Law Firms Consider 'Error 53' Lawsuits Against Apple as Some Stores Authorized for Repairs

[BaldiMac]

Do us all a favor and read. You can use a salvaged TouchID button from another phone and have this occur. You can internally damage your phone and have this occur (no hardware repair ever done). Currently there is no check until now and only on specific devices for any kind of "hardware match". Then we come to Error 53. It's not listed on any accessible Apple document, repair centers are not aware of it (they are now most likely), even Apple Stores had no clue what Error 53 was.

Stop focusing on a portion of the detail: 3rd party. It is beyond that.

I'll focus on what I like. And I'm not focused on third-party. I'm focused on "not securely paired".

I think Apple has made important mistakes here. Just in the exact opposite way that everyone in this thread is complaining about. The fact that they don't validate the sensor immediately after repair is where I'm concerned.

 

[sualpine]

Huh? you are making no sense. TouchID is not the key to your device, your passcode is.
[doublepost=1455042847][/doublepost]

Actually it is as it is being applied irrespective of the warranty status and in effect destroying, stealing, or holding for ransom your personal data.

You need to site a source.

 

[dk001]

As Wikipedia summarizes:

"In the US, the Magnuson-Moss Warranty Act prevents manufacturers from voiding warranties solely due to tampering. A warranty may be dishonored only if the tampering actually affected the part that has failed, and could have caused the failure."

I have already demonstrated how an incorrectly paired TouchID sensor compromises the Secure Enclave, and how a compromised Secure Enclave compromises the entire phone, regardless of whether TouchID is enabled or not. Therefore, as the summary states, Apple has 100% legal grounds to state that the part caused hardware failure, being that the Secure Enclave is physically on the Apple A series coprocessor, which is a physical part of the phone. The only chance Apple has of losing this battle should it go to the courts is a lack of technological understanding by the judge or jury.

The do if the repair shows the device is operating incorrectly. However there are already numerous examples showing a repair and the device operates correctly for months until the software update bricks the device and not even the authorized repair facilities nor Apple Stores know why. Incognito stealth protection only on an OS update even if using original OEM parts?

It's not at all black and white like you are painting it.

 

[Jrsnfd]

I think the important thing is that Apple owns up and starts offering to unbrick peoples phones.

The correct response would have been to block out the functionaltiy that requires the security. Like no more available touchID. No more Apple pay

but to brick the whole phone... at next update? that was over reaching.

I know several coders at several major companies. I'm sure a team was tasked with creating the security around the secure enclave and they just went with the easiest route, not even thinking about all the possible scenarios. Now Apple has to recover from that.

 

[sualpine]

The do if the repair shows the device is operating incorrectly. However there are already numerous examples showing a repair and the device operates correctly for months until the software update bricks the device and not even the authorized repair facilities nor Apple Stores know why. Incognito stealth protection only on an OS update even if using original OEM parts?

It's not at all black and white like you are painting it.

What you call "a software update", we in the computer industry call "closing a hole".

 

[scorpy2643]

Not really, just asking them not to break my hardware

Yes, really. You are asking them to code the software to support a part they didn't design or intend to be placed in the iPhone. That support.

 

[BaldiMac]

Huh? you are making no sense. TouchID is not the key to your device, your passcode is.

Again, TouchID isn't the only issue. Your lack of understanding of the issue doesn't mean that secure pairing is unnecessary. The sensor is part of the chain of trust that includes the secure enclave. Compromising one part of the chain compromises it all. The secure enclave is responsible for the security of the entire boot process. Documentation has been posted multiple times in this thread.

 

[garylapointe]

The problem is that for Apple to require the use f their parts and ONLY their parts violates the Magnuson-Moss Warranty Act.

From the act itself:
"Warrantors cannot require that only branded parts be used with the product in order to retain the warranty. This is commonly referred to as the "tie-in sales" provisions, and is frequently mentioned in the context of third-party computer parts, such as memory and hard drives."

Parts have to be the 100% compatible and they have to be configured properly. If it's not both, then...

This seems like a similar security/manufacturer issue:
I've gone to a locksmith to get a spare security remote for my car. They can get me the remote but they aren't carrying the hardware/"stuff" to pair it with my car (I think they can get it [not 100% certain] but not worth the hassle to them) so they send me to the dealer to pay (a lot) to get it configured. Not configured properly and it doesn't work. (Yes, this example does not disable my car)
(I'm willing to be wrong on this, I've got a 2009 Pontiac G6 and if anyone can direct me to someone specific in the Detroit area who can do this for me cheap I'd love to know (I need 2 remotes). I'm saying this last part for the people who are going to say it's easier than I make it sound.)

Gary

 

[dk001]

Egg Freckles did a nice article on this, some history(repair, Apple third party parts and device) and then the current issue.

It's a pretty short article, check it out http://eggfreckles.net/notes/error53/

Not bad but still leaves me with the same questions: why now on only specific TouchID equipped devices AND with no warning, alert, or even a "you must always do it this because..". Still, a nice insight into repair serialization of parts.

