Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Then why only on certain devices and only on an OS update
I don't know. I haven't done an extensive study on the conditions for the error 53. Like I said, I'm concerned about why the validation doesn't happen immediately after repair. I just reject the argument that it's an arbitrary decision primarily based on greed.

and on devices that may not have been repaired and devices that have use original OEM parts
That's been repeated over and over. It's because they fail a validation check for secure pairing.

and no one seems to know about this till now including repair centers?
No one? Apple has no obligation to educate unauthorized repair centers.

Your reply makes little sense based on the specs Apple published on how the sensor and chip works.
In what way? Seems completely reasonable to me. And to Apple. And to iFixit.
 
With few exceptions, it is illegal in the US and apparently much of the EU, to require that a consumer use only the manufacturer's parts or service centers.

That's why anyone can add non-Apple memory to their Mac, and why anyone can use a non-Ford battery in their car.

And that's also why the Apple Warranty only says that DAMAGE caused by such activities can void the warranty. So one question is, did the third party part cause the damage. Or was it Apple's OS change.

Perhaps Apple should provide a service to re-link sensors, just like locksmiths have to program automobile key fobs.

Yeah this is incorrect. Apple can make any part of their devices proprietary as they see fit. The only reason Apple does not is because cost, and it is cheaper to implement hardware that has already been established by existing standards.

The answer to your question is, the third party part broke the integrity of the security and the software detected that.

I do agree that Apple should offer a home button re-link/replacement program.
 
I think you need to read the warranty again because it states in there any modifications done by a 3rd party nullifies the warranty.

Here I attached the bold print for you just in case you didn't see it.

No it is not illegal when its proprietary hardware. VW does the same stuff same with BMW, Mercedes and so on and so forth. They essentially make it to where you don't want to at least on the technical aspect you could do it just like you could on an iPhone if you have the proper tools. Doesn't make it right as its essentially theft from the manufacturer and from the supplier.
Just remember, any company can write anything they like into a warranty. It doesn’t mean it’s worth the paper it’s written on. The LAW is what counts. Period.
Apple are not above anti competitive behaviour, they have been found guilty in the courts before.
 
Egg Freckles did a nice article on this, some history (repair, Apple third party parts and device testing) and then the current issue. It's a pretty short article, check it out http://eggfreckles.net/notes/error53/

I'm surprised at the levels that Apple checks their iPhones for when repairing/replacing an iPhone. They've pulled my iPhone apart to check the screen and other components before replacing it for me, I asked and they said "you'd be surprised" at what parts get replaced in the devices (I pried but they didn't want to share more).

Gary

Makes me miss using my Message Pad. I'll look for the battery carrier again. Wish I could find it.
 
  • Like
Reactions: garylapointe
Exactly, Apple has the ability to calibrate and program the new home button with Touch ID so that it pairs correctly with the iPhone's logic board. The question then becomes, how come Apple does not allow access to these calibration tools by third parties. I'm guessing money and quality assurance.

I think anyone who thinks that Apple should just allow 3rd party replacement parts to be used when it comes to security is off their rocker.

Apple just needs to offer a home button replacement service. That would allow iPhone users to bring their iPhones to Apple that have had their screen, glass, or both, repaired by a third party where the Touch ID was either tampered with or damaged.


And in a sense we do , when a 3rd party provider goes through the process of being credentialed by us , they are then supplied with the proper tools they would need for most repairs, however when it comes to repairs that involve anything security wise , we have them send the device to us , this is for multiple reasons , 1. We do not want just any 3rd party repair site handling information about our security used 2. We also prefer to have the phones sent to us so we can capture any possible security exploits or security issues in the future.
 
  • Like
Reactions: Agilis
I think you need to read the warranty again because it states in there any modifications done by a 3rd party nullifies the warranty.

Here I attached the bold print for you just in case you didn't see it.

No it is not illegal when its proprietary hardware. VW does the same stuff same with BMW, Mercedes and so on and so forth. They essentially make it to where you don't want to at least on the technical aspect you could do it just like you could on an iPhone if you have the proper tools. Doesn't make it right as its essentially theft from the manufacturer and from the supplier.

