Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

dave420

macrumors 65816
Jun 15, 2010
1,426
276
That's semi-true however there is no fix in case. In the case of the car you can get a proper key from the dealership. Plus you don't need TouchID for a functional phone as it's an extra feature and the phone works properly without it.
I tried the wrong key in a friend's Cadillac years ago and you wouldn't believe the trouble it caused. Somehow that totally disabled the car for some security reason. I think the car was towed and it was an expensive fix.
 

goobot

macrumors 604
Jun 26, 2009
6,571
4,704
long island NY
That's semi-true however there is no fix in case. In the case of the car you can get a proper key from the dealership.

Correct me if I'm wrong but can't you just replace the part with an authentic one?

Plus you don't need TouchID for a functional phone as it's an extra feature and the phone works properly without it.

But if I go into setting and turn off Touch ID, my phone still works. Does it not?

You make it sound like it's impossible to use the phone without Touch ID, but it's an option right there in the settings.

Im not sure how security on these devices work but it may be that it's all interconnected. Just because ID is disabled it may not mean that it isn't still functioning. Doesn't the Touch ID sensor also control that feature that causes the screen on the 6 and 6S to move down? I believe it's called reachability? So faulty/compromised parts may still be able to unlock the device even with it disabled. Again I'm not sure this is how it functions.
 

kd5jos

macrumors 6502
Oct 28, 2007
432
144
Denver, CO
I think it still needs to be properly synced/paired.



They car would never ever start again?

Gary
No, you could pull the chip or replace the computer and get the car to start.

The car as comparison fails on many points. The phone is a telecom device, the car isn't. The primary job of a phone is to handle data. Not true of a car. Physical security and data security are different all together.

So although the anecdote is interesting, it doesn't really offer us insight into this situation.
 
  • Like
Reactions: Sracinas

springsup

macrumors 65816
Feb 14, 2013
1,250
1,266
There is so much misinformation about this, I'm going to repost the technical explanation I gave in the other thread:

The API hides a lot of the implementation details, so most developers won't know how it really works, but Apple document it in their iOS Security Guide (PDF).

When you boot your iPhone up, the filesystem is encrypted. It's just full of meaningless junk; you can't use the phone. Once you enter your passcode for the first time, the system reads the filesystem key (which itself is stored encrypted by your passcode), and tries to decrypt it. If your passcode is correct, it will end up with the correct filesystem key, and it can unlock your iPhone's hard drive and read useful data from it. This filesystem key is called "NSFileProtectionComplete".

Page 12 said:
(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode and the device UID.
Page 15 said:
... when a passcode is entered, the NSFileProtectionComplete key is loaded from the system keybag and unwrapped.

IMPORTANT: At this point your phone is unlocked. That is all there is to it. This filesystem key gets placed in the Secure Enclave so your iPhone can read/write from its hard drive. We haven't used TouchID or fingerprints so far, just a passcode. This is why you always need to give your passcode after a restart.

So how does TouchID work, exactly?

Let's look at what happens when you lock the phone, and how it's different between TouchID and non-TouchID:

Page 9 said:
If Touch ID is turned off, when a device locks, the keys for Data Protection class Complete, which are held in the Secure Enclave, are discarded. The files and keychain items in that class are inaccessible until the user unlocks the device by entering his or her passcode.

With Touch ID turned on, the keys are not discarded when the device locks; instead, they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s fingerprint, it provides the key for unwrapping the Data Protection keys, and the device is unlocked.

So basically if you have TouchID disabled (passcode only), this key gets thrown away and you need to enter the passcode again next time you unlock. It's the exact same process as you go through on first-boot.

What Apple is saying here is that TouchID just holds on to the key which you already obtained via your passcode for a while (48 hours if the device stays on). But is TouchID really completely optional? Let's ask Apple:

Page 7 said:
When Touch ID scans and recognizes an enrolled fingerprint, the device unlocks without asking for the device passcode. The passcode can always be used instead of Touch ID

Okay, I guess that settles it.

What about other stuff like iTunes/ApplePay purchases? How does that work with TouchID?

Page 8 said:
Touch ID can also be configured to approve purchases from the iTunes Store, the
App Store, and the iBooks Store, so users don’t have to enter an Apple ID password. When they choose to authorize a purchase, authentication tokens are exchanged between the device and the store. The token and cryptographic nonce are held in the Secure Enclave. The nonce is signed with a Secure Enclave key shared by all devices and the iTunes Store.

So when you enter your iTunes Store password the first time after a reboot, your device gets a temporary token to use for purchases, stores it in the Secure Enclave, and guards it behind TouchID. Again, it's totally optional; just a shortcut for entering your password.

