Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug IOS Iphone Security Apple Technology

Apple Says Sorry For iPhone Error 53 and Issues IOS 9.2.1 Update To Fix It (betanews.com) 123

Mark Wilson writes: Apple has a lot of support at the moment for its stance on encryption and refusing the FBI access to an iPhone's contents, but it's only a couple of weeks since the company was seen in a less favorable light. There was quite a backlash when users found that installing an update to iOS resulted in Error 53 and a bricked iPhone. Apple initially said that Error 53 was caused 'for security reasons' following speculation that it was a bid to stop people from using third party repair shops. iFixit suggested that the problem was a result of a failure of parts to correctly sync, and Apple has been rounding criticized for failing to come up with a fix. Today the company has issued an apology, along with an update that ensures Error 53 won't happen again. But there's more good news ... If you were talked into paying for an out of warranty replacement as a result of Error 53, you could be in line to get your money back.
This discussion has been archived. No new comments can be posted.

Apple Says Sorry For iPhone Error 53 and Issues IOS 9.2.1 Update To Fix It

Comments Filter:
  • It's a trap! (Score:4, Interesting)

    by xombo ( 628858 ) on Thursday February 18, 2016 @06:15PM (#51538323)

    Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?

    • We will never know for sure.
    • by Anonymous Coward

      Stealthily pushing out an update that will make cracking the Secure Enclave easier in future FBI investigations?

      Try loosening the tin foil. It's cutting off too much blood.

    • You jest, but they can already crack the Secure Enclave. Even if the FBI were asking them to crack a phone that actually had it, it would make no difference, because the Secure Enclave is just a security processor. It's not a tamperproof HSM and Apple can sign and load whatever code it wants into it at any time.

  • Being caught or making a mistake that messed up your customers' phones?

    I'll believe you are truly sorry about messing things up if you now turn around and *fix* those phones which are now useless because they may have had non OEM parts installed. Otherwise, I'm going to believe that you are just sorry for getting caught.

  • wait a second (Score:3, Interesting)

    by davecotter ( 1297617 ) <me@daveco t t e r . c om> on Thursday February 18, 2016 @06:28PM (#51538385)
    i thought the point of this error 53 was to purposely render your data inaccessible in the case where the touchID had been tampered with? when i read about it, i was like, the people that are whining about this don't fully understand security, that this bricking thing is actually good, cuz a bad guy could replace a real touch sensor with a compromised one, then unlock the phone with a fake fingerprint. now, with this "fix", it seems a bad guy could do exactly that? i'm sure i'm missing something.
    • Re:wait a second (Score:5, Informative)

      by Anubis IV ( 1279820 ) on Thursday February 18, 2016 @06:40PM (#51538437)

      This update doesn't re-enable TouchID. It simply allows people to unlock using their passcode.

      More or less, the Secure Enclave can be accessed via user passcode or TouchID. Error 53 was a means of securing iPhones against possible breaches resulting from the use of untrusted TouchID components, but the approach was overly heavy-handed, since it also prevented users from using their passcode. This update restores that ability, while still disabling the untrusted, third-party TouchID components.

      • okay, THAT makes much more sense.
      • If that is, in fact, what the update is, then I applaud Apple for doing it. There really and truly is no reason to disable any more than the sensor in this case.
      • by Cramer ( 69040 )

        So what exactly makes the sensor "untrustable"? It's not sequencing DNA; it takes a freakin' picture of your finger and "securely" communicates it to the SE. (i.e. a camera accessed via SSL from the SE) I'm pretty sure a fingerprint can be suitably replicated to fool the TouchID system. ('tho I do hope it's not a simple as licking a photocopy...)

        • The real sensor takes some effort to ensure you are pressing something like a finger to the sensor (a picture of a fingerprint won't work). A fake 'sensor' could just pass images from a database.

          It's not undefeatable, but security has nothing to do with perfection, it has to do with making something harder and more expensive.