Don't see where it states "if you void your warranty we will brick your device". "If your device is out of warranty, we reserve the right to brick your device".
Color me confused. o_O
 
The iPhone cpu has a cryptoprocessor, protected encrypted memory, etc. The fingerprint reader communicates with this protected memory. Some data comes from the fingerprint reader. It is processed and compared in the cryptoprocessor within the CPU.

One way to break this security is to capture the data being transferred from the fingerprint reader and then use a malicious part to inject the same data later. So, to prevent this, it makes sense to for the reader to have its own unique encryption ID as apple claims, and this encryption must be synched with the cryptoprocessor (what Apple means by part of the chain).

Now the exploit Apple is worried about is if someone builds a malicious Touch ID sensor that would log the fingerprint for later and also send it through the encrypted channel (with the new encryption key).

So, how does that remote possibility let Apple justify bricking the device? The exploit doesn't exist yet and for now Apple can easily reject data from the suspect TouchID sensor (requiring you to use a pin only). If the exploit I described is seen in the wild at a future date (extremely unlikely), Apple can reconsider more extreme measures in the future, but really disabling the touchID should be enough.

There is simply zero reason to brick this phone. I understand this tech extremely well and I will put my degree in the field ahead of Apple's FUD.
This thread really demonstrates how much Apple Fanboys can ignore the obvious if it avoids degrading Apple's image.

Yay! Name calling is fun!

That silly. If they did not brick the phone then they would not be bothered. Magic is the apple way BTW, that said...if Apple were to say, disable before replacing that would be OK....but they said nothing.

Both of these posts have the same answer. Apple doesn't need to design their phones to work if you have incompatible or improperly installed parts. DevNull0 has a fantastic explanation of how the mismatched pairing is a security issue. Apple chose to do something to fix it.

Sure it would be nice if Apple had a fall back to keep your phone secure with an unsecured chain of trust. But they are certainly under no obligation to develop one.
 
Last edited:
Not at all. A more logical conclusion is that Apple designed a secure system and that tampering with it (by e.g. introducing non-authorised spare parts or in any other way effecting its chain of security functions), it will no longer function. This is to protect themselves as well as their customers.

Further on, this information is no secret, it is communicated to all customers. (Most of whom won't bother to read and understand the conditions set when buying one of their products)

Ignorance is no defence, unless you pledge insanity, which I think people who are not able to comprehend written text should do. Insane customers won't stand a chance in court though.

So good luck.

Pretty much anyone can open an iPhone, buy a part from Ebay, and replace the screen with the fingerprint sensor. It's so easy even a 15 year old kid can do it, and it requires almost zero technical knowledge. If something as simple as this can breach your private data it means your data is not secure to begin with because Apple designed a vulnerable system.
 
I know several coders at several major companies. I'm sure a team was tasked with creating the security around the secure enclave and they just went with the easiest route, not even thinking about all the possible scenarios. Now Apple has to recover from that.

Thats ultimately what I believe happened. You know the old saying "Never attribute to malice what incompetence can account for".

Now that it's happened though, it's in Apple's court to remedy the situation. Do they do it willingly or do they fight it and just blame the user?

if Apple came out and went "oops, we goofed, we'll fix it/ undo it". Sure, a little pain in the ass, but ultimately no foul. If they take a hard line and outright refuse, forcing useres to either buy a new device or pay for extremely expensive repair, than you might see a lawsuit follow through.
 
And in a sense we do , when a 3rd party provider goes through the process of being credentialed by us , they are then supplied with the proper tools they would need for most repairs, however when it comes to repairs that involve anything security wise , we have them send the device to us , this is for multiple reasons , 1. We do not want just any 3rd party repair site handling information about our security used 2. We also prefer to have the phones sent to us so we can capture any possible security exploits or security issues in the future.
LOL from The Guardian;
Joshua LeFrancois
7h ago
12
This is what happens when you make a judgement call about a security feature that not only forces your customers to have to purchase applecare to recover from "error 53" but also drive out of the way to a certified apple store to have it fixed. It was a bad move on Apple's part. They weren't thinking about their customers, they were thinking about their bottom line. I'm certified to work on apple products. I own my own business and I've learned that to officially have my customers backed by the applecare guaruntee. I would have to sign a contract that binds me to only working on apple products. So basically my customers have to suffer and drive hours away to the nearest apple store or mail in their product and be weeks without a phone just because apple expects me to only work on their products. Smh! It's a shame because they could be getting so much more business. Their actions are only for their self interest and not the customers/consumers.