The same applies to Apple Pay:

Page 34 said:
The Secure Element will only allow a payment to be made after it receives authorization from the Secure Enclave, confirming the user has authenticated with Touch ID or the device passcode. Touch ID is the default method if available but the passcode can be used at any time instead of Touch ID. A passcode is automatically offered after three unsuccessful attempts to match a fingerprint and after five unsuccessful attempts, the passcode is required. A passcode is also required when Touch ID is not configured or not enabled for Apple Pay.

Man, Apple is really going to regret writing this document...

So yeah, in conclusion:

1. it is totally technically possible to rip the TouchID sensor out of your phone and still be able to unlock it (assuming you have the passcode).
2. TouchID does not seem to be essential for any single feature of the device; it is only ever a shortcut for entering the passwords you have already recently entered in to the phone.
3. It's really weird that Apple only check the TouchID sensor's integrity when they update the OS. Surely they should check that on every boot?

So what did Apple do wrong?

1. Apple should have communicated better (not when performing the update, but when buying the device!) that the TouchID sensor can only be replaced by an authorised technician.
2. If the TouchID sensor is compromised, they should fall-back to the passcode. As I said, the passcode is the only thing you really need to unlock the device.

Law firms? I just did all of your investigation work for you. Feel free to cut me a cheque.

EDIT: Rewritten for greater clarity for non-technical folks.
EDIT2: My personal feeling is that this is a bug -- I mean, what if the legit sensor developed a hardware fault? You don't want the machine to just lock all access. I think Apple did intend to fall-back to the passcode if the TouchID sensor, but unfortunately this is a catastrophic bug: even if Apple fix it, once you're locked out of the phone you can't update to get the fix. They should release a software update ASAP and repair any affected phones for free.
 
Last edited:

Porco

macrumors 68040
Mar 28, 2005
3,337
7,023
I'm genuinely not sure if there might be complicated security reasons why simply disabling TouchID can't safely happen when unauthorised parts are detected...

But I am pretty sure Apple have mishandled this whole situation so far. I can't imagine the percentage of people ever needing to replace the sensor is so high that they wouldn't be better off just offering a repair (and a re-pair-ing(!)) at a low cost for anyone who can get to an Apple store, and an alternative solution (postal handset replacement etc?) for those not near an Apple store. Bricking the phone with no clear prior warning is not reasonable, whatever any warranty or terms and conditions might say in the smallprint. I would hope Apple will properly address this issue soon, it's terrible publicity.
 

ThirteenXIII

macrumors 6502a
Mar 8, 2008
859
319
its like, hey i forgot my password. so lets modify the device and let me access even though that defeats the purpose of there being this blockade...oh no my device doesn't work because i deliberately used force to bypass it.

if this case wins, this opens up more than an error 53 settlement, this is grounds for these **** heads in washington that want easy access to your device and backdoors enabled...F-that
 

2010mini

macrumors 601
Jun 19, 2013
4,701
4,807



iphone6s-gold-select-2015-250x328.jpg
Seattle-based law firm Pfau Cochran Vertetis Amala (PVCA) today followed through with plans to bring a class action lawsuit against Apple over the "Error 53" controversy that made headlines last week.

"Error 53" is the error code that some iPhone 6 owners have received after third-party repairs that affect Touch ID were made to their iPhones, rendering the devices unusable. As explained by iFixit, repairs made by third-party services using non-original components cause the iPhone to fail a Touch ID validation check because the mismatched parts are unable to properly sync. Parts that can impact Touch ID include the screen, flex cable, and Home button...

Seems like they have legit case.



There is a lot of misinformation on this subject. The "brick" happens when someone replaces the TouchID sensor--with a GENUINE OR 3rd party part. Apple is most likely within their right to disable TouchID when they detect a mismatched sensor as it's a security risk. However bricking the device and not giving any warning is probably going too far.

where does it say genuine parts? If your phone is bricked after repair with genuine parts at an authorized facility, then they are responsible to replace your phone. Same as it would be if an Apple store damaged it during repair.

I don't understand people who buy expensive things but cheap out on maintenance/repair..... its like buying a lambo but take it to joe schmo tire shop just to "save a couple bucks"
 

Tjex

macrumors member
Dec 17, 2012
43
42
So yeah, it is totally technically possible to rip the TouchID sensor out of your phone and still be able to unlock it (assuming you have the passcode). TouchID is not essential for any single feature of the device; it is only ever a shortcut for entering the passwords you have already recently entered in to the phone.

Law firms? I just did all of your investigation work for you. Feel free to cut me a cheque.

My understanding is that installing the new OS bricks the phone (without warnings) and you can't log into it again, with or without TouchID. TouchID isn't disabled, the whole phone needs to be replaced. So the law firm does indeed have a valid case. If apple just disabled TouchID, then it wouldn't be much of a problem.
 

