Australian Consumer Regulator Sues Apple Over 'Error 53' iPhone Shutdowns

[Mascots]

what if that spilled milk made your $1000 device unusable while losing access to all your data?
And what if that spilled milk was intentionally poured onto your device, by the people who sold you that device?
your attempt at analogy and diminishing peoples impact by equating it to spilled milk shows how little you understand.

But that isn't what happened - this was a bug that affected a small demographic of phones for a short period of time. Suing Apple now isn't going to change the fact that it happened and it isn't going to prevent it from happening in the future since it wasn't done intentionally, so collecting money from them for something that was corrected is pointless. Even you stated it was a mistake, so taking action now is nothing more than crying over spilt milk.

I agree that unexpected phone bricking is a very very big nuisance in someone's life, but really now...

 

[LordVic]

But that isn't what happened - this was a bug that affected a small demographic of phones for a short period of time. Suing Apple now isn't going to change the fact that it happened and it isn't going to prevent it from happening in the future since it wasn't done intentionally, so collecting money from them for something that was corrected is pointless. Even you stated it was a mistake, so taking action now is nothing more than crying over spilt milk.

I agree that unexpected phone bricking is a very very big nuisance in someone's life, but really now...

not defending the lawsuit if thats what you took out of my post. wasn't commenting directly on that.

IMHO: if a company makes a mistake and then takes actions asap to remedy that mistake in such a way that no users is truly out. than No lawsuit is appropriate.

The Prosecutor in this case need to prove that it was either pure negligence or something malicious apple did intentionally to cripple devices for there to be validity to this. I don't think it's there.

 

[stevefeinstein]

I have to side with Apple on this one. The security of your device is a stake. It's not just a new part, it's a link in a chain of trust that needs to be protected. Replacing the button means that potentially someone could have inserted malware into the chain circumventing your security.

I would like to see Apple be willing to re-certify a third party repair at the Apple store. But I'm not sure how they can do it if they're not responsible for the parts. I don't see it as anti-consumer, even if it seems that way at first look

 

[C DM]

I have to side with Apple on this one. The security of your device is a stake. It's not just a new part, it's a link in a chain of trust that needs to be protected. Replacing the button means that potentially someone could have inserted malware into the chain circumventing your security.

I would like to see Apple be willing to re-certify a third party repair at the Apple store. But I'm not sure how they can do it if they're not responsible for the parts. I don't see it as anti-consumer, even if it seems that way at first look

Side with Apple on what? What's at the center is the "birding" of devices because of the error that would be triggered, which was an unintended consequence that Apple acknowledged and addressed in an update.

 

[FeliApple]

Apple may have screwed up on bricking the devices, but I still side with Apple on this one. Security is crucial in my opinion, and a third-party Touch ID sensor is a serious compromise. Maybe they could have sought for an alternate solution without bricking the devices, but as they fixed the issue later, I see no reason for a lawsuit.

 

[kdarling]

Apple may have screwed up on bricking the devices, but I still side with Apple on this one. Security is crucial in my opinion, and a third-party Touch ID sensor is a serious compromise.

You or anyone else who keeps repeating this, please explain why you think a third party sensor would be a "serious compromise".

 

[Mascots]

You or anyone else who keeps repeating this, please explain why you think a third party sensor would be a "serious compromise".

I assume some people would prefer their entire phone brick in the case of someone tampering TouchID because in some cases, someone triggering a mismatched sensor flag when tampering with it may actually be attempting to get into the phone.

I mean it's a case of what-ifs and assumptions, but I get their point. I think personally think that disabling the TouchID component overall is sufficient, but others don't mind a more blunt approach

 

[FeliApple]

You or anyone else who keeps repeating this, please explain why you think a third party sensor would be a "serious compromise".

Because, simply, it would be easier to tamper with. It is inherently less secure. And potentially vulnerable. That's a large enough risk in my opinion.

 

[charlituna]

I am proud to live in a country that will stand up for consumers against the largest corporations on Earth.

they haven't won yet. The fact that the issue only presented when the device was tampered with by a 3rd party repair shop could negate any claims of violation of the whole fitness law. time will tell.

and i would wonder how many folks in Australia actually had to pay for any replacement of the phones or were denied replacement due to a 3rd party part. my ex is an Apple store tech in the US and when this error first stated happening they had no idea it was over a screen replacement. they just saw a phone that wouldn't restore and swapped it. I bet Apple has stats on exactly how many folks had to pay over said issue and will probably settle with no statement of guilt by offering to refund any replacement fees, which could be little or nothing in the grand scheme

 

[Tech198]

Its a feature, not a bug

I like Apple sometimes, but often not by the choices they make for security reasons... No wonder the ACCC used the word "unusual"

I would have said the same.

 

[kdarling]

they haven't won yet. The fact that the issue only presented when the device was tampered with by a 3rd party repair shop could negate any claims of violation of the whole fitness law. time will tell.

