Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Error53, Iphone6 is Bricked
Old 02-06-2016, 05:00 PM   #41
Recycles dryer sheets
 
Join Date: Jun 2012
Posts: 86
Error53, Iphone6 is Bricked

Installing aftermarket/counterfeit parts always has some risk. Apple OEM only for me, the quality is excellent and no compatibility issues.


Sent from my iPhone using Early Retirement Forum
__________________

__________________
Daniel J is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-06-2016, 09:22 PM   #42
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by M Paquette View Post
...
If Apple were to allow a hack that ignored Error 53 and unlocked Secure Enclave content for the hacker, I suspect we would be hearing a somewhat different complaint.

Given a choice of failing securely or failing insecurely, best practice is to fail securely.

https://www.apple.com/business/docs/...rity_Guide.pdf
Thanks. But why not simply ignore input from the fingerprint recognition (FPR) module if it does not pass the security challenge, and force the user to use the passcode method instead?

As I understand it, FPR is for convenience, so that the user does not need to enter the passcode. So if the convenience entry is corrupt, just block that entry.

Finger print is just one way in. Passcode is another. So it sure does not seem like a security issue to me if a problem is detected in one part of the system, to allow entry through the passcode, as that was always a legitimate way to enter. It would be different if BOTH were required to enter.

Some of the people reported that they don't use the FPR, and never had it worked on (it may have failed and they just decided it wasn't worth getting fixed, use the 'old fashioned' passcode method). Should they really have their product bricked? I don't think so. At a minimum, they should have recieved a stern warning describing the issue, ask for their passcode, and advise them (with several "Are you sure" warnings) that continuing with the update could result in an irretrievably locked phone.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Old 02-06-2016, 10:09 PM   #43
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
If the Secure Enclave content is unlocked with an unverified device (the thing claiming to be a fingerprint reader) attached to it's bus, there is a possibility that the unverified device may be an attack mechanism that will then have access to the user's encryption keys and all formerly secure content in the phone.

For those who like Bad Analogies, it would be like walking up to an ATM, ignoring the man in the ski mask next to it, and keying in your PIN number. Maybe nothing happens. Maybe the guy in the ski mask is just really cold, and waiting for a friend. While standing next to the ATM...

I suppose it's a reasonable alternative for folks who really trust strangers. That's not a reasonable alternative for a device manufacturer to choose for a device that will contain sensitive information for many users.

The manufacturer could probably offer a special version of the phone that would 'fail unsafe', ignoring security subsystem errors and granting access by default. Call it the "NSA Friendly" model. They might want to charge extra for this to cover the product liability premiums. You could suggest that to Apple.
__________________
M Paquette is offline   Reply With Quote
Old 02-06-2016, 10:40 PM   #44
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,699
Quote:
Originally Posted by M Paquette View Post
If the Secure Enclave content is unlocked with an unverified device (the thing claiming to be a fingerprint reader) attached to it's bus, there is a possibility that the unverified device may be an attack mechanism that will then have access to the user's encryption keys and all formerly secure content in the phone.

For those who like Bad Analogies, it would be like walking up to an ATM, ignoring the man in the ski mask next to it, and keying in your PIN number. Maybe nothing happens. Maybe the guy in the ski mask is just really cold, and waiting for a friend. While standing next to the ATM...

I suppose it's a reasonable alternative for folks who really trust strangers. That's not a reasonable alternative for a device manufacturer to choose for a device that will contain sensitive information for many users.

The manufacturer could probably offer a special version of the phone that would 'fail unsafe', ignoring security subsystem errors and granting access by default. Call it the "NSA Friendly" model. They might want to charge extra for this to cover the product liability premiums. You could suggest that to Apple.

Except that it is only if you upgrade to the new IOS that this happens and why would someone stealing a phone then upgrade to a new IOS when they surely would know the problem? If a phone is not going to work if outside repairs are done on it, purchasing customers have a right to know that as much as the criminals
__________________
Running_Man is offline   Reply With Quote
Old 02-06-2016, 11:09 PM   #45
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by M Paquette View Post
...

