Apple Says Sorry For iPhone Error 53 and Issues IOS 9.2.1 Update To Fix It (betanews.com) 123
Mark Wilson writes: Apple has a lot of support at the moment for its stance on encryption and refusing the FBI access to an iPhone's contents, but it's only a couple of weeks since the company was seen in a less favorable light. There was quite a backlash when users found that installing an update to iOS resulted in Error 53 and a bricked iPhone. Apple initially said that Error 53 was caused 'for security reasons' following speculation that it was a bid to stop people from using third party repair shops. iFixit suggested that the problem was a result of a failure of parts to correctly sync, and Apple has been rounding criticized for failing to come up with a fix. Today the company has issued an apology, along with an update that ensures Error 53 won't happen again. But there's more good news ... If you were talked into paying for an out of warranty replacement as a result of Error 53, you could be in line to get your money back.
It's a trap! (Score:4, Interesting)
Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?
Re: (Score:2)
Re: (Score:2)
The court order [scribd.com] specifically specifies that:
So, an ordinary install of a crippled version of iOS would not
Re: (Score:3)
You're missing his point.
You can not update a locked phone, at best you can wipe it. Even if Apple provides what they want, the ONLY way to get it on there, is to wipe the device.
To install new software on the phone, it requires that you unlock it, so that people can't do exactly what the court is requesting (though I doubt Apple had the courts in mind and probably was thinking general malicious code.
Re: (Score:2)
Uhm, no. You can just run code from RAM via DFU mode. Every jailbreaker knows this. That code can do whatever you want.
Re: (Score:2)
Yes, YOU (the consumer) can probably only wipe it. If you open the phone, use JTAG et al, you can almost certianly do much more. You notice Cook didn't say "we can't do this", instead he said something like "it would be a bad idea for us to do this".
BTW, the court order indicates the phone is a 5C so has the A6 SOC, not a 5S (or later) with A7 or later. I believe more of security, including some of the unlock logic, moved into the chip/firmware in A7 but was more accessible in A6 models.
The order prohibits
Re: (Score:2)
You can not update a locked phone
Look carefully at what the FBI is requesting. They want software that runs from RAM, loaded via the DFU. The DFU, or Device Firmware Update, is a special bootloader designed to be used at the factory for programming. It's a common feature with ARM processors, and usually burned into a ROM somewhere so that software can be loaded at the factory without a special programmer using existing ports.
If you check the instructions [theiphonewiki.com] for accessing the DFU (hold some buttons while turning the device on), you can see tha
Re: (Score:1)
Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?
Try loosening the tin foil. It's cutting off too much blood.
Re: (Score:2)
You jest, but they can already crack the Secure Enclave. Even if the FBI were asking them to crack a phone that actually had it, it would make no difference, because the Secure Enclave is just a security processor. It's not a tamperproof HSM and Apple can sign and load whatever code it wants into it at any time.
Re:It's a trap! (Score:4, Informative)
Complete nonsense. If there is reason to suspect the fingerprint scanner, it should be ignored, that is all.
Re:It's a trap! (Score:4, Informative)
Now what will happen is you'll use a insecure sensor, apple will still allow the phone to boot, and a bunch of dumbasses will go ahead and use the phone with a compromised sensor
You mean, what happens now? You do realize that Error 53 doesn't happen immediately (it would possibly be a security feature if it did) but, instead, happens weeks or months later when software updates are applied. A proper security feature would be deactivating power and data pins for the sensor if it fails to authenticate itself at boot, permanently disabling it after a set number of failures. No need to disable the entire phone; the non-working sensor should alert the user to the problem.
It does happen immediately. (Score:3)
If you are running iOS 9.2 and swap out the fingerprint sensor you will immediately get Error 53 and it will wedge your phone.
The intention here was security, Apple clearly didn't anticipate or test against phones that got unauthorized sensor replacements and thus the unintentional bricking. The new update just renders the replaced sensor inoperative but otherwise allows the phone to be used normally.
Re: (Score:1)
How about just using a separate profile, with the original data still being encrypted, until a proper device is in place? I understand that iOS doesn't allow separate profiles but it shouldn't be that hard. The second profile would still allow use but there's no risk of their being a private data spill if it's done properly. The second profile could then be used until a proper repair is made, the data can be merged with the original profile, and the new sensor can have a fuse that burns and locks it to the
They've released a fix. (Score:2)
That makes the phone functional again, just disables the non-compliant fingerprint sensor and thus you are forced to use your passcode. That seems like a reasonable compromise.
