Law Firms Consider 'Error 53' Lawsuits Against Apple as Some Stores Authorized for Repairs

[AppleGroundZero]

Even if you're using OEM parts, if you separate the sensor from the secure data storage component, that breaks the security chain and is effectively "tampering." Once you break that connection, you've breached the security encalve of the TouchID device, and all bets are off. Allowing unknown parties to disconnect and re-connect sensors opens up the possibility of someone being able to capture or interfere with the data between those parts. (Put another way, if keeping your job as an air-traffic controller means you have to pass a drug test, you nor the FAA are going to shrug it off if someone unauthorized breaks the seal on your urine sample to swap out the lid for another lid. Even if that unauthorized person was just innocently putting on a newer OEM lid, there's no way to be sure he didn't sprinkle in a few grains of oxy-something, swap out your THC-saturated pee for a clean sample, or just sneeze into the jar. A broken chain-of-custody is a broken chain-of-custody.)

So... replacing the entire TouchID chain of components would be the only way for a third party to swap out these parts for new ones without breaking the security chain internal to the TouchID 'enclave.' But then, even if the new parts were all OEM, that just creates the scenario I noted previously, enabling me to steal your phone, swap out your TouchID components for mine, and use my fingerprint to gain access to the contents of your phone.

So to prevent that scenario, the TouchID sensor and data storage component enclave have to be securely chained to the phone's other components. This means that maintaining the integrity of the fingerprint security system requires maintaining a secure and uninterrupted data chain-of-custody from the surface of the sensor all the way to the controller board of the phone. If someone not authorized by Apple breaks that chain anywhere, they invalidate the security of the device. That invalidation doesn't require proof of actual nefarious action on the part of the unauthorized repair shop. It only requires that a policy of allowing data chain-of-custody to be broken opens up the (even remote) possibility that someone somewhere could exploit that vulnerability for nefarious purposes.

Any given individual user might not care about that, but Apple has to.

Bravo sir , well put.

 

[lordofthereef]

While your suggestion of just disabling the sensor and warning the user about it holds merit, do you not think these very same people would complain just the same? Mostof the arguments here are based on the belief that "I should be able to have anyone I want repair my phone, especially if they are cheaper or more accessible than an apple store".
I tend to think those very same people will be equally pissed off at apple for their phone being crippled by a botched repair.

Not really about complaining here. If I spend my money on your product I should be warned that you are going to render it useless via an update should I have repairs done without your blessing. I imagine this is a large portion of what the argument, and moreso the lawsuit, is about. Simply Pissing off your customers is different from bricking their devices.
[doublepost=1455061699][/doublepost]

See serial peripheral interface bus referenced below. SPI devices communicate in full duplex mode, i.e. data is sent and received.

The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

The Secure Enclave uses encrypted memory and includes a hardware random number generator. Its microkernel is based on the L4 family, with modifications by Apple. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key entangled with the UID and an anti-replay counter.

The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

Thank you.

Are you able to explain what technicality would keep apple from simply disabling all communications between hardware it deems not properly paired with the system (as is apparently happening in error 53)? In other words, what keeps the "error 53" from simply being an "we have disabled touch ID as anything other than a button due to it not having been properly paired witht he rest of your hardware, for yoursafety. Please see an Apple certified repair for further assistance on repairing and reactivating the button". (as an example)

I think, at this point, I have mentioned in almost every response to anyone here that I am more concerned that Apple is doing this without giving their customers express notice, though that part of my statement is often not addresses, and often even removed. I guess my issue is that security is fine, but not at the expense of a customer. I can't say I would ever take my phone to a third party because the money savings just aren't big enough (and we have three apple stored within 30 minutes, so it's just too easy to get there), but I feel for the folks who may not have other options. To be blunt "this is for your security" is not a good enough response as to why an entire device is rendered useless.

To add to this, I have asked a few times why this is happening now, again something nobody is really discussing (plenty are asking, but nobody really has responded, perhaps because they don't have an answer). We have had touch ID going on three years, and a "random" update is bricking phones some 30 months after it was initially launched? I can't imagine the hardware was there all this time and it just took Apple this long to figure out the software bit of this security feature. As mentioned, I am still sort of leaning toward this error possibly not functioning as intended by Apple.

As my own anecdote, my mom, who did manual labor all her life, has worn fingerprints and thus can't even use touch ID; I have tried setting it up with her multiple times and it just won't take. If she fell into this scenario that her button was damaged and/or repaired outside of Apple, how on earth is anyone going to explain to her that it was for her own security? To add insult to injury, Apple will require her to replace the entire front panel ($100+) for the button replacement despite that not being a physical requirement of the job.