The manufacturer could probably offer a special version of the phone that would 'fail unsafe', ignoring security subsystem errors and granting access by default. Call it the "NSA Friendly" model. ...
I'm certainly not suggesting that security be ignored, and that access should be granted by default - nothing of the kind. I'm suggesting that they simply end all communication with the FPR module, and fall back to the security method that is also accepted - a passcode entry. Were iPhones not secure before we had FPR?

You seem to be suggesting that a 3rd party FPR module could 'snoop' on the phone contents? How could it do that if the phone dropped comm with it when it failed the security validation?

Quote:
Originally Posted by Running_Man View Post
Except that it is only if you upgrade to the new IOS that this happens and why would someone stealing a phone then upgrade to a new IOS when they surely would know the problem? If a phone is not going to work if outside repairs are done on it, purchasing customers have a right to know that as much as the criminals
Yes, it's the 'after-the-fact' implementation, and no warning to existing customers that I see as the real issue. I realize security changes are made along with other updates, and this was done in an effort to tighten security, but bricking someone's phone is extreme enough that you'd think there would be an equally extreme warning alert.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-07-2016, 11:51 AM   #46
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Quote:
Originally Posted by Running_Man View Post
Except that it is only if you upgrade to the new IOS that this happens and why would someone stealing a phone then upgrade to a new IOS when they surely would know the problem? If a phone is not going to work if outside repairs are done on it, purchasing customers have a right to know that as much as the criminals
One of several points where the integrity of the Secure Enclave is checked is during software updates. This is done to block a class of attacks involving rollbacks, the installation of older software versions to exploit identified bugs, among other attacks.
__________________
M Paquette is offline   Reply With Quote
Old 02-07-2016, 12:14 PM   #47
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
I think I already mentioned that the Engineering team did not anticipate that folks would be replacing secure subsystem parts without bothering to perform the steps needed to re-validate the Secure Enclave subsystem. That's a failure in training of service technicians that is leading to bricked phones.

It may be possible in future releases to add a Software Restore option that can unbrick a phone with these specific failures, some sort of 'Yes, this is really my phone, and I still trust the integrity of all components in it' check that would verify ownership of the device and update the internal encryption key pairs. This has to be done carefully as it also opens a new front for potential security exploits.

Quote:
You seem to be suggesting that a 3rd party FPR module could 'snoop' on the phone contents? How could it do that if the phone dropped comm with it when it failed the security validation?
There isn't a physical disconnect such as a fusible link between the fingerprint reader and Secure Enclave coprocessor that could be blown to disconnect the device. (Remember that it is also the Home button.) The device remains connected to the secure bus. This can be used to perform a number of different security attacks. One known attack on a similar Android system involves the use of a dummy 'fingerprint scanner' cut into the phone, sending an oversize buffer of 'fingerprint data' to the processor. The buffer overrun results in the injection of code allowing access to secured information in the device. (This particular attack should not work on the iPhone, but is described to give you some idea of the sort of things the security architecture has to deal with.)
__________________
M Paquette is offline   Reply With Quote
Old 02-08-2016, 09:33 AM   #48
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by M Paquette View Post
...

It may be possible in future releases to add a Software Restore option that can unbrick a phone with these specific failures, some sort of 'Yes, this is really my phone, and I still trust the integrity of all components in it' check that would verify ownership of the device and update the internal encryption key pairs. This has to be done carefully as it also opens a new front for potential security exploits. ...
OK, even if you were required to bring the phone into an Apple retail outlet, or send it to Apple, and provide proof of ownership to unlock it - that would at least be better than 'bricking' it unannounced (apparently permanently?) on the customer. And if it is really necessary/desired to have this level of security, I still say it is a bad design to not warn the customer that an unauthorized device has been detected by the SW updater, and proceeding will lock you out of your phone permanently. Explain that the risks are a potential, theoretical, security weakness that goes unchecked in earlier SW versions, but will be locked out in this upgrade.

