Both Apple and iFixit claim that they fail a validation check due to mismatched pairing. Sure, they could be lying, but why?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Law Firms Consider 'Error 53' Lawsuits Against Apple as Some Stores Authorized for Repairs
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple don't have the means to disable a foreign hardware device. You might think it's just a Touch ID, but is it really? Are you sure it's not a hacking device interfering with the data coming out of the secure element. Do you want to check your health metrics and find out one day that the health app says "Ha ha, got you, sucker". Can you imagine what s**t storm there would be if Apple actually let stuff like that happen.
Manufacturers restricting repair service is illegal. However, proprietary parts or programming of parts is not. A manufacture does not, and cannot, guaranty its product will work with non-authorized 3rd party products. That doesn't affect warranty claims for the rest of the product (unless the 3rd party party did something to damage the phone), but the manufacture is under no obligation to ensure parts it didn't design will work flawlessly with its own products.
So the only question is was Apple malicious and programed iOS to disable phones w/ 3rd party Touch ID sensors or was new programming just a side effect; i.e. the 3rd party companies used older s/w or firmware which worked with older versions of iOS but incompatible with newer versions of iOS.
We know from past stories that poorly made accessories such as chargers and charging adapters have caused serious issues with iPhones, not because they were 3rd party but because they were made with no quality controls. The Touch ID is more sophisticated and fragile than a charging system so it's not out of the realm here that this is a simple case of system software being confused by unrecognized part firmware and getting in a loop.
So the only question is was Apple malicious and programed iOS to disable phones w/ 3rd party Touch ID sensors or was new programming just a side effect; i.e. the 3rd party companies used older s/w or firmware which worked with older versions of iOS but incompatible with newer versions of iOS.
We know from past stories that poorly made accessories such as chargers and charging adapters have caused serious issues with iPhones, not because they were 3rd party but because they were made with no quality controls. The Touch ID is more sophisticated and fragile than a charging system so it's not out of the realm here that this is a simple case of system software being confused by unrecognized part firmware and getting in a loop.
Well said. Thank The Lord that there are at least some people on this forum, and others like it, who know what security is all about and how it works.
[doublepost=1455030032][/doublepost]
Hacked cars have been known to be remotely crashed. Hardware tampering with security is to be avoided at all costs. If my card detected a hacker, I'd want it to smoothly come to a halt until something important somewhere got fixed.
That's the issue; this isn't about security. If it was, the "error 53" would happen the time time you rebooted your device post repair / post damage / post wearing out / post part failure for any device that uses TouchID.
That isn't happening. This is more like a system status check on update.
[doublepost=1455030128][/doublepost]
But that doesn't lock you out of your car.
Really though, that whole car part analogy doesn't work well. This isn't about warranty.
But it leaves you stranded and the car like the phone is now going to cost money to fix/replace.
Sure Apple and iFixit claim that it's a security issue, but your layman's logic trumps all.
Pun intended.
Biggest country which tries to get into iPhones (and to get any other user data) is USA
I suspect China is even more so. Take a look back at the recent Hong Kong issues.
[doublepost=1455030541][/doublepost]
It does, however I can still get into my car to get all my personal and other items out. On a bricked iPhone...
[doublepost=1455030627][/doublepost]
I deal with IT security a lot (work) and this does not pass the "smell" test when labeled as security. Unless it is very very poorly enabled security.
A properly designed "secure element" will receive data only (from the touch ID interface) and not send data (to the touch ID interface). I would be incredibly surprised if Apple designed the touch ID connection to receive data as well, as I can't imagine there would be a reason to. THat said, I am neither a software not hardware engineer, so someone can correct me if I am wrong here.
Regardless, if this is purposeful, warning consumers would be the right away to go. Further, "randomly" implementing this in the middle of a products lifecycle also has me scratching my head. I am less perturbed by this being a security measure and more about how APple decided to go about quietly launching it. As if this isn't exactly the sort of blowback thaty was bound to happen. I am still not convinvced this is a measure that is working as intended by APple. Will how to see how (or if) they respond.
Last edited:
Despite your unverifiable claims of vague IT security knowledge, secure pairing of hardware elements is a very real security technology. Again, both Apple and iFixit have pointed this out.