It also happened to people with no third party repairs, when connections got flaky inside their stock iPhone.

Here's the deal: Apple themselves have said that the check was only ever intended to be used at the factory.

Now, the fact that it's a coding or deployment error makes many people think it should be forgotten. As a coder, I agree <grin>. However, consider: if a coding error caused a car or plane or nuclear plant or even our Keurig to fail, do we forgive as easily? Of course not. We presume that enough testing should've been done beforehand.

I bet Apple has stats on exactly how many folks had to pay over said issue and will probably settle with no statement of guilt by offering to refund any replacement fees, which could be little or nothing in the grand scheme

One thing that many people leave out of their calculations is how much trouble it was to have to bring in your phone for replacement in the first place. Or lose all your photos, as someone without a backup would've faced.

I assume some people would prefer their entire phone brick in the case of someone tampering TouchID because in some cases, someone triggering a mismatched sensor flag when tampering with it may actually be attempting to get into the phone.

Because, simply, it would be easier to tamper with. It is inherently less secure. And potentially vulnerable. That's a large enough risk in my opinion.

Thanks for the responses, but y'all still have failed to offer any technical reason why a third party sensor would make our phone less secure.

For that matter, we can always enter a passcode via the touchscreen. Should it not be replaceable either?

 

[Mascots]

Thanks for the responses, but y'all still have failed to offer any technical reason why a third party sensor would make our phone less secure.

For that matter, we can always enter a passcode via the touchscreen. Should it not be replaceable either?

I didn't realize you were looking for a technical reason - but the fact that the sole purpose of Touch ID is to authenticate a user makes it a piece that could be targeted by rogues. The screen merely relays input while Touch ID directly interacts with the secure enclave in a specialized manner - for all we know, having that route of access with a rogue sensor may allow injection to the SE that allow for some sort of authentication.

But then again who knows? That's probably why people would prefer to air on the side of caution and have the phone brick of not done in a certified way.
I've never seen an example of this occurring in a phone without 3rd party screens installed. Plus, this didn't cause a plane or car to fail, so yes, it is excusable. In those cases, they wouldn't be using a third party source without opening themselves to significant liability - the repair wasn't done in a certified manner in the first place. It's just not applicable here no matter how many analogies you throw at it.

 

[FeliApple]

It also happened to people with no third party repairs, when connections got flaky inside their stock iPhone.

Here's the deal: Apple themselves have said that the check was only ever intended to be used at the factory.

Now, the fact that it's a coding or deployment error makes many people think it should be forgotten. As a coder, I agree <grin>. However, consider: if a coding error caused a car or plane or nuclear plant or even our Keurig to fail, do we forgive as easily? Of course not. We presume that enough testing should've been done beforehand.



One thing that many people leave out of their calculations is how much trouble it was to have to bring in your phone for replacement in the first place. Or lose all your photos, as someone without a backup would've faced.




Thanks for the responses, but y'all still have failed to offer any technical reason why a third party sensor would make our phone less secure.

For that matter, we can always enter a passcode via the touchscreen. Should it not be replaceable either?

The company is blaming the problem on unauthorized third-party repairs, which can disrupt the unique pairing between the iPhone’s Touch ID fingerprint reader and the “secure enclave” that stores fingerprint data. Without this pairing, the risk is that someone could install a malicious Touch ID sensor and steal sensitive data, so Apple’s response is to shut everything down when the pairing fails.

Here's Apple's response to your enquiry.

 

[bwillwall]

I am proud to live in a country that will stand up for consumers against the largest corporations on Earth.

Your country sued them over updating the iPad 4 without enough changes... and they banned violent video games. At a certain point it stops being about a consumer's rights and starts being over-regulation.

This particular issue might have more of a case than the iPad thing, but it still involves a mistake they already fixed and a problem with security when dealing with third party parts controlling access to a device and digital payments with Apple Pay.

 

[C DM]

The company is blaming the problem on unauthorized third-party repairs, which can disrupt the unique pairing between the iPhone’s Touch ID fingerprint reader and the “secure enclave” that stores fingerprint data. Without this pairing, the risk is that someone could install a malicious Touch ID sensor and steal sensitive data, so Apple’s response is to shut everything down when the pairing fails.

Here's Apple's response to your enquiry.

Well, they acknowledged that the "shut everything down" part of it wasn't supposed to be there and addressed it in an iOS update.

 

[6foot5foot]

Lolstralia, relevant as ever.

 

[dammit0]

Under Australian law anything purchased must be fit for purpose the manufacturer can't just have there products disabled simply because someone other than the manufacturer fixed the product

 

[Scrivener]

This is not just about a 'software doodad'. It is also a shot across the bows of Apple who don't pay their fair share of taxes in Australia. It's like Trump telling North Korea to pull back from aggression toward its neighbours by lobbing a bunch of very long range missiles with pin-point accuracy into Syria on the pretext of taking out the source of a gas attack. Politicians send 'messages' - this is just as much political as it is about Consumer Law (ACL 2010). Apple do it with their Apple software - if you want to disown something you just purchased from their App Store if it is not fit for purpose, Apple won't let you. Behave yourself, Apple. You might be BIG, but don't throw your weight about in Australia. Remember Al Capone? They got him on Taxes.