 

[scorpy2643]

At least in the U.S. a company cannot circumvent the Magnuson-Moss Warranty Act by an EULA.
It's against public policy and if manufacturers could void the act they would.
It a nutshell it states that a company cannot require only their parts be used unless they provide those parts. Also replacement parts or modifications can only void the warranty for those parts. A manufacturer must prove the non-OEM part caused the related failure.

BMW, Mercedes and others have tried to void complete car warranties for changing the shocks, etc.
Apple has no leg to stand on. Completely bricking a device is inexcusable.

Bricking the phone has nothing to do with Magnusun-Moss. That addresses warranties, not device functionality.

 

[SuperMarioKart]

Maybe you should read the license you're pretending to cite. The users agreed Apple is not responsible for damage caused by the third party repair. There is nothing in there about allowing Apple to maliciously destroy the phone if you do a third party repair.

This is going to stand up in court. I almost wish I had bricked iPhone just to get in on the lawsuit so I can help twist the knife.

Here you go: http://www.ebay.com/sch/i.html?_odk...+53+iphone.TRS1&_nkw=error+53+iphone&_sacat=0

You can buy me a beer once you get your new iPhone 6 in 3-5 years.

 

[dk001]

TouchID isn't the only issue. The TouchID sensor assembly is part of the chain of trust that includes the secure enclave. Compromise one part and the whole chain is compromised.

Then why only on certain devices and only on an OS update and on devices that may not have been repaired and devices that have use original OEM parts and no one seems to know about this till now including repair centers?

Your reply makes little sense based on the specs Apple published on how the sensor and chip works.

 

[AppleGroundZero]

Several law firms are considering lawsuits against Apple following news that the company disables iPhone 6 models that have third-party repairs that affect Touch ID, reports The Guardian. The "Error 53" controversy started last week when news circulated about customers who have had their iPhones disabled and rendered unusable by a mysterious "error 53" message.

It turns out Apple disables the iPhones of customers who have had unauthorized repairs on their devices. As explained in a thorough post from iFixit, a repair made by a third-party service using non-original components cannot pass a Touch ID validation check because mismatched parts don't sync up properly.

According to an Apple spokesperson, when the iPhone's parts can't be properly validated because of a repair done to a component affecting the Touch ID sensor, the error message is triggered in an intentional effort to keep Touch ID and the secure enclave that stores fingerprint information safe. Damaged phones also have the potential to give the error.A UK barrister told The Guardian disabling iPhones "could potentially be viewed as an offense" under the Criminal Damage Act 1971, which covers the destruction of property, and a Seattle-based law firm, PVCA said it wants to bring a class action lawsuit against Apple, calling on affected customers to get in contact. PVCA is planning to represent customers for free and has outlined the issue on its website, suggesting Apple is violating consumer laws by forcing customers to use Apple-sanctioned repair services.Apple may be planning to proactively head off lawsuits and assuage customer outrage. MacRumors has heard from a retail source that certain Apple Stores have received the go ahead from Apple to replace third-party screens and other third-party components to resolve the error 53 issue. The standard out-of-warranty fee is charged for the repairs and the replacement of non-genuine parts with Apple parts is limited to those affected by the error.

It is not yet clear if all Apple Stores have been authorized to repair error 53 iPhones as Apple's only official statement is that it's a security measure required to prevent fraudulent Touch ID sensors from being installed.

Article Link: Law Firms Consider 'Error 53' Lawsuits Against Apple as Some Stores Authorized for Repairs

 

[oneMadRssn]

It "seems the repair is compatible".... It's nice that it "seems" that way... But it's not done right, right?

If it was done the "right way" people wouldn't be having this problem.

Semantics is important sometimes.

Gary

People keep saying this, but don't explain what the "right way" is. If the only way to do it the "right way" is to essentially buy a new iphone from Apple, then I'll fight for my right to do it the "wrong way" without Apple killing my iPhone all day long.

 

[AppleGroundZero]

As a Apple employee , I doubt these lawsuits will gain any traction. We want the repairs done through us because we want to ensure our products are properly serviced and fixed , one of the reasons why not just any 3rd party repair site can fix screen and button issues is because they lack the calibration tools requires to properly do these replacements , rather than looking at this issue like Apple trying to corner the repair market , look at it as a company taking the upmost responsibility in ensuring our products are kept functioning at a high standard.

Of course you are all entitled to your own opinions

 

[TheRealTVGuy]

So void the warranty but dont willfully brick the phone.

Which is easy to say, until the next class-action suit because some of your personal identity is stolen. I'm not sure what the best answer is here.

 

[sualpine]

The majority of the posters against this are Europeans who don't understand Caveat emptor.
[doublepost=1455044921][/doublepost]

Not really, just asking them not to break my hardware

Actually, they're just asking you to not break it.

 

[DevNull0]

You have a degree and professors that have explained how secure hardware pairing is useless? I'm impressed by your vague and unverifiable claim!

