Error 53: Apple remotely bricks phones to punish customers for getting independent repairs

Iphone 6s that have been repaired by independent service centers are bricking themselves, seemingly permanently, with a cryptic message about "Error 53."

After much stonewalling silence, Apple has confirmed that Error 53 is invoked when the phone determines that it has been serviced by non-Apple personnel, and there is apparently no way to reverse the process. An Error 53'd phone is rendered permanently useless -- and the data on it is permanently inaccessible.

According to an Apple spokesperson, Error 53 is an anti-tampering measure designed to protect the integrity of the phone's biometric security system. The lockout is designed to protect users from trusting doctored fingerprint readers that might allow unauthorized access to their phones.

But the phones that Apple is remote-killing haven't been doctored: they've been fixed. There are many independent service centers for Apple's products where you can get your phone fixed more cheaply than the official rate. Independent service centers also thrive in places where there are no Apple service centers at all.

The debate over tamper-resistance and user security is at least as old at the idea of Trusted Computing. Back in 2002, Seth Schoen argued that the tension between user freedom and user protection could be solved with "owner override" -- a set of tamper-evident mechanisms by which a user can tell a computer that they approve of the modifications that the computer has detected.

Apple could certainly institute such a procedure, but they have chosen not to. Instead, Iphone customers are finding that their investments and data are being confiscated by a distant, high-handed corporation that gets to hide behind tens of thousands of words' worth of never-read, all-encompassing terms of service.

Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.

When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.

‘Error 53’ fury mounts as Apple software update threatens to kill your iPhone 6 [Miles Brignall/The Guardian]

(Image: W. Foster Brick, Nottsexminer, CC-BY-SA)

Notable Replies

  1. "He had to pay £270 for a replacement and is furious."
    But not so furious that he switched to an Android phone.

  2. What is all this "extract biometric data" nonsense? If I want to "extract biometric data" from your iPhone all I have to do is dust it for finger prints.

    If the finger print scanner repair isn't trusted then Apple could just, you know, not trust the finger print scanner any more, not brick the entire phone. iPhones have PIN screens.

  3. Except that here in reality, it doesn't work that way. The fingerprint reader is a gimmick to con those who know nothing about security.

    Within 24 hours of the release of the iPhone 5S, people were demonstrating how to use a smudged fingerprint from the phone screen to fool the sensor.

    You can already use commercial software to read someone's fingerprints as they walk past. You can expect such readers in public places just like now-common road-side licence plate readers. The Chaos Computer Club recently demonstrated it, reading the fingerprints of the German defence minister.

    This follows an incident in 2008 when the German Minister of the Interior called for increased use of biometrics. The Chaos Computer Club responded by lifting his fingerprint off a glass and using a silicon printing process to produce a high-quality ridged output that could fool over 20 different types of biometric readers. And then they distributed thousands of copies with their magazine.

    Good luck changing that "password." (Think about that.)

    You can refuse to tell your password to police, border patrol, or anyone else. With a fingerprint reader they simply force your hand onto the reader. But then of course they'll likely have the authority to fingerprint you regardless.

  4. The problem here, I think, is not the feature, it's that the secrecy around it turned it into a misfeature.

    If they'd advertised "physical tamper resistance" among the selling points

    If they included a warning in the package "tamper resistance feature means that work by non-Apple authorized repair services may be mistaken for tampering attempts, and lead to the phone being disabled"

    Then it would be purely a feature. Maybe a feature some customers don't want, but can make an informed choice about. But by concealing the feature prior to sales, and only even revealing it after being repeatedly pressured over it - Apple turned what could have been a feature, into a landmine.

  5. The issue arises with home button repairs, not screen repairs.

    The headline is incorrect in two senses:

    First in misleadingly claiming that Apple is remotely bricking phones (which is inaccurate).

    Secondly in conspiratorially claiming that Apple's punishing customers which there's no evidence for. It's a crap outcome for customers, but knowing how Apple operates I'd chalk this one up to incompetence/typical poor internal communications rather than malevolence, since, yes, I would assume that the engineers involved with locking down the biometric/cardholder data never realized that customers might have third party repairs of the home button (or they assumed third party repairs would be fine). Those sorts of engineers I've know always assumed that all customers are software/hardware engineers working for tech companies in CA until told otherwise, and have no understanding of larger scale operations or service/support unless that's part of their job. The kind of fantasies of internal machinations to punish customers for using third party service providers are yours and Cory's paranoid delusions. Feel free to disagree, I would not like to sign up for your newsletter, and I'm afraid I can't care about your opinions about biometrics.

Continue the discussion bbs.boingboing.net

249 more replies

Participants