Re: (Score:1)
That probably is for the best. I could think of a few cases where it might be handy to still have the functionality but with a different profile only. I'd think that would be optimal, if possible.
Re:It's a trap! (Score:5, Insightful)
The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.
You are travelling and in some 3rd world location, it might be for your job. You might need your phone for survival (trust me, if you travel in out of the way places a smart phone really can be a survival accessory). The screen breaks. Shipping it to a certified Apple repair place might take months and cost rather a lot, what with secure shipping etc. So you get it repaired locally. It happens and its not 'cheaping out'.
Re: (Score:1, Insightful)
Re:It's a trap! (Score:4, Insightful)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.
You are travelling and in some 3rd world location, it might be for your job. You might need your phone for survival (trust me, if you travel in out of the way places a smart phone really can be a survival accessory). The screen breaks. Shipping it to a certified Apple repair place might take months and cost rather a lot, what with secure shipping etc. So you get it repaired locally. It happens and its not 'cheaping out'.
Even moreso, if you pay 655+ for a device that device should be your own to get fixed where you want to get it fixed.
Re: (Score:2)
The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.
You are travelling and in some 3rd world location .
The third world contry with enough power points to keep your phone charged all the time while travelling and has a bunch of iphone repair shops all over the place.
Re: (Score:2)
The other great part about this is ... its because people are cheaping out on a repair for a $650+ device. People are idiots. Buy a cheap repair, you deserve your phone bricked for stupidity.
You are travelling and in some 3rd world location .
The third world contry with enough power points to keep your phone charged all the time while travelling and has a bunch of iphone repair shops all over the place.
Absolutely. But not, typically, ones that have been blessed by Apple to repair the Holy Apple Hardware. Hence the bricking.
Re:It's a trap! (Score:4, Funny)
This is actually a pretty common scenario for people who follow route guidance in Apple Maps.
Re: (Score:2)
Oh, by third world, you must mean, outside of any major city in the us of a. And not everyone can get away from work long enough during the workday to take their i phone to an authorized shop, but there are the other phone shops that have a simular, as in made by the same company, in the same plant, in the same run, etc but put on a different phone, at half the price, and installed for maybe even less the half the price. Damn, that sounds familiar...
The USA is a 3rd world country with a bunch of 1st world city-states.
Re: (Score:1)
I'm gonna guess that you've never actually been to a "third-world" or impoverished nation? Why? I have. I've also explored the US in great detail - well and above that which is normally seen and very seldom in the urban areas. If you expect your comment to be taken seriously, you might want to make some serious adjustments. I can assure you, the US is much better than you seem to think. Get out of the city in South Africa, go to Nigeria, visit Haiti, go to the more remote areas of even Mexico - then compare
Re: (Score:2)
I've lived and worked in 3rd world nations.
Re: (Score:1)
Then you have a very strange definition for third world or are hyperbolic and should know that you're being disingenuous.
Re: (Score:2)
It falls back to authenticating with passcode in this case.
Re: (Score:1)
That's a nice story and all, it's just not true. (Score:2)
The problem was people who had their phone serviced at an unauthorized shop and then later updated to iOS 9.2.1. That version of iOS included a more thorough check of the fingerprint sensor.
Re: (Score:3)
The sensor will not take fingerprint scans. Having a replaced TouchID module means TouchID won't work (due to pairing failure). It'll still boot though. The old recovery mode installer just barfed on this expected condition instead of working around it like the regular OS does.
Re: (Score:2)
No, it's apple's fault they disabled people's *phones* for no good reason when all they needed to do was disable the fingerprint sensor and demand entry of a password. Anything beyond that was disgusting gratuitous damage.
That right there is the bit you won't even be able to get him to acknowledge, let alone concede - even though Apple themselves appear to have done so.
Re: (Score:2)
Re: (Score:1)
No, just introducing another security flaw in general thanks to the mass number of ignorant people who think this is a good idea..
It's not just the fingerprint sensor. My daughter had her screen replaced AT AN APPLE STORE. Update 9.2 gave Error 53. I'll try 9.2.1 this weekend, and then take it in if that doesn't fix it,
Sorry for what? (Score:1)
Being caught or making a mistake that messed up your customers' phones?
I'll believe you are truly sorry about messing things up if you now turn around and *fix* those phones which are now useless because they may have had non OEM parts installed. Otherwise, I'm going to believe that you are just sorry for getting caught.