 

[SusanK]

This what you need?
View attachment 615396

No, thanks for asking. I need the plastic accessory that would hold AA batteries. I really enjoyed Message Pad. Was quite a device for it's day. Still have two of them. I think I have the 2000 and 2100.

Thanks again!

 

[kdarling]

So... replacing the entire TouchID chain of components would be the only way for a third party to swap out these parts for new ones without breaking the security chain internal to the TouchID 'enclave.' But then, even if the new parts were all OEM, that just creates the scenario I noted previously, enabling me to steal your phone, swap out your TouchID components for mine, and use my fingerprint to gain access to the contents of your phone.

Nope.

Swapping Touch ID components would not allow you to use anyone else's fingerprint.

The registered fingerprints data storage and matching is done in the Secure Enclave on the CPU, NOT by any Touch ID parts.

 

[Mr Staunton]

So using a 3rd party part replacement for the Touch ID, Apple security detects that it's been tampered with and disables the unit - thus protecting your phone and content. If Apple allow this type of repair, then these 3rd party parts could bypass the Touch ID security system, then it's pointless having your phone locked.

 

[applezulu]

Nope.

Swapping Touch ID components would not allow you to use anyone else's fingerprint.

The registered fingerprints data storage and matching is done in the Secure Enclave on the CPU, NOT by any Touch ID parts.

So the secure chain extends to the CPU, and breaking that chain anywhere violates the security integrity of the device. This just reinforces the need to prevent unauthorized tinkering.

 

[hayesk]

Nope.

Swapping Touch ID components would not allow you to use anyone else's fingerprint.

The registered fingerprints data storage and matching is done in the Secure Enclave on the CPU, NOT by any Touch ID parts.

But I wonder if it could store the first fingerprint sensing (i.e. yours right after you get your repaired phone back), and then always sending that first one to the secure enclave instead of the actual fingerprint used after that first one, basically rendering TouchID useless.

 

[oscarinkc]

Even if you're using OEM parts, if you separate the sensor from the secure data storage component, that breaks the security chain and is effectively "tampering." Once you break that connection, you've breached the security encalve of the TouchID device, and all bets are off. Allowing unknown parties to disconnect and re-connect sensors opens up the possibility of someone being able to capture or interfere with the data between those parts. (Put another way, if keeping your job as an air-traffic controller means you have to pass a drug test, you nor the FAA are going to shrug it off if someone unauthorized breaks the seal on your urine sample to swap out the lid for another lid. Even if that unauthorized person was just innocently putting on a newer OEM lid, there's no way to be sure he didn't sprinkle in a few grains of oxy-something, swap out your THC-saturated pee for a clean sample, or just sneeze into the jar. A broken chain-of-custody is a broken chain-of-custody.)

So... replacing the entire TouchID chain of components would be the only way for a third party to swap out these parts for new ones without breaking the security chain internal to the TouchID 'enclave.' But then, even if the new parts were all OEM, that just creates the scenario I noted previously, enabling me to steal your phone, swap out your TouchID components for mine, and use my fingerprint to gain access to the contents of your phone.

So to prevent that scenario, the TouchID sensor and data storage component enclave have to be securely chained to the phone's other components. This means that maintaining the integrity of the fingerprint security system requires maintaining a secure and uninterrupted data chain-of-custody from the surface of the sensor all the way to the controller board of the phone. If someone not authorized by Apple breaks that chain anywhere, they invalidate the security of the device. That invalidation doesn't require proof of actual nefarious action on the part of the unauthorized repair shop. It only requires that a policy of allowing data chain-of-custody to be broken opens up the (even remote) possibility that someone somewhere could exploit that vulnerability for nefarious purposes.

Any given individual user might not care about that, but Apple has to.

So why not simply just disable TouchID and all associated financial capabilities from working at all rather than bricking the phone when mismatched home buttons and logic boards are used ?? You still need a passcode at power up to get into the phone and force the user to actually, you know, log in to access his/her financial transactions. A smaller price to pay when you "trash" your home button thumbprint capability but the phone would remain usable for the consumer. Apple could provide the standard disclaimers of possible (mythical until proven otherwise) security issues and let the consumer beware rather than completely trashing the phone with an iOS update.

Inadvertent or not, if Apple can get away with this, they will have found a way to put a LOT of third party Apple iPhone repair places out of business; is this good for consumer or even legal ? I strongly suspect they will lose in EU on this issue; in the USA, it is a bit muddier since money talks with Congress.

 

[bruinsrme]

It must have been extremely tricky to set up the lines to assign error 53.