Maybe the smell is your socks?
I suspect China is even more so. Take a look back at the recent Hong Kong issues.
[doublepost=1455030541][/doublepost]
It does, however I can still get into my car to get all my personal and other items out. On a bricked iPhone...
[doublepost=1455030627][/doublepost]
I deal with IT security a lot (work) and this does not pass the "smell" test when labeled as security. Unless it is very very poorly enabled security.
Let's say the bad ECU caused a fire that destroyed the car....
As far as the phone goes, this *does* pass the "smell" test as being labeled as a security issue. I don't know for sure as I didn't design the hardware or do the programming. I don't ever thing apple envisioned there would be an aftermarket touch-id sensor installed.
Apple can't just disable security functions (like switching to automatic pin entry) without letting the user know.
I agree that bricking the phone is not the right option. Wrote in another post about key fobs that a user should be able to re-verify things with his (originally stored) fingerprint.
You know people will sue either way, regardless of EULA or whether they had their phone repaired from a non authorized service.
That is correct.
The analogy to the present case with Apple would be: if you get your ECU replaced with an OEM part that you took out of another identical car, another chip in the car would detect this change and intentionally disable the car from even starting or functioning at all, regardless of whether the replacement ECU works or not, only because the replacement ECU isn't the exact physical one that came with the car out of the factory.
It's not about someone getting a replacement fingerprint sensor, which later breaks a different component, and people complaining to Apple about that other component. It's not about third-party fingerprint sensors which aren't quite the same as an OEM. It's about the fact that Apple intentionally disables the entire functionality of an iPhone merely because due to the presence of an fingerprint sensor that doesn't match the one that initially installed at the factory.
At any one time, tonnes of iPhones are likely being rebooted, and I don't think the phone has any way of knowing that it is being restarted due to a repair, or forced reboot, a dead battery, or any other reason. Apple's authentication servers would likely fry if they had to verify Touch-ID of every iPhone each time it was restarted. And you potentially get problems if your phone was being rebooted in an area without internet connection and can't reach the server for verification.
And then people would complain that Apple knows when their phones were being switched off / on.
I believe there is a lot more decision-making that is going on behind the scenes than what we are realising here.
So if the ecu had a pairing and was just replaced and everything went fine, and then you replaced the alarm and the car died due to the ecu, that would be analagous...right.
A properly designed secure element must allow for 2-way communication. You can't provide an encrypted communication channel any other way.
Please elaborate or state it a bit clearer. You replace the ECU, which goes fine, then you replace some other component, and then some third component that is critical to the cars functionality dies because of the ECU replacement? Is that the scenario? If so... that is not analogous because in the present situation with Apple (1) there is only one component being replaced, and (2) nothing actually physically dies or is broken, rather Apple's software intentionally disables the entire phone when it detects the change.
Nothing's stopping you from cracking your bricked iPhone open and removing the parts inside.It does, however I can still get into my car to get all my personal and other items out. On a bricked iPhone...
I am be watching out for this as well. I am convinced Apple intended for it to work this way. Their communication just got cut off somewhere along the line.
They are certainly entitled to that right, regardless of whether they genuinely have a case or not. Right now, people are upset and angry and looking for someone to blame, and Apple is the biggest and most prominent punching bag there is. I think the best thing for Apple to do here would be to address the issue head on. Replace those phones for the affected people free of charge. Throw in a little something extra if need be.
Present me with data that there is hardware sending data to the touch ID and I will tip my hat. Happy to admit when I am wrong, but nobody has been able to decisively tell me that this is how it works.
And even if it is how it works, as I mentioned multiple times already, I feel the way that Apple has implemented this security feature "out of the blue" was not the right away to go about it.
Actually it's like taking the key from your Lexus and trying to start a different Lexus. It won't work because there is a unique pairing between the car and key. Same thing here. Except the phone won't upgrade properly anymore, which to be fair, upgrading is a complicated process so I don't think it's out of the question to have a hardware check.
Wouldn't that imply that you think Apple should support third-party parts even if they are incorrectly installed? I don't think that's fair.
That's very similar to my earlier analogy. Seems directly on point to me. Of course, that's probably why everyone ignored it.