He may be right, he may be wrong but I bet the truth is stranger than fiction. Wow though, over 800 posts already!
 
  • Like
Reactions: dk001
Pretty much anyone can open an iPhone, buy a part from Ebay, and replace the screen with the fingerprint sensor. It's so easy even a 15 year old kid can do it, and it requires almost zero technical knowledge. If something as simple as this can breach your private data it means your data is not secure to begin with because Apple designed a vulnerable system.
How is a system vulnerable if it is successfully catching 3rd party or unpaired parts?
 
How is a system vulnerable if it is successfully catching 3rd party or unpaired parts?
Because it only does so when updating to the latest OS, Peoples phones have been working perfectly fine using 3rd party parts. Now all of a sudden apple wants a part in the gravy train. Simples.
 
Because it only does so when updating to the latest OS, Peoples phones have been working perfectly fine using 3rd party parts. Now all of a sudden apple wants a part in the gravy train. Simples.
Apple is closing a security hole. It was never intended for these parts to work in the first place.
 
No it's not. You agreed to these conditions when you bought the device.

Maybe next time you and others will RTFM and the FEULA before you invest in technical products that are important to you.

Whining like cry-babies afterwords is cute but won't stand in court.

It really doesn't matter what Apple's EULA says. Any company can write any EULA it wishes, but that doesn't make it legal or enforceable. This is why a company like PearC can still sell legal hackintoshes in Germany even when it is indeed breaking OSX EULA.

More info here: http://techcrunch.com/2009/02/20/german-pearc-apple-clones-aim-to-succeed-at-the-psystar-game/
[doublepost=1455047712][/doublepost]
How is a system vulnerable if it is successfully catching 3rd party or unpaired parts?

Because replacing a sensor should not allow anyone to access private data on a device. It would be like getting access to a computer because you replaced a trackpad or a mouse.
 
Because replacing a sensor should not allow anyone to access private data on a device. It would be like getting access to a computer because you replaced a trackpad or a mouse.
I'm very confused by your argument. Are you saying that fixing a vulnerability before it is exploited is somehow bad?
 
  • Like
Reactions: Recognition
LOL from The Guardian;
Joshua LeFrancois
7h ago
12
This is what happens when you make a judgement call about a security feature that not only forces your customers to have to purchase applecare to recover from "error 53" but also drive out of the way to a certified apple store to have it fixed. It was a bad move on Apple's part. They weren't thinking about their customers, they were thinking about their bottom line. I'm certified to work on apple products. I own my own business and I've learned that to officially have my customers backed by the applecare guaruntee. I would have to sign a contract that binds me to only working on apple products. So basically my customers have to suffer and drive hours away to the nearest apple store or mail in their product and be weeks without a phone just because apple expects me to only work on their products. Smh! It's a shame because they could be getting so much more business. Their actions are only for their self interest and not the customers/consumers.

He may be right, he may be wrong but I bet the truth is stranger than fiction. Wow though, over 800 posts already!


I have no doubt that being credentialed can be a issue , I am a senior advisor for the iOS side of things and I admit I don't know everything about getting credentialed as a AASP (Apple Authorized Service Provider).

And believe me , when it comes to customers being inconvenienced because of sometimes having to travel a good distance to get these repairs done , we understand , we have these issues on a daily basis , but the unfortunate part of everything is that there is no perfect solution to everything , we have multiple service options offered to fix most issues , and we do try to make it as painless as possible , but you can only make some things so painless when peoples lives are built around these devices.

However issues caused by anything third party is not a new issue , this has been going on a long time , from third party software ( apps and jailbreaking ) too third party replacements of hardware , but the fact of the matter is , how can WE guarantee the quality of any of our devices , if all of our most closely guarded secrets , that being our security , could be in the hands of anyone who can qualify as a AASP.

That is why for anything sensitive like this , we do it ourselves if we can.

Then again , this is just a general stance , my overlord bosses could have a different outlook , but I believe this is pretty close.
 