        • Not untrustable, just untrusted. And it's my understanding that they uniquely pair each Secure Enclave with each TouchID sensor, that way the sensor can't be replaced with one that intentionally returns false positives. As you said, there are ways to circumvent a "trusted" sensor, but they require techniques that are a bit more complicated than wetted paper on a finger. ;)

          • The sensor doesn't return a positive or a negative. It just returns an image to the CPU for it to compare to the stored images.

            • Quite right, as you suggest, it's actually a matter of the sensor producing an image, which, in turn, results in the Secure Enclave producing a false positive. That is definitely an important distinction in this case, so I should have been clearer. Thanks for the fact check.

    • Re:wait a second (Score:4, Informative)

      by AmiMoJo ( 196126 ) on Thursday February 18, 2016 @06:43PM (#51538459) Homepage Journal

      The security claim made no sense to anyone who understood how fingerprint scanners work. Apple spun some bullshit line and Apple fans bought it, inventing elaborate and ridiculous explanations to back it up.

      Hint: Much easier and more effective than building a custom fingerprint sensor that records the fingerprint data, just passively snoop the touchscreen data lines which are analogue and unencrypted. Capture the user's PIN/password.

      • by gweihir ( 88907 )

        Indeed. Passive snooping on analog sensors is not that hard.

      • Having the fingerprint scanner in the secure enclave makes it harder to (a) remotely record somebody's fingerprint, and/or (b) apply a fingerprint image from a database to a hacked iPhone with the sensor swapped out.

        Pointing out that there are "other possible ways" to hack an iPhone is a clear indication that you don't understand how computer security works. Here's a hint, it has absolutely nothing to do with perfection.

    • by gweihir ( 88907 )

      A sufficiently competent "bad guy" could already do that. The whole thing is a trade-off. Apple apologized for being too restrictive, possibly without any real security benefit.

    • Even if you are defending against a potentially dodgy fingerprint scanner all you need to do is pop up a dialogue on boot saying there's a problem with the fingerprint scanner and that the phone won't accepting fingerprints from it.

      Personally I can't imagine what sort of attack it's supposed to prevent, any adversary capable of replacing the fingerprint sensor in your phone is going to be an adversary capable of obtaining and replicating your finger print to the sensor.

      If it's just the risk of cheap kno
    • A lot of people just don't care. They either do not or perceive that they do not need this level of security. Most likely they do not.

      So a bad guy can get into my phone. What can he do besides ravage my contacts? I don't trust apple enough to use the pay. The kids already watch the pin code so email is password prompted. So is in app and store purchases. I guess they could read my text messages but those are deleted often.

    • You would potentially have thought correctly if not for the fact that Error 53 crops up weeks or months after the repair, when software updates are applied. If it were immediate, it might be a security feature; but, then, that the sensor and phone are paired and a replacement sensor shouldn't be able to work at all without Apple's blessing should be enough to prevent such an attack.
    • i thought the point of this error 53 was to purposely render your data inaccessible in the case where the touchID had been tampered with?

      If that was the case it would take effect after the hardware change not months later when you get a system update.

    • "cuz a bad guy could replace a real touch sensor with a compromised one, then unlock the phone with a fake fingerprint."

      No, he really couldn't. The touch id sensor is essentially a camera that takes a picture of your fingerprint. Apple has said that due to unique properties of each sensor if you change out a sensor you have to re-enroll your fingerprints. I don't know if that's because the sensor salts the image data, or if there is just minor variability between the sensors. But in any case, you can't

    • In general, if you detect that an input device has been tampered with you can save the user by disabling it, especially if you cut the power to it completely. A fingerprint sensor might have an embedded radio that phones home and sends any fingerprints that it captures to the attacker and an embedded battery to power the radio, so it's not 100% airtight.