 

[Ladybug]

I personally think they need to rethink how they address this issue going forth. Apple never informed or made this public knowledge before customers purchased their devices. Had everyone known they would do this before hand, I'm sure they would have loss some sales. I don't see how this can be legal because they are damaging property that does not belong to them. Thats just my opinion though.

 

[oscarinkc]

I personally think they need to rethink how they address this issue going forth. Apple never informed or made this public knowledge before customers purchased their devices. Had everyone known they would do this before hand, I'm sure they would have loss some sales. I don't see how this can be legal because they are damaging property that does not belong to them. Thats just my opinion though.

It is not just the "software damage" causing a bricked phone; it is anti-trust/anti-consumer strongly discouraging a consumer from pursuing third party repair alternatives; especially when the Apple stores give you no alternative but to pay for a new phone when all that is needed to repair a phone is a $5 part. Made worse by lack of warning by Apple that pursuing third party repair options could "brick" the phone because of the alleged security "features" (?).

This seems to me either poor design from security perspective and/or deliberate effort to give Apple a chance to circumvent anti-consumer laws designed to promote competition.

If Apple is on the losing side of lawsuits/anti-consumer laws, they may be forced to disable Apple Pay and/or redesign the software/hardware(!) to enable consumer choice on non-warranteed iPhone repairs.

 

[jimbobb24]

Lawyers want to sue someone? This is a very very surprising development.

Interesting that for the integrity of credit cards and whatever Apple choose to lock up these machines. Theoretically this is to avoid a hardware exploit...interesting.

 

[Deuce on the Clock]

It can and has been bricking devices repaired at Apple stores as well when "genius" members haven't run calibration tests on deviceS after a repair. It also can happen if displays aren't properly done as well, not just home buttons. Intentional on Apples part and they should lose and pay. Brickgate.

 

[Abazigal]

For those defending Apple in this debacle and buying the god awful security nonsense as good reasoning rather than this being a disgusting approach to monopolise and overcharge for repairs, please answer these questions...

1. Where is any evidence of the existence of a Touch ID sensor capable of circumventing the need for an accurate thumb/finger print?

2. Why disable the phone? Why not just warn users that using non Apple parts could compromise safety in a pop-up?

3. Why not just wipe all payment and personal data (passwords etc) upon detection of a non matching Touch ID component? Then there's no data to steal?

4. Why not just lock out the Touch ID capabilities of the phone until you and Apple can verify you are the user? Or until an Apple Store replaces the part at your expense?

5. Why is it even an issue, if your phone has been switched off, and you use Touch ID, you will be required to enter your passcode to unlock the phone, and then if you want to use Touch ID for any apps or services you will need to use your password on first use. Where did this thief who fitted the imaginary circumventing sensor also get your passcode and password from? Aren't these measures enough to protect your data and money?

6. Why only disable these phones upon OS update?

7. And this is the killer question, the question that negates all arguments that this is purely a security move... Why refuse to fix the phone? Why only allow the purchase of a replacement? If this was purely a security issue the Apple stores would surely verify you're the owner and charge you to replace the sensor again and pair it.

I can't answer those questions, but that doesn't mean you are right either, because it's often way more difficult to dispel a negative than prove it. You are throwing out random questions and putting the onus of proving them on people like us. People who very likely have little insight into the way Apple works and thus would be ill-equipped to answer your questions.

I can however, direct you to this post which does help shed some light on the matter, and answers some of your queries, especially Q6. For your last question, the most likely answer is that Apple made it so even they may not be able to unlock their own iPhones. Remember Tim Cook mentioning that they cannot decrypt their own iMessages? It could be something similar here.

https://theoverspill.wordpress.com/...le-between-conspiracy-and-rock-hard-security/

 

[H2SO4]

Remember Tim Cook mentioning that they cannot decrypt their own iMessages? It could be something similar here.

Tim Cook also said they pay all their taxes……...

 

[Abazigal]

Tim Cook also said they pay all their taxes……...

Which they technically do.

 

[H2SO4]

Which they technically do.

I quote,
“We don't use tax gimmicks, we pay all the taxes we owe, every single dollar. We don't just comply with the law, we comply with the spirit of the law”.
The italicised part is enough for me to question him, the bold, underlined and italicised part is enough for me to not trust him at all.

 

[C DM]

I quote,
“We don't use tax gimmicks, we pay all the taxes we owe, every single dollar. We don't just comply with the law, we comply with the spirit of the law”.
The italicised part is enough for me to question him, the bold, underlined and italicised part is enough for me to not trust him at all.

Welcome to not trusting pretty much the vast majority of companies and organizations and governments and even people.

 

[H2SO4]

Welcome to not trusting pretty much the vast majority of companies and organizations and governments and even people.

