. Next month when you get a oil change the dealer updates your cars firmware so that the car will not start until you replace the automatic door opener which has nothing to do with safety or security.

Except in this case it would be like, after the oil change, they want you to replace the car itself. Absurd. Apple is on the losing end of this one.



Mike

 

[StructAural]

Really, stop lying. Ignorant people might believe your nonsense.

See that, no warranty on unauthorized modifications. Every company on the whole wide world excludes unauthorized modifications, because who knows what will happen? The battery might even explode and kill you, that's not Apples problem. You did it.

What has warranty got to do with Apple bricking your phone losing all your data? Your phone will be out of warranty after 9 months, so what? Apple is destroying your property rendering it unusable, please don't be so dense and equate that with wibblings about warranty. The rest of your posts are just defending the indefensible. TouchID is not even required as security after a reboot or repair, therefore, it has nothing to do with the security of the phone - your passcode is what encrypts the phone. This has happened with plenty of legit users whose phones have not been tampered with.
This error 53 if not addressed will decimate Apple's iphone second hand market too, but maybe that's the intent. They have become what Jobs sought to fight against..

I can't believe all these stupid comments here. What if someone could access all your private data including Apple Pay by just stealing your device and replacing the finger print sensor? What's the point with a finger print sensor if it's not keeping your stuff secure? Please think people!

Try a bit of thinking yourself. When was the last time you booted up your phone (unless you think someone can do a repair with the phone still on) and it required you to unlock it with your fingerprint?
It doesn't even use 2-step which would be useful - put in your passcode and then your fingerprint. No. It does not require a fingerprint to unlock it from a reboot. So if someone was to nefariously replace the fingerprint sensor who would it benefit?
No, all that was required was for the fingerprint sensor to be disabled as the it is the passcode that keeps your phone secure.

 

[SirCheese]

I completely agree with you.

Shocker!

 

[Tinmania]

There could be another angle. Since TouchID sensor acts as input of fingerprint data to the iOS, there is a fair chance that in order to gain access to iDevice companies may develop a way to enter spurious fingerprint data to iOS in a form of brute force attack. That makes the iDevice more vulnerable. To protect individual's privacy Apple may have taken this step.

If you are still unhappy, wait for Cydia Hack to disable Error 53.

This is ridiculous. For one thing, a brute force fingerprint attack is pointless.

More importantly, why is Apple so concerned about fingerprints? They should immediately disable touch ID and revert to passcode. If you are worried about security and a "police state" you should know that you can legally be compelled to unlock your phone via fingerprint as it is a physical attribute (similar to revealing a tattoo via a warrant). But you cannot be compelled to provide your passcode as it is in your mind (5th amendment protected in the US).


Mike

 

[kdarling]

You are arguing that an interruption in the SPI from an unauthorized device connection is not a security concern?

No, I'm saying flat out that an unauthorized SPI input device cannot compromise the secure enclave, which is what you claimed.

If it could, then iOS has a HUGE problem way, way beyond the fingerprint sensor.

If that is your argument than I really can't continue debating you. No one in their right mind in charge of a security system would state that just because there are no code changes that an unauthorized serial connection is not a compromise.

The reason you cannot debate my response is because the enclave cannot be compromised in this way.

Now you're changing your scenario away from a compromised secure enclave, to a possible buffer overrun or denial-of-service attack on the main CPU.

Look it's okay to admit that you actually meant something else. Geez. It's obvious to any engineer. No harm, no foul.

 

[AxoNeuron]

"Apple Hit With Class Action Lawsuit Over Ease of Hacking Due to Easily Replaceable Touch ID" is what it would read if Apple had made it possible to replace the Touch ID with some after market crap.

There was a Bloom County strip once where Steve Dallas decided to sue Nikon because they failed to put a warning on cameras not to take pictures of Sean Penn. I think he reasoned that he shouldn't sue Opus because "NEVER, NEVER, NEVER SUE POOR PEOPLE" whereas Nikon had gobs of cash.

A non-authorized repair shop bricked some phones by using a probably 'out the back door' Touch ID (as they are not just available to anyone to use for repair) and they didn't have the knowledge or ability to properly sync the new part to the secure enclave. THIS MUST BE APPLE'S FAULT for not making it possible to repair a $600 phone with the cheapest parts possible.

Apple must have known tens or hundreds of thousands of people would have non-official Touch ID sensors in their devices. So the fact that they disabled these devices - without warning - is completely unacceptable. So many people don't live anywhere near an Apple Store, or in areas where official service is available, that a third-party repair was their only option. Apple could have ran a diagnostic BEFORE the update was applied and warned the user that they were using a non-authorized sensor in their device, but Apple didn't do that. Apple just outright disabled the device, which is completely unacceptable.

Face it bud, Apple really just doesn't have an excuse here. There are so many ways they could have avoided this situation while maintaining security, but they chose the dumb route.

 

[WestonHarvey1]

I thought the only thing a Touch ID sensor does is spit out a hash code after it read your fingerprint. Everything else is handled by the "secure enclave". So what possible security impact could some rogue sensor have?

Apple needs to clarify this because now it doesn't sound like Touch ID is as secure as they promised.

 

[DevNull0]

Of course it can have many devices connected at once, and Apple is verifying whether they are authorized or not, by checking the responses and supplied keys.

Do you think they should not be making these checks, wiseguy?

You're missing the entire point. Did I say they shouldn't be making checks?

I said the SPI bus allows many devices at once. I didn't say Apple has many devices connected. And why do you even think Apple should be making checks on every device connected. Again you think it has something to do with the SPI bus automatically needing security? TouchID is a security device who's data is part of Apple's secure enclave so these checks make sense. The SPI bus could also connect to the bluetooth module for wireless headphones. You think that should have the same encryption? It probably does connect to the GSM modem. You think that should have the same encryption as touchID?

You're arguing so strongly when you have no idea about the issue you're arguing about. It must be hard to have blind faith in something you don't even understand. Will your brain implode if you take a moment to look up SPI on wikipedia and try to understand what you're arguing about?

 

[Tinmania]

It's more like a car not starting because you tried a cheap knockoff key.

This SHOULD be more like your car doors not unlocking because you tried a cheap fob knockoff. So you use your key (passcode) and you are on your way. But to disable your car because of this is absurd.

I should note I DID buy a knockoff fob for my F350 truck that one time didn't work--and my keys were locked inside the truck (I was kayaking). Ironically, like my iPhone, my truck has passcode entry so it was a non issue. But if this was like Apple my truck would have been disabled, period.


Mike

 

[Dave.UK]

Not everywhere. http://www.apple.com/uk/legal/statutory-warranty/
Under consumer laws in the UK, consumers are entitled to a free of charge repair or replacement, discount or refund by the seller, of defective goods or goods which do not conform with the contract of sale. For goods purchased in England or Wales, these rights expire six years from delivery of the goods and for goods purchased in Scotland, these rights expire five years from delivery of the goods.

If you can prove its an inherent fault via an independent report after 6 months.

 

[gnasher729]

I don't think they need any luck, they are pretty certain to win. Lawyers don't take on class action lawsuits and spend their own money unless winning is almost certain.

I think Apple won a case recently because one lawyer was the whole class, because the second person in the class didn't actually own an Apple device, so she had to pay another person to create exactly the same situation that she complained about. I suppose the judge enjoyed the case.