 

[kdarling]

The finger print sensor would become untrusted in two ways: a. A nefarious foreign government tries to hack into your phone.

The sensor does not make the entry decision. It's just a sensor.

More importantly, Apple has a tool to revalidate a replacement sensor. And if their stores have such a tool, I guarantee you that governments have the same tool , so if they did come up with a way to get their secret sensor into someone's phone (sounds like an IMF job) they could also revalidate it.

b. A clumsy screen repair. I'd assume case b outnumbers case a by 10,000 to one or more. However, the security guy deciding to brick the phone probably was focused on preventing attacks against the phone's security and never thought of the screen repair case. So the bricking was done intentionally without considering that it was a bad mistake.

Apple says otherwise. They say it was only meant to be a validation check at the factory.

The screen merely relays input while Touch ID directly interacts with the secure enclave in a specialized manner - for all we know, having that route of access with a rogue sensor may allow injection to the SE that allow for some sort of authentication.

On the contrary, we actually know quite a lot about how Touch Id works. Apple detailed it in their public security guide.

The sensor sends the fingerprint info over a serial line to the main processor, which then gives it to the secure enclave to match against stored fingerprint data. There is no "direct interaction" between the sensor and the secure enclave.

Right, but they're suing for killing the phones, not throwing up a warning/error box saying "your phone may be insecure".

They're suing Apple for misleading consumers about their rights, by originally refusing to help anyone who had a third party repair, especially of screens. Here's the Australian press release:

https://www.accc.gov.au/media-relea...misleading-consumer-guarantee-representations

And they already offer a workaround online to reactivate your phone - so it's not an issue anymore.

That's like someone saying they're sorry they stole something, and they won't do it again, so their original theft is not an issue any more. Sorry, but they can still get punished for breaking the law in the first place.

Totally agree! Especially since they've recently updated their repair policy detailing they will in fact fix devices under warranty if third party repairs haven't caused the warranty claim in the first place.

See previous. Most likely Apple will have to man up and pay, with a lesson learned.

While I do agree that's a good thing in general I feel I'm missing something. Are they trying to say all phones should be bug-free from bugs that could render the phone useless even though this get fixed?

They're saying that consumers have certain rights in Australia when something does go wrong.

TL;DR - the Australian lawsuit is not over bricking, but over Apple's initial response to it.

 

[Mascots]

On the contrary, we actually know quite a lot about how Touch Id works. Apple detailed it in their public security guide.

Are you purposely being dense? To assume that the white-paper means that modified hardware can't interact with the system in unexpected ways is straight up ridiculous... especially one that could be a vector for injection attacks on a secure system.

Back to the point: Some people just prefer do-caution with their data, which is why they wouldn't mind a brick on tamper with sensor for authentication, which is why they say "they are on Apple's side".

Also:

The ACCC investigation revealed that Apple appears to have routinely refused to look at or service consumers’ defective devices if a consumer had previously had the device repaired by a third party repairer, even where that repair was unrelated to the fault.

The repair was related to the fault, or at least Apple will prove that in court with ease.

 

[kdarling]

Are you purposely being dense? To assume that the white-paper means that modified hardware can't interact with the system in unexpected ways is straight up ridiculous... especially one that could be a vector for injection attacks on a secure system.

Basically you're claiming that Apple is incapable of writing code that defends itself against things like input buffer overruns from what is a simple SERIAL INPUT device.

If so, then anybody could simply hook up to the CPU's SPI pins and inject malicious code WITHOUT needing to change any part at all !

Back to the point: Some people just prefer do-caution with their data, which is why they wouldn't mind a brick on tamper with sensor for authentication, which is why they say "they are on Apple's side".

If people were truly "on Apple's side", they wouldn't keep repeating Apple's original kneejerk response. People are blindly defending something that Apple no longer does.

In the end, even Apple said that Error 53 was only meant to be a factory test: "This test was designed to check whether Touch ID works properly before the device leaves the factory, and wasn’t intended to affect customers."

And they admitted they were wrong to deny service because of it: "If you believe that you paid for an out-of-warranty device replacement based on an error 53 issue, contact Apple Support to ask about reimbursement."

The repair was related to the fault, or at least Apple will prove that in court with ease.

It doesn't matter if it was. Apple has already publicly admitted that the fault in response to a repair was incorrect. Plus they have changed their policy so they no longer refuse service because of third party repairs.

Again, this lawsuit is only about their previous policies.

 

[charlituna]

Or lose all your photos, as someone without a backup would've faced.

Not Apple's issue. They have not now nor ever taken responsibility for user data and backups. If you weren't doing it and you lose your stuff, that's your screw up.