LOL, there are probably a lot of reasons I shouldn’t trust my neighbour. Until he/she actually acts or stands up and declares racist/sexist/ageist/etc. etc tendencies I’ll be Ok with them.
Timmy has gone on record there.

 

[C DM]

LOL, there are probably a lot of reasons I shouldn’t trust my neighbour. Until he/she actually acts or stands up and declares racist/sexist/ageist/etc. etc tendencies I’ll be Ok with them.
Timmy has gone on record there.

And it's beyond clear that many companies and governments and organizations do the same where they will stick to the absolute minimum that would get them by and try to get away with as much as they can. Are we really saying that unless they actually outright say it we can just happily pretend the majority aren't doing it then?

 

[Soccertess]

Not really about complaining here. If I spend my money on your product I should be warned that you are going to render it useless via an update should I have repairs done without your blessing. I imagine this is a large portion of what the argument, and moreso the lawsuit, is about. Simply Pissing off your customers is different from bricking their devices.
[doublepost=1455061699][/doublepost]
Thank you.

Are you able to explain what technicality would keep apple from simply disabling all communications between hardware it deems not properly paired with the system (as is apparently happening in error 53)? In other words, what keeps the "error 53" from simply being an "we have disabled touch ID as anything other than a button due to it not having been properly paired witht he rest of your hardware, for yoursafety. Please see an Apple certified repair for further assistance on repairing and reactivating the button". (as an example)

I think, at this point, I have mentioned in almost every response to anyone here that I am more concerned that Apple is doing this without giving their customers express notice, though that part of my statement is often not addresses, and often even removed. I guess my issue is that security is fine, but not at the expense of a customer. I can't say I would ever take my phone to a third party because the money savings just aren't big enough (and we have three apple stored within 30 minutes, so it's just too easy to get there), but I feel for the folks who may not have other options. To be blunt "this is for your security" is not a good enough response as to why an entire device is rendered useless.

To add to this, I have asked a few times why this is happening now, again something nobody is really discussing (plenty are asking, but nobody really has responded, perhaps because they don't have an answer). We have had touch ID going on three years, and a "random" update is bricking phones some 30 months after it was initially launched? I can't imagine the hardware was there all this time and it just took Apple this long to figure out the software bit of this security feature. As mentioned, I am still sort of leaning toward this error possibly not functioning as intended by Apple.

As my own anecdote, my mom, who did manual labor all her life, has worn fingerprints and thus can't even use touch ID; I have tried setting it up with her multiple times and it just won't take. If she fell into this scenario that her button was damaged and/or repaired outside of Apple, how on earth is anyone going to explain to her that it was for her own security? To add insult to injury, Apple will require her to replace the entire front panel ($100+) for the button replacement despite that not being a physical requirement of the job.

Well put!!!

 

[H2SO4]

And it's beyond clear that many companies and governments and organizations do the same where they will stick to the absolute minimum that would get them by and try to get away with as much as they can. Are we really saying that unless they actually outright say it we can just happily pretend the majority aren't doing it then?

Look again, I said until they act or declare, all I need is proof of either/both happening now or in the past or indications that they are going to in the future……..Doesn’t matter to me whether that is government, corporation or individual.
Just because I don’t trust Cook doesn’t mean I should or shouldn’t trust others.

 

[C DM]

Look again, I said until they act or declare, all I need is proof of either/both happening now or in the past or indications that they are going to in the future……..Doesn’t matter to me whether that is government, corporation or individual.
Just because I don’t trust Cook doesn’t mean I should or shouldn’t trust others.

What I'm saying is what he said is what a good majority of them all are doing and have been doing. It's not secret by any means, even each one isn't actually saying it somewhere or blatantly displaying it all. There's really nothing new or shocking or anything like that there.

 

[H2SO4]

What I'm saying is what he said is what a good majority of them all are doing and have been doing. It's not secret by any means, even each one isn't actually saying it somewhere or blatantly displaying it all. There's really nothing new or shocking or anything like that there.

Yep, I’m sure they all do. Heck my company, (I hope nobody has worked out who I work for), does some crap things and has double standards - I do what I can to give some of it a little visibility. Actually standing up in public and lying takes it a step further.
Mind you, ‘…not having sexual relations with that woman’ doesn’t seem to have had a lasting adverse effect.

 

[techwhiz]

You don't own your phone.
Samsung will brick your phone if you try to root it.
There have been reports of bricked Samsung phones taking an OTA update.
Apple bricks phones when you use a "non-Apple" part or if the chain isn't verified.

In ALL cases causing a consumers device not to function at all is inexcusable.
Disable the secure functions.
Google seems to be able to disable only the functions related to Android Pay when you make unauthorized modifications that affect security without bricking your device.