Over the last few days a significant issue has been exposed. It seems that iPhones that have been exposed to two conditions are becoming ‘bricked’ – or rendered completely unresponsive and unrecoverable.
The two conditions that can create the Error 53 issue are running recent versions of iOS and the Touch ID sensor being ‘tampered’ with in some way.
I use the word ‘tamper’ with some reservations. In all the cases I’ve been able to read about, the affected party’s iPhone has suffered some type of damage and been repaired by an unauthorised repairer. You’ve all seen these repairers, most likely in a local shopping centre in a kiosk or small store offering replacement screens.
When the screen is replaced, the button on the front face of the iPhone is disassembled or, in some cases, replaced.
According to Kyle Wiens, head of electronics-repair site iFixit.com, independent repairers sometimes replace the fingerprint sensor or its small cable when repairing broken screens or home buttons on iPhones.
Apple says this is a protective measure to ensure the integrity of the iPhone’s security is maintained. But for users who don’t have access to Authorised Apple Repairers this a big problem.
The Guardian reports that a freelance photographer struck the error while on assignment in the Balkans and needed his phone urgently repaired. Then, when his phone received a later iOS update, he struck the Error 53 message and found his phone unusable.
Two sides to the argument
Those who believe Apple is acting poorly say we ought to have the right to choose repair services and not have our devices bricked though the actions of a repair service. Especially when authorised repairers aren’t easily found. We’re spoiled here in Australia where we have several Apple Stores and a number of independent authorised repair services.
Also, Apple’s repair services are quite expensive relative to smaller operators.
Then there’s the issue of information. Until this issue hit the news, I’m not sure there was anyone outside Apple who knew this could happen when having an iPhone or iPad with a Touch ID sensor repaired.
In other words, access to authorised repairers can be challenging, Apple’s costs are much higher and no one knew this risk when using a third party repair service.
Apple’s argument is simple. The Touch ID sensor (and the other hardware and software it works with) are part of a complex security system. If someone switches out a part, it could be possible to compromise the system.
It’s important to understand that the issue isn’t likely to be a rogue repairer installing dodgy sensors. The bigger risk comes from a tainted supply chain that pushes thousands of tainted sensors into the market.
As far as I’ve read, none of the commentators on this issue have remembered that Apple is now a major player in the payments business and the Touch ID sensor, Secure Element chip and their software are a tightly controlled system.
Compromising any part of that system would result in a major problem for Apple – far bigger that today’s anger over Error 53.
Apple is at fault – but not how you expect
Apple has made a misstep with the Error 53 incident.
Apple’s mistake is a lack of clear communication early on.
If Apple had stated clearly that repairs that ‘tamper’ with the Touch ID system in any way could result in the iPhone or iPad being bricked then, I suspect, there would have less outrage. Sure, people would be disgruntled, but they would be able to make informed decisions when choosing repair services.
At the moment, Apple seems to be in a defensive mode with this issue.
I think that’s a mistake.
I spend a lot of time covering information security for some other publications. And I’ve spoken to a lot of people on both sides of the security fence – those in the protection business and those connected to the other side.
Here’s what I hear. Apple’s systems are not unbreakable. It’s possible as we saw with the recent XcodeGhost hack for Apple’s supply chain to be tainted. Malware was injected into pirated versions of X-Code and used to create infected iOS apps that were distributed through the App Store in some parts of the world.
However, the bad guys see other mobile platforms, particularly Android, as a better target as it has massive market penetration and is far more open.
Apple ought to be standing up with this issue and using it as an example of how it is protecting your personal data – in particular your credit card and payments information.