I say 'theoretical' - have any 'smart', snooping, button replacements actually been found in the wild? Seems like a pretty sophisticated thing to pull off, and since it actually takes physical access to a phone and a customer asking to have a part replaced- wow, that's a pretty small target to put that much work into. It's hard for me to think that bad guys would work that hard for this. It's not like malware you can get by allowing a download that can access millions of phones remotely.



Quote:
The buffer overrun results in the injection of code allowing access to secured information in the device. (This particular attack should not work on the iPhone, but is described to give you some idea of the sort of things the security architecture has to deal with.)
But keeping this in perspective - clearly Apple SW performed no validation on these replacement Home buttons prior to this release (or at least took no action on it). They go from nothing to bricking the phone, all in one step, and all w/o warning the customer of such a heavy-handed action. I still say that is a bad design decision.

I probably need to re-iterate - this isn't about beating up on Apple. They make some amazing products, have pushed the envelope and have made competitors play catch-up in many areas, and obviously have many loyal, and thrilled customers. And they seem to take security very seriously. I'm just talking about this decision in isolation - I think it was a mistake, a big one. Others were trying to rationalize it in this thread by the other things Apple has done - I'm saying that is irrelevant to this point, I'm just talking about this one decision. That's not meant to bad-mouth them overall, and I'm not comparing them to anyone else.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-08-2016, 03:06 PM   #49
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Piling on Apple
And the good news keeps on coming, from lawyers and barristers:

http://www.theguardian.com/business/...error-53-codes

No I did not write the following article
The headline says it succintly:
Monsday, Feb 8, 2016
Apple takes its eye off the ball: Why Apple fans are really coming to hate Apple software - LA Times
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-09-2016, 02:19 PM   #50
Thinks s/he gets paid by the post
 
Join Date: May 2014
Posts: 3,011
So the Seattle lawyers in the first article will represent class action defendants "for free". Uh-huh.

My guess is that they'll take it on contingency and negotiate a settlement that pays them a few million $$ in fees and gives each plaintiff a $25 credit toward a new iPhone.
__________________
athena53 is online now   Reply With Quote
Old 02-10-2016, 11:14 AM   #51
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 894
Quote:
Originally Posted by athena53 View Post
So the Seattle lawyers in the first article will represent class action defendants "for free". Uh-huh.

My guess is that they'll take it on contingency and negotiate a settlement that pays them a few million $$ in fees and gives each plaintiff a $25 credit toward a new iPhone.

Yep, the vultures are circling.
__________________
Eat, Drink and Be Merry.
tulak is online now   Reply With Quote
Old 02-12-2016, 03:26 PM   #52
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Quote:
Originally Posted by kiki View Post
Yep, the vultures are circling.
Moving right along:

Class-action suit over iPhone-bricking Error 53 filed in California | Ars Technica


On Thursday, a Seattle law firm filed a class-action lawsuit against Apple in the US District Court for the Northern District of California. It argues that preventing iPhones with damaged TouchID buttons from working normally otherwise is "abusive," that Apple did not adequately warn consumers of problems that could arise from a damaged or replaced TouchID sensor, and that "more than 62 million units" have been affected in the US as of November 2015.

From the filed lawsuit:

"........but they pointed out to Apple representatives that nothing in marketing materials or purchase documents ever disclosed that their iPhone products would be destroyed by an imbedded software code if they had repaired iPhones using an independent service and then updated to certain iOS versions............"
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-13-2016, 12:08 AM   #53
Full time employment: Posting here.
 
Join Date: Apr 2015
Posts: 903
Quote:
Originally Posted by ls99 View Post
From the filed lawsuit:

"........but they pointed out to Apple representatives that nothing in marketing materials or purchase documents ever disclosed that their iPhone products would be destroyed by an imbedded software code if they had repaired iPhones using an independent service and then updated to certain iOS versions............"
Actually, I do believe this is covered in the Terms of Service that everyone agrees to but no one ever reads (likely under unauthorized third party modifications).
__________________
hnzw_rui is offline   Reply With Quote
Old 02-13-2016, 08:14 AM   #54
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Quote:
Originally Posted by hnzw_rui View Post
Actually, I do believe this is covered in the Terms of Service that everyone agrees to but no one ever reads (likely under unauthorized third party modifications).
If true could you provide a link to that part of TOS?