Re:Sorry for what? (Score:4, Insightful)
Re:Sorry for what? (Score:4, Informative)
"This update will restore phones âbrickedâ(TM) or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled." From the article on techcrunch.
wait a second (Score:3, Interesting)
Re:wait a second (Score:5, Informative)
This update doesn't re-enable TouchID. It simply allows people to unlock using their passcode.
More or less, the Secure Enclave can be accessed via user passcode or TouchID. Error 53 was a means of securing iPhones against possible breaches resulting from the use of untrusted TouchID components, but the approach was overly heavy-handed, since it also prevented users from using their passcode. This update restores that ability, while still disabling the untrusted, third-party TouchID components.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
So what exactly makes the sensor "untrustable"? It's not sequencing DNA; it takes a freakin' picture of your finger and "securely" communicates it to the SE. (i.e. a camera accessed via SSL from the SE) I'm pretty sure a fingerprint can be suitably replicated to fool the TouchID system. ('tho I do hope it's not a simple as licking a photocopy...)
Prevents 'fake fingerprint' attacks. (Score:3)
The real sensor takes some effort to ensure you are pressing something like a finger to the sensor (a picture of a fingerprint won't work). A fake 'sensor' could just pass images from a database.
It's not undefeatable, but security has nothing to do with perfection, it has to do with making something harder and more expensive.
Re: (Score:2)
Not untrustable, just untrusted. And it's my understanding that they uniquely pair each Secure Enclave with each TouchID sensor, that way the sensor can't be replaced with one that intentionally returns false positives. As you said, there are ways to circumvent a "trusted" sensor, but they require techniques that are a bit more complicated than wetted paper on a finger. ;)
Re: (Score:2)
The sensor doesn't return a positive or a negative. It just returns an image to the CPU for it to compare to the stored images.
Re: (Score:2)
Quite right, as you suggest, it's actually a matter of the sensor producing an image, which, in turn, results in the Secure Enclave producing a false positive. That is definitely an important distinction in this case, so I should have been clearer. Thanks for the fact check.
Re:wait a second (Score:4, Informative)
The security claim made no sense to anyone who understood how fingerprint scanners work. Apple spun some bullshit line and Apple fans bought it, inventing elaborate and ridiculous explanations to back it up.
Hint: Much easier and more effective than building a custom fingerprint sensor that records the fingerprint data, just passively snoop the touchscreen data lines which are analogue and unencrypted. Capture the user's PIN/password.
Re: (Score:2)
Indeed. Passive snooping on analog sensors is not that hard.
Made perfect sense to me. (Score:1)
Having the fingerprint scanner in the secure enclave makes it harder to (a) remotely record somebody's fingerprint, and/or (b) apply a fingerprint image from a database to a hacked iPhone with the sensor swapped out.
Pointing out that there are "other possible ways" to hack an iPhone is a clear indication that you don't understand how computer security works. Here's a hint, it has absolutely nothing to do with perfection.
Re: (Score:2)
A sufficiently competent "bad guy" could already do that. The whole thing is a trade-off. Apple apologized for being too restrictive, possibly without any real security benefit.
Bricking the phone still isn't a good solution (Score:2)
Personally I can't imagine what sort of attack it's supposed to prevent, any adversary capable of replacing the fingerprint sensor in your phone is going to be an adversary capable of obtaining and replicating your finger print to the sensor.
If it's just the risk of cheap kno
Re: (Score:1)
A lot of people just don't care. They either do not or perceive that they do not need this level of security. Most likely they do not.
So a bad guy can get into my phone. What can he do besides ravage my contacts? I don't trust apple enough to use the pay. The kids already watch the pin code so email is password prompted. So is in app and store purchases. I guess they could read my text messages but those are deleted often.
Re: (Score:1)
Re: (Score:1)
I was wondering why it was suddenly getting so much
Re: (Score:2)
i thought the point of this error 53 was to purposely render your data inaccessible in the case where the touchID had been tampered with?
If that was the case it would take effect after the hardware change not months later when you get a system update.
Re: (Score:2)
"cuz a bad guy could replace a real touch sensor with a compromised one, then unlock the phone with a fake fingerprint."
No, he really couldn't. The touch id sensor is essentially a camera that takes a picture of your fingerprint. Apple has said that due to unique properties of each sensor if you change out a sensor you have to re-enroll your fingerprints. I don't know if that's because the sensor salts the image data, or if there is just minor variability between the sensors. But in any case, you can't
Re: wait a second (Score:2)
In general, if you detect that an input device has been tampered with you can save the user by disabling it, especially if you cut the power to it completely. A fingerprint sensor might have an embedded radio that phones home and sends any fingerprints that it captures to the attacker and an embedded battery to power the radio, so it's not 100% airtight.