The iPhone cpu has a cryptoprocessor, protected encrypted memory, etc. The fingerprint reader communicates with this protected memory. Some data comes from the fingerprint reader. It is processed and compared in the cryptoprocessor within the CPU.

One way to break this security is to capture the data being transferred from the fingerprint reader and then use a malicious part to inject the same data later. So, to prevent this, it makes sense to for the reader to have its own unique encryption ID as apple claims, and this encryption must be synched with the cryptoprocessor (what Apple means by part of the chain).

Now the exploit Apple is worried about is if someone builds a malicious Touch ID sensor that would log the fingerprint for later and also send it through the encrypted channel (with the new encryption key).

So, how does that remote possibility let Apple justify bricking the device? The exploit doesn't exist yet and for now Apple can easily reject data from the suspect TouchID sensor (requiring you to use a pin only). If the exploit I described is seen in the wild at a future date (extremely unlikely), Apple can reconsider more extreme measures in the future, but really disabling the touchID should be enough.

There is simply zero reason to brick this phone. I understand this tech extremely well and I will put my degree in the field ahead of Apple's FUD.

 

[dk001]

It "seems the repair is compatible".... It's nice that it "seems" that way... But it's not done right, right?

If it was done the "right way" people wouldn't be having this problem.

Semantics is important sometimes.

Gary

I look at it as more than "done right". When a company defines an event (assuming it isn't a programming mistake) that a selling center, repair centers, and other professionals have no idea this could or would occur or even exists you have bigger issue. If Apple came out and defined this issue and impact even on non-warrantied devices it would likely be less of a volatile issue.
Then you have the claims on 3rd party parts, OEM parts, internal damage not known or repaired getting this.
I would love to see some non-fudded real information.

 

[macmacmac83]

With few exceptions, it is illegal in the US and apparently much of the EU, to require that a consumer use only the manufacturer's parts or service centers.

That's why anyone can add non-Apple memory to their Mac, and why anyone can use a non-Ford battery in their car.

And that's also why the Apple Warranty only says that DAMAGE caused by such activities can void the warranty. So one question is, did the third party part cause the damage. Or was it Apple's OS change.

Perhaps Apple should provide a service to re-link sensors, just like locksmiths have to program automobile key fobs.

I think you need to read the warranty again because it states in there any modifications done by a 3rd party nullifies the warranty.

Here I attached the bold print for you just in case you didn't see it.

No it is not illegal when its proprietary hardware. VW does the same stuff same with BMW, Mercedes and so on and so forth. They essentially make it to where you don't want to at least on the technical aspect you could do it just like you could on an iPhone if you have the proper tools. Doesn't make it right as its essentially theft from the manufacturer and from the supplier.

 

[Agilis]

We want the repairs done through us because we want to ensure our products are properly serviced and fixed , one of the reasons why not just any 3rd party repair site can fix screen and button issues is because they lack the calibration tools requires to properly do these replacements

Exactly, Apple has the ability to calibrate and program the new home button with Touch ID so that it pairs correctly with the iPhone's logic board. The question then becomes, how come Apple does not allow access to these calibration tools by third parties. I'm guessing money and quality assurance.

I think anyone who thinks that Apple should just allow 3rd party replacement parts to be used when it comes to security is off their rocker.

Apple just needs to offer a home button replacement service. That would allow iPhone users to bring their iPhones to Apple that have had their screen, glass, or both, repaired by a third party where the Touch ID was either tampered with or damaged.

 

[dk001]

You need to site a source.

My 6+ is out of warranty. It is >12 months old. Source.
Shut your phone off. Power down. Restart your phone. Now use TouchID to access it. You can't. The device asks for your passcode. Source.
[doublepost=1455045334][/doublepost]

What you call "a software update", we in the computer industry call "closing a hole".

Only if it is a break/fix. Updates are used for lots more than that

 

[Robstevo]

I still can't believe people are defending this.

FACT - People have still been able to use touch ID anyway, only until they updated their device did the device get bricked. This makes ZERO sense in terms of "security" they have used as an excuse.

Either shut the phone down immedidently or this "security feature" is useless.



Either way, why not just shut down touch ID and whipe the secure enclave? Instead of , you know....illegally breaking someone's very expensive phone.

 

[sualpine]

My 6+ is out of warranty. It is >12 months old. Source.
Shut your phone off. Power down. Restart your phone. Now use TouchID to access it. You can't. The device asks for your passcode. Source.
[doublepost=1455045334][/doublepost]

Only if it is a break/fix. Updates are used for lots more than that

No, you need to cite a source on it being illegal. Give me a specific law passage.

 

[ZipZap]

This thread really demonstrates how much Apple Fanboys can ignore the obvious if it avoids degrading Apple's image.

You are. You expect them to make accommodations to deal with improper parts or installation. The sensor doesn't magically get disabled because you chose to use an improper third-party repair.

That silly. If they did not brick the phone then they would not be bothered. Magic is the apple way BTW, that said...if Apple were to say, disable before replacing that would be OK....but they said nothing.