“Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician.”
They further investigated and found that the issue affects iPhones “where the home button, which has touch ID fingerprint recognition built-in, has been repaired by a ‘non-official’ company or individual.”
So does Apple have it in for customers who have the temerity to get their iPhones repaired by a third party or is something more going on? Let’s have a look.
Touch ID: The Apparent Cause
Almost every report of Error 53 is tied to the Home Button, or rather, to the Touch ID sensor contained within it. People are encountering the problem when they have the Home Button replaced by a third-party or it’s badly damaged. So what about Touch ID is causing the problem?
Apple is basically the insecure boyfriend of tech. Self-destroying their phones if you even talk to another phone repair company. #Error53
— Ben Powless (@BenPowless) February 6, 2016
Touch ID was originally introduced with the iPhone 5s and from the start has been quite controversial. When you set Touch ID up on a new iPhone, it records a compressed version of your fingerprint. This compressed version is basically a unique hash that encodes the characteristics of your fingerprint that make it unique to you. This hash is stored in a special part of the iPhone’s processor that Apple calls the Security Enclave. All the information is kept on the phone rather than being uploaded to iCloud or any of Apple’s other servers.
Umm, people do realize that if you allowed the TouchID to get replaced, you could hack the phone, right? It's a security feature. #Error53
— Hampton on Hampton (@hcatlin) February 6, 2016
Whenever you use Touch ID the process is repeated. Your fingerprint is reanalysed and if the resulting hash matches the one stored in the iPhone’s Security Enclave the phone is unlocked, the Apple Pay payment is processed, or the app you wanted is purchased. If it doesn’t, then whatever you were trying to do is stopped. Keeping your iPhone secure from fingerprint attacks, like the ones the Verge claims can affect Android phones with fingerprint sensors, is entirely dependent on ensuring that Touch ID and the Secure Enclave is never tampered with. This is where Error 53 comes in.
Third Party Tampering
One type of potential attack would involve replacing the Touch ID sensor with a compromised version. There