      An output device is much more serious. Imagine if someone switched your screen for one that contains an embedded computer and an embedded radio. The screen

    • This never made a great deal of sense when you consider how not secure a fingerprint really is. Everyone is so worried about the security sensor being hacked (pain in the butt) when it is far easier to just copy a fingerprint and use the pre-existing sensor. This was never a valid security concern. Without dual-factor authentication this was never going to secure a phone.
  • by leonbev ( 111395 ) on Thursday February 18, 2016 @07:12PM (#51538569) Journal

    The Touch ID sensor died on my wife's iPhone 6S, and it prevented the iOS 9.2.1 update from installing even after doing a factory reset.

    The Apple Store couldn't fix the issue, so she got a brand new phone out of the deal. Good thing the phone was still under warranty!

  • I wonder how many complained about this and wanted this security feature removed. That are now supporting Apple's side against the FBI.

    FBI. great! we can now put our modified fingerprint sensor in that allows us into any phone.

    • by sims 2 ( 994794 )

      Nope keys don't match touch sensor is disabled and you are back to using a password like the rest of us.

  • Put two and two together -- Apple puts out an iOS update just after a court order to put a backdoor into their phones. A court order that legal experts say is valid and Apple will be found in contempt if they fail to comply.

  • The latest version of iOS is in fact 9.2.1—but it was released on 19 January 2016 [apple.com]. (Screenshot [imgur.com] for archival reference.)
    • Re:Wrong! (Score:4, Informative)

      by boarder8925 ( 714555 ) on Thursday February 18, 2016 @09:31PM (#51539181)

      All right, I'm partially wrong. iOS 9.2.1 is from Jan 2016, but Apple pushed a new build of 9.2.1 on 18 Feb 2016 to fix the Error 53 issue. The /. headline says 9.2.1 came out today, which is why I was confused.

      Also, to get the new build of 9.2.1, you apparently need to download it through iTunes, not over your iDevice's Wi-Fi connection [macrumors.com].

      • So there's a new build of 9.2.1 without any sort of a version bump at all? That's a little weird. Why isn't there a version bump so people can easily verify what they're running?

        • by dgatwood ( 11270 )

          Apple does this quite frequently when they make a minor mistake in an update, silently releasing a new build with the same version number. What this signifies is that for 99.9999% of users, there's no functional difference between the two builds, so they didn't feel the need to turn a new build number and force everyone to update over something that affects probably a single-digit number of users.

          By turning the build, they're ensuring that no new users encounter the problem going forwards, and providing

      • If it can't boot then it can't do a device-only update.

      • by dgatwood ( 11270 )

        Also, to get the new build of 9.2.1, you apparently need to download it through iTunes, not over your iDevice's Wi-Fi connection [macrumors.com].

        Supposedly (though I can't imagine why this would be the case) updating OTA to the earlier 9.2.1 build didn't cause the error to appear. So there may be no need to rev the OTA update.

        With that said, I seem to recall that over-the-air updates require additional carrier approval because they're big and they can be DLed over the cellular network (depending on the car

        • by dgatwood ( 11270 )

          Actually, I think I understand why there's a difference. The OTA updates look like they run inside iOS, similar to the way minor OS X updates work, whereas the non-OTA updates seem to involve booting a from a separate installer root like major OS X upgrades work. So if that install DMG's OS contained a bug, it would affect the non-OTA updates during the upgrade process itself, but would have no impact on OTA updates.

          That also means that you ought to have been able to get around the problem (albeit withou

  • So can someone now steal an iPhone, change the fingerprint scanner/button and "hack" into the phone?
    • by dgatwood ( 11270 )

      No more so than they could without changing the scanner. This change doesn't enable fake fingerprint scanners. It just lets you continue to use the device with a passcode as though the fingerprint scanner weren't there.

  • Apple are abhorrent scum. They are filth. Lying, dirty bastards. They wouldn't know what ethics is. They got caught, and only now begrudgingly fix the issue.
  • Will this work on phones that are already bricked?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...