Vanilla35

macrumors 68040
Apr 11, 2013
3,344
1,453
Washington D.C.
It amazes me how little people actually care about their security (and do not confuse security with privacy here). Apple is trying to protect its users, but they are too stupid to realize.

But on the other hand, Availability is a part of the CIA triad so bricking the phone does violate this premise.

However, Apple is doing this because a piece of hardware inserted between the Touch-ID Sensor and the Secure Enclave could in theory either intercept scans or access the enclave.

They are doing this to protect you, not as a "screw you for trying to fix your own phone." People will always see what they want to see though, I suppose.

Oh? It amazes me how ridiculously one-sided macrumor appleists can be. If they are worried about the third party sensor influencing enclaves, then it sounds like the "TouchID Off" setting isn't "doing it right" in the settings menu. Off should mean nothing is going in or out of the enclave.

It seems we have forgotten that just 2-3 generations ago, there was no TouchID and we did just fine with passwords saved to iCloud Keychain. The phone should still be able to operate that way with no problem - and a pin for the lockscreen. Apple bricking your device is absolutely uncalled for.

The outrage isn't because apple is going too far when it comes to third-party replacements. The outrage is that apple will brick your perfectly working iPhone, for the swapping of one simple part. Can it be a huge security risk? Yes, but that's why there is an off switch. If off doesn't truly mean off...well, apple can have a taste of it's own medicine. "You're disabling it wrong."

I would never get my device fixed third party, but this is appalling. TouchID disabled right away on boot? Absolutely. But bricking? Absurd.
 
Last edited:

springsup

macrumors 65816
Feb 14, 2013
1,250
1,266
My understanding is that installing the new OS bricks the phone (without warnings) and you can't log into it again, with or without TouchID. TouchID isn't disabled, the whole phone needs to be replaced. So the law firm does indeed have a valid case. If apple just disabled TouchID, then it wouldn't be much of a problem.

Exactly.

- Apple should have communicated better (not when performing the update, but when buying the device!) that the TouchID sensor can only be replaced by an authorised technician.
- If the TouchID sensor is compromised, they should fall-back to the passcode. As I said, the passcode is the only thing you really need to unlock the device.

I've rewritten the post to be clearer. It was a bit jumbled up before.
 
Last edited:

iMember

macrumors 6502
Mar 19, 2014
280
107
It amazes me how little people actually care about their security (and do not confuse security with privacy here). Apple is trying to protect its users, but they are too stupid to realize.

But on the other hand, Availability is a part of the CIA triad so bricking the phone does violate this premise.

However, Apple is doing this because a piece of hardware inserted between the Touch-ID Sensor and the Secure Enclave could in theory either intercept scans or access the enclave.

They are doing this to protect you, not as a "screw you for trying to fix your own phone." People will always see what they want to see though, I suppose.
The new Apple cares about people's security? Yeah right! just like they cared to intensionaly crippled the Safari search bar with a bug
iPhone 4s user finds out the Safari search bar doesn't work, he resets the phone..still doesn't work, upgrades to iOS 9 from iOS 8..still doesn't work, but he did upgrade right? Trick pony!;)
If Apple actually cared about their costumers will have atleast made the iOS 9 run smoothly on the iPhone 4s instead crippling it, and before you say anything..the Galaxy S2 from 2011 had just received the Android Marshmallow update :eek:
 

Tubamajuba

macrumors 68020
Jun 8, 2011
2,187
2,445
here
So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?

I completely agree with you.

However... I did read somewhere that legit repairs sometimes threw the "Error 53" as well, and Apple still wouldn't fix/replace the phones. If there are numerous cases where that happened, I can understand a class action lawsuit.

Then again, I can't even remember where I read that so maybe it didn't happen.

The new Apple cares about people's security? Yeah right! just like they cared to intensionaly crippled the Safari search bar with a bug
iPhone 4s user finds out the Safari search bar doesn't work, he resets the phone..still doesn't work, upgrades to iOS 9 from iOS 8..still doesn't work, but he did upgrade right? Trick pony!;)
If Apple actually cared about their costumers will have atleast made the iOS 9 run smoothly on the iPhone 4s instead crippling it, and before you say anything..the Galaxy S2 from 2011 had just received the Android Marshmallow update :eek:

Interesting. Can you find a link for me that definitively proves that Apple intentionally crippled the search bar on the iPhone 4S? You know, something like leaked emails or off-the-record statements from Apple employees. Not the personal opinions and pontifications that plague this forum.

And please, tell me how you honestly expect the vast majority of current Galaxy S2 owners to have the technical skill necessary to install CM on their phone. No, CM is not at all equivalent to manufacturer and carrier sanctioned updates that rarely involve more than a tap or click. Not to mention, how stable is it going to be?