An output device is much more serious. Imagine if someone switched your screen for one that contains an embedded computer and an embedded radio. The screen
Re: (Score:2)
My wife got a free new phone due to this bug (Score:5, Interesting)
The Touch ID sensor died on my wife's iPhone 6S, and it prevented the iOS 9.2.1 update from installing even after doing a factory reset.
The Apple Store couldn't fix the issue, so she got a brand new phone out of the deal. Good thing the phone was still under warranty!
Have it both ways (Score:1)
I wonder how many complained about this and wanted this security feature removed. That are now supporting Apple's side against the FBI.
FBI. great! we can now put our modified fingerprint sensor in that allows us into any phone.
Re: (Score:2)
Nope keys don't match touch sensor is disabled and you are back to using a password like the rest of us.
Re: (Score:2)
Maybe the first article i read else wear had it wrong. It mentioned replacing the sensor by third party vendors will be supported in the update. As well as the screen.
Or maybe you don't know how to read. (Score:3)
As of iOS 9.2.1 Apple disables a tainted fingerprint sensor and reverts to passcode security. We eagerly await your retraction.
Re: (Score:2)
Maybe i read a different article and maybe i don't work in IT and maybe you are a FUCKING ASSHOLE.
Re: (Score:2)
So back to the standard level of asshattery, where third party cables/parts are disabled by OS updates. Because fuck you consumer, trying to buy a USB cable for less than $30!
Certified third party cables exist for $5. (Score:2)
Apple only locked out the un-certified counterfeit ones. If you recall there was a counterfeit cable that started a fire that killed someone in China, that's when they started cracking down.
Put two and two together (Score:2)
Put two and two together -- Apple puts out an iOS update just after a court order to put a backdoor into their phones. A court order that legal experts say is valid and Apple will be found in contempt if they fail to comply.
Re: (Score:2)
meh. it's not so.
it's not about that at all.
however the court order is valid. because that case is on 5C...
Do you even care that you sound like an idiot? (Score:2)
Are you just happy to be considered profound by other idiots? Because that is fucking stupid.
Re: (Score:2)
Are you just happy to be considered profound by other idiots? Because that is fucking stupid.
Why yes, yes, I am. :)
Wrong! (Score:2)
Re:Wrong! (Score:4, Informative)
All right, I'm partially wrong. iOS 9.2.1 is from Jan 2016, but Apple pushed a new build of 9.2.1 on 18 Feb 2016 to fix the Error 53 issue. The /. headline says 9.2.1 came out today, which is why I was confused.
Also, to get the new build of 9.2.1, you apparently need to download it through iTunes, not over your iDevice's Wi-Fi connection [macrumors.com].
Re: (Score:1)
So there's a new build of 9.2.1 without any sort of a version bump at all? That's a little weird. Why isn't there a version bump so people can easily verify what they're running?
Re: (Score:3)
Apple does this quite frequently when they make a minor mistake in an update, silently releasing a new build with the same version number. What this signifies is that for 99.9999% of users, there's no functional difference between the two builds, so they didn't feel the need to turn a new build number and force everyone to update over something that affects probably a single-digit number of users.
By turning the build, they're ensuring that no new users encounter the problem going forwards, and providing
Any wedged device needs to recover via iTunes (Score:2)
If it can't boot then it can't do a device-only update.
Re: (Score:2)
Supposedly (though I can't imagine why this would be the case) updating OTA to the earlier 9.2.1 build didn't cause the error to appear. So there may be no need to rev the OTA update.
With that said, I seem to recall that over-the-air updates require additional carrier approval because they're big and they can be DLed over the cellular network (depending on the car
Re: (Score:2)
Actually, I think I understand why there's a difference. The OTA updates look like they run inside iOS, similar to the way minor OS X updates work, whereas the non-OTA updates seem to involve booting a from a separate installer root like major OS X upgrades work. So if that install DMG's OS contained a bug, it would affect the non-OTA updates during the upgrade process itself, but would have no impact on OTA updates.
That also means that you ought to have been able to get around the problem (albeit withou
hack (Score:1)
Re: (Score:3)
No more so than they could without changing the scanner. This change doesn't enable fake fingerprint scanners. It just lets you continue to use the device with a passcode as though the fingerprint scanner weren't there.
Apple = abhorrent cunts (Score:1)
Works on bricked phones? (Score:1)