Apple's iPhone 'Error 53' Is A Security Feature, Not A Bug

Apple Confirms That If You Mess With Your Home Button It Will Brick Your Phone

Earlier today the Guardian reported on mounting "fury" over a mysterious "Error 53" appearing on iPhones repaired by unauthorised repair providers. The report includes a quote from an unnamed "specialist" journalist (whatever the hell that is) who claimed that Error 53 will "will kill your iPhone". But let's roll that back a little, because Error 53 isn't doing the bricking. It's a symptom of the bricking, and that bricking is actually a security feature working as intended by Apple.

The Touch ID sensor is uniquely tied to the iOS device so that a thief couldn't do something like snag your phone, replace the sensor and then have access to all the credit cards you've linked to Apple Pay.

iOS device repair companies like iCracked are well aware of this feature and will actually manually move the Touch ID sensor from the broken glass face plate to the new face plate to make sure the phone stays functional.

Apple confirmed to Gizmodo that this is a feature and not a mystery error punishing you for using an unauthorised repair provider.

From Apple:

We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers. iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device's other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support.

The best bet to keep your own iPhone safe? Make sure the guy fixing it actually knows what the hell they're doing.

[The Guardian]


Comments

    So if your touchID faceplate ever breaks make sure your chosen repair place knows about Error 53 - If they obviously don't then walk away right there and go somewhere else - preferably to an authorized repairer who would have been given the proper procedures to prevent this error

      Go directly to Apple is what they clearly want.

        ^ this. Your fingerprint and data are stored on the phone, its just the sensor used to read your fingerprint.

        Literally the only reason for this is to use "apple" suppliers or apple directly. Giving them free control over pricing and ensuring its going to garner them more money.

        I camy believe the article even reports it as a "feature". If Microsoft did this they would be getting a slap.

          Literally? The article mentions at least one other reason why it works the way it does.

          Literally the only reason for this is to use "apple" suppliers or apple directly. Giving them free control over pricing and ensuring its going to garner them more money.
          Actually, the problem literally comes when a repairer literally uses a literally Apple-sourced face-plate, with a literally Apple-sourced finger-print scanner, but doesn't use the phones original fingerprint scanner. Literally.

          It's a security design, and in fact, Samsung has copped flack from for not being as secure:
          http://www.gizmodo.com.au/2014/04/samsung-galaxy-s5s-fingerprint-scanner-can-be-duped-by-lifted-prints/
          http://www.gizmodo.com.au/2015/04/samsungs-galaxy-s5-could-have-leaked-your-fingerprints-to-hackers/

          Actually no, the fingerprint can not be stored on the phone as that is an invasion of privacy and under our law and the US not allowed.
          The fingerprint is not stored anywhere, the reader when registering creates a mathematical representation of your unique fingerprint and stores that in the reader within a self contained firewalled system that is not accessible by the phone or anything else.
          When you swipe your finger the reader matches the print and creates a mathematical value, this is matched against the value stored and all of this happens within the reader, the reader sends a yes or no to the phone (putting it simply) and then you are logged on or denied.
          If you read the story it says that you could replace the reader with one that has your fingerprint on it, it sends the ok and the phone unlocks. This is the reason why Apple won't allow any other reader apart from the one registered.
          Microsoft does exactly the same thing with their devices as will Google so just because it is being reported don't think this does not exist elsewhere. This is not unique to Apple and you should applaud them for doing the right thing. The story even says approved repairers are informed of this.

            It is stored on the phone on a separate secure chip. This can be found when you setup touch ID and then perform a factory reset the touch ID is still present because it is stored securly on a separate chipset to avoid software corruption and other services trying to use its data with out an auth.

            Applications don't actually ever see the print though they operate like an RSA token.

        The nearest Apple Store is 1500kms in a straight line from where I live.

          Choosing to live in an uncivilised place is your problem.

            This uncivilised place propped up the entire Australian economy during the GFC. Someone has to do the work that city slickers don't want to do. You know they types of work where there are things other that desks, computer screens, parker pens and, group photo's taken at the latest team motivation building seminar in a conference room?

            So the sign of civilisation is convenient access to an apple store? I think someone needs to get out more, and probably stop hiding being gist accounts as well.

            I think this was a Tony Abbot joke guys..

          Post?

            Possibly, but I don't have a spare iPhone laying around the house. I use it for work and personal use therefore purchasing a cheap ass Australia Post sold model while it is down in Perth for a week or so isn't being realistic.