  • Like
Reactions: You are the One
It really doesn't matter what Apple's EULA says. Any company can write any EULA it wishes, but that doesn't make it legal or enforceable. This is why a company like PearC can still sell legal hackintoshes in Germany even when it is indeed breaking OSX EULA.

More info here: http://techcrunch.com/2009/02/20/german-pearc-apple-clones-aim-to-succeed-at-the-psystar-game/
[doublepost=1455047712][/doublepost]

Because replacing a sensor should not allow anyone to access private data on a device. It would be like getting access to a computer because you replaced a trackpad or a mouse.
Thus iOS 9 fixed this vulnerability. You are arguing both sides. Apple should not have a security hole, but they also shouldn't fix it?
 
Couple of things - from the EU/UK perspective. Firstly, there are strong anti-competitive laws here and this is in effect breaking them - putting caveats in the agreement giving the company carte blanche to do what they want can be construed by courts as unfair (which is probably why Apple replaced a 4 year old iPhone 4s which had gone faulty as in the UK it is considered a 'luxury' item and subject to much longer warranty). Secondly; I get the security concerns but surely Apple engineers could simply block the touch ID functionality and remove the relevant bank data if the phone detected non-approved parts? Or even disabling connectivity (except say through iTunes to a computer) would surely negate the security concern. However, bricking the phone without warning and providing no access to data is a step too far.
 
I have no doubt that being credentialed can be a issue , I am a senior advisor for the iOS side of things and I admit I don't know everything about getting credentialed as a AASP (Apple Authorized Service Provider).

And believe me , when it comes to customers being inconvenienced because of sometimes having to travel a good distance to get these repairs done , we understand , we have these issues on a daily basis , but the unfortunate part of everything is that there is no perfect solution to everything , we have multiple service options offered to fix most issues , and we do try to make it as painless as possible , but you can only make some things so painless when peoples lives are built around these devices.

However issues caused by anything third party is not a new issue , this has been going on a long time , from third party software ( apps and jailbreaking ) too third party replacements of hardware , but the fact of the matter is , how can WE guarantee the quality of any of our devices , if all of our most closely guarded secrets , that being our security , could be in the hands of anyone who can qualify as a AASP.

That is why for anything sensitive like this , we do it ourselves if we can.

Then again , this is just a general stance , my overlord bosses could have a different outlook , but I believe this is pretty close.
Regardless, it’s anti competitive Here’s another example;
http://www.digitaltrends.com/music/...-ipods-for-two-years-answers-for-it-in-court/
 
  • Like
Reactions: dk001
Couple of things - from the EU/UK perspective. Firstly, there are strong anti-competitive laws here and this is in effect breaking them - putting caveats in the agreement giving the company carte blanche to do what they want can be construed by courts as unfair (which is probably why Apple replaced a 4 year old iPhone 4s which had gone faulty as in the UK it is considered a 'luxury' item and subject to much longer warranty). Secondly; I get the security concerns but surely Apple engineers could simply block the touch ID functionality and remove the relevant bank data if the phone detected non-approved parts? Or even disabling connectivity (except say through iTunes to a computer) would surely negate the security concern. However, bricking the phone without warning and providing no access to data is a step too far.
Can you please quote the EU/UK laws that require a company to support improperly installed hardware?
 
  • Like
Reactions: You are the One
I would 100% believe the security argument if their detection was focused on detecting third-party or tampered sensors. Since, as I've said, this error occurs when an authentic OEM sensor from one iphone is put into another iphone of the same model, where there is zero tampering and the part is original Apple, their instrument is too blunt. It is a very over-broad restriction.

You're describing a scenario that would enable me to steal your phone and swap out your TouchID module for mine, giving me full access to whatever is on your phone. That would be a critical breach in security.
 
Bricking the phone has nothing to do with Magnusun-Moss. That addresses warranties, not device functionality.

The argument is that some phones under warranty were left inoperable when a third part part was used.
This bricked the phone and apple would not honor the warranty. Intentionally killing a device runs afoul.
They could have disabled the radio so or done any number of things.
Completely killing the device is not acceptable.

We'll see how it plays out.
Apple is on the losing end of this one, even if it's only the court of public opinion.
 
  • Like
Reactions: Ladybug
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.