I do not mind being beaten over the head with ugly facts destroying beautiful theories.

It is reasonable to expect that class action filing lawyers would have found that relevant liittle tidbit. Me thinks automakers found out the hard way that locking customers into dealer service only is not a good idea.
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-13-2016, 08:33 AM   #55
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by hnzw_rui View Post
Actually, I do believe this is covered in the Terms of Service that everyone agrees to but no one ever reads (likely under unauthorized third party modifications).
I can see where lawyers will be performing surgery in just what these words mean:

Apple - Legal

Quote:
This Warranty does not apply: .... (f) to damage caused by service (including upgrades and expansions) performed by anyone who is not a representative of Apple or an Apple Authorized Service Provider (“AASP”);
I'd say it is clear and perfectly reasonable and expected that Apple isn't responsible if you had a third party replace your home button, and they damaged your phone in the process (let's say they broke a PC board connection, or the case), or if that home button just didn't work properly.

But was the damage (bricking) that people are upset about caused by the third party, or caused by Apple? Since there was no apparent problem UNTIL users ran an Apple software upgrade, I think lawyers will have a good case that it was APPLE that caused the damage. We will see.

Either way, this is bad PR for Apple - they should bend over backwards to make this right for customers, IMO. And add appropriate warnings regarding security issues.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-13-2016, 08:47 AM   #56
Thinks s/he gets paid by the post
photoguy's Avatar
 
Join Date: Jun 2010
Posts: 2,301
How many phones are actually impacted?


Sent from my iPad using Early Retirement Forum
__________________
photoguy is offline   Reply With Quote
Old 02-13-2016, 01:52 PM   #57
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Quote:
Originally Posted by photoguy View Post
How many phones are actually impacted?


Sent from my iPad using Early Retirement Forum
See post 52. about 62 million, per article linked.
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-13-2016, 02:07 PM   #58
Full time employment: Posting here.
 
Join Date: Apr 2015
Posts: 903
Quote:
Originally Posted by ls99 View Post
See post 52. about 62 million, per article linked.
Doesn't mean that's how many phones were actually affected by the upgrade. That number's probably just based on sales figures. I doubt there are 62 million iPhones with faulty TouchID buttons who got them replaced by a 3rd party.

Mind, if it's a genuine hardware problem that caused the bricking and the phone wasn't modified or tampered with in anyway, Apple will likely be willing to replace it through Apple Care warranty (or OOW replacement).
__________________
hnzw_rui is offline   Reply With Quote
Old 02-14-2016, 10:22 AM   #59
Thinks s/he gets paid by the post
photoguy's Avatar
 
Join Date: Jun 2010
Posts: 2,301
Yes. I am interested in knowing how many phones are bricked. Not how many potentially could be bricked.

News articles mention "thousands" but provide no support other than a relevant webpage got something like 200k hits. As we know hits are a terrible measure of pretty much everything (except for hits). If anything, having 200k hits would suggest to me that the problem is tiny.

Quote:
Originally Posted by hnzw_rui View Post
Mind, if it's a genuine hardware problem that caused the bricking and the phone wasn't modified or tampered with in anyway, Apple will likely be willing to replace it through Apple Care warranty (or OOW replacement).
This appears to be the case (free replacement by apple) as reported here:
What is Error 53 and why did it kill my iPhone?

The person's phone (6+) would still be under warranty. It's not clear if apple would still replace it if it was an older phone and applecare expired.
__________________
photoguy is offline   Reply With Quote
Old 02-14-2016, 01:11 PM   #60
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,426
Of course the lawyers are going to make it sound worse than it is.

It's one thing for them to get replacements for clients.

But you know they're going to get millions while the customers get nominal fees which probably won't cover the cost of replacement.
__________________

__________________
explanade is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 10:52 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.