            Post?
            Negative, you cannot legally post an iphone as you cannot take the Lithium battery out, and they are classed as a dangerous good. You would have to find a courier company that deals with battery-equipped devices.
            That said, you could always take it to local phone stores or the place of purchase and see if they can assist - or, like a few people recently, you can come on Gizmodo and complain that Apple haven't opened a store near where you reside, like it's some problem only Apple users have.

            Again, this particular issue is designed to prevent someone obtaining a phone with credit card information stored in a secure chip, and then bypassing security to access it. It was actually something pretty well covered by tech sites when apple pay first came out, and people where bitching that it wouldn't be secure.

              I thought Lithium batteries is only an issue with air post not road?
              Well if its going 1500kms it's probably by air

              edit: Yeah place of purchase is required to help you.

              Last edited 08/02/16 1:12 pm

          How's life on Manus Island?

            Being raped and molested by Australian Government employed security guards isn't as bad as you'd think.

            Last edited 07/02/16 12:28 pm

          Easy, get a 1500km range rocket-drone (fast long range UA) and "fly" the phone at/to the store.
          (or don't they do autonomous deliveries yet? loosers.)

          Make sure you allow for the earth's rotation and TOF, run a few sims first.

          Just make sure they post/FedEx/DHL/etc. it back to avoid another bricked phone on delivery.

    This does sound like anti competitive behaviour masked as a security features.

    Come on guys - it's a straight forward security feature. If Apple wasn't doing their best to protect your private information and your bank details you'd be all up in arms. It sounds like they just can't win. I guess that's what happens when the majority of their customers buy an iPhone because it is trendy rather than because they know Apple takes security seriously. Time to take the tin foil hats off and actually thank Apple for doing the right thing by you with their security.

    This has been known for years. Swapping out the home button is pretty straight forward process and only adds a few minutes to a screen repair. It was explained to me that the sensor is tied to the phone for security purposes and as with good security measures, things have to be a certain way, which considering how much effort Apple have put into ensuring the iPhone is a secure product (app store aside) is not surprising. Imagine if they didn't do this, you would have 3rd party fingerprint sensors that have some onboard storage to pick up your fingerprint and transmit it back to whomever. By doing this they ensure man in the middle attacks such as that much more implausible.

    Is it an annoyance? Sure. Also means if the sensor gets damaged you will need to get it repaired by Apple/certified, but for the 99.8% of iphone users out there, this is a non issue. Take credence to the buyer beware motif when selecting someone to repair your phone, try to go somewhere reputable or rather non the guy on facebag who does it for a carton of beer using cheap chinese import screens.

    FYI - I'm not Apple certified, and I don't fix phones for a living. But during my job I've had to replace my fair share of screens for people not to mention friends and family who think just because I work in IT, I must repair devices as well. It is certainly not something I would do for people off the street.

    Just one question: If this was an obviously necessary security feature foresaw by the all knowing Apple from the beginning... Why did this error only start coming up when you installed the latest update? Does this mean that this "critical security feature" has been broken till now?

      No, what previously happened was that Touch ID and fingerprint recognition would just not work at all :)

    "The best bet to keep your own iPhone safe? Make sure the guy fixing it actually knows what the hell they’re doing."
    Silly article. This problem apparently only showed up after the last update, before that it wasn't an issue and that is when all the phones with the problem were fixed. SO people were supposed to retrospectively know there was an issue?
    Also, phones that were just slightly damaged by a drop but not enough to warrant repair were also affected.

    This is not a feature, it's an absolutely terrible design flaw.
    Apple is great, but it is the job of tech press to call companies out on their failures, not wallpaper over them

      The error appears to be introduced after the last update. Prior to this update as Campbell has stated above, TouchId simply did not work. You could not turn it on in settings unless the original touchId sensor was connected.

      How do I know this? By actually doing it. Replacing the screen of a friends iPhone 5s and using the button that came with the screen, noticed straight away touchid did not work. Quick google search told me the TouchId sensor itself is linked to the phone to ensure the secure enclave (where all your biometric data is kept) is as secure as can be by design. A quick change over of the TouchId sensor and boom, TouchId functionality had returned.

      I suggest you read up on TouchId and how it is implemented, from a security standpoint, it is top notch. Part of that is linking the two parts of the system together so neither can be tampered with.
      Steve Gibson did a fantastic breakdown of the security in the iPhone with respective to TouchId and the secure enclave. You can find that over at GRC.com

      If you want security features that arent really secure, I'm sure you can use your fingerprint reader from your late 2000's laptop to save your Windows password to a clear text file.

        Security is irrelevant if it has a large chance of destroying what it protects.

Join the discussion!

Trending Stories Right Now