I always enjoy how some people on this forum give Android devices a pass just for checking a box, regardless of how rough the box is. And how Tim Cook's aggressive stance on data collection and privacy apparently means nothing.
 
Last edited:

DevNull0

macrumors 68030
Jan 6, 2015
2,708
5,412
So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?

Let me use small words for you.

They did not void their warranty, they did an out of warranty repair and didn't give Apple a cut (and it would be illegal for this to void the warranty anyway).

So Apple bricked their phone. On purpose. For no reason other than to punish people for not giving Apple their repair business.

I hope this law suit costs Apple billions and Timmy gets the firing he deserves.
 
Last edited:

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,460
So...a 3rd thread in just a matter of days to rehash the same things that have been rehashed many many times in each of the previous two threads (which are each over 30 pages long just rehashing the same things and still ongoing)?
 

Deuce on the Clock

macrumors regular
Jan 9, 2016
219
345
My own universe
So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?
Its not just 3rd party that has disabled phones. "Genius" specialist have bricked phones by not calibrating them while doing repairs in store. Displays and home buttons cause the error to appear not just home buttons.
[doublepost=1455238880][/doublepost]This was a sly way for Apple to have customers use their repair services and hope it wold fly under the radar. They can't handle repair volume now in their stores so this is absurd.So this boggles the mind as to the disconnect as to why they would do this. Currently they are trying to send repairs to Best Buy because they cannot handle the volume.They also will hand out loaner phones for any repairs in Apple store and send them all to depot in the future. They have reached the point of not being able to handle the volume on the repair side in store. The only motive to brick them was greed and arrogance on Apples part.
 

hungx

macrumors 6502
May 8, 2012
346
47
Davis, CA
There seems to be some confusion over what causes the phone to brick. To summarize, there are three possible reasons:

1.) Repair using genuine parts (either authorized or unauthorized repair). The phone will brick if the Touch ID part is not paired with the logic board.
2.) Repair using third party parts.
3.) Physically damaged home button.
 

69Mustang

macrumors 604
Jan 7, 2014
7,895
15,044
In between a rock and a hard place
It's more like a car not starting because you tried a cheap knockoff key.
Arrggh. Another bad car analogy. I thought we banned those. If you're going to do a bad car analogy, at least do it right.

It's like going to Ace Hardware to get a spare key made for your car. The key works for months and you're happy. One day you take the car to the dealership for a tune up and they seize the engine*... because you used they spare key.

* for the less "automotively" inclined (apparently most who think their car analogies are correct), seize does not me taken. My analogy is bad as well. But at least it resembles the actual situation that spawned all the outrage.
 

danleon950410

macrumors regular
Jun 18, 2015
235
120
Bogotá, Colombia
Disabling Touch ID IS NOT the solution as you ended up paying for the replacement after all, third party or not.
What happens when you use some unofficial third party cables?
- A pop-up shows up telling you that this isn't a safe accessory to use. The same thing should happen in this case:A warning about the security of the enclave and making clear that Apple isn't responsible for any robbed identity or data, something that should be added/updated in their Terms of Service and Terms and Conditions too.
Problem solved. Or even if you wanna ruin Touch ID then do it but DON NOT brick the device.

As for the lawsuit, Apple has a really strong point regarding security. This lawsuit is needed for Apple to snap out of its unfairness, BUT 5 MILLION DOLLARS ISN'T GONNA HELP ANYONE BUT THE SPEEDY-GREEDY SUPER GOOD PERSONS AND LAWYERS that ran to fill up the papers.

I really hope all your problems are solved with an update, guys, i really do as i know what real frustration is, but i don't want that kind of people to get rich this way while most of you would still have a $600 brick
 

_Refurbished_

macrumors 68020
Mar 23, 2007
2,341
3,028
Look, Apple needs to do a check of some sort during the update process if it perm bricks your phone. If users could simply put a genuine touchid and the phone would boot, then this case has no merit. If the only solution is to get a new phone than Apple was careless and they deserve this
 

furi0usbee

macrumors 68000
Jul 11, 2008
1,790
1,382
Normally I don't like class action suits, but I'm ok with this one. Apple has to make it much easier for people to get genuine parts, especially small repair shops. They should have to make available any and all parts that the Apple Store repair guys get to anyone who wants them.
 

69Mustang

macrumors 604
Jan 7, 2014
7,895
15,044
In between a rock and a hard place
If I buy a car. And change the immobilizer to an aftermarket one. And the car stops working. The car company isn't liable.

I don't get the fuss.
If I buy a car. And change the immobilizer to an aftermarket one. And the car continues working. I take the car in for service and the car company makes it stop working. The car company isn't liable... or are they?

I might get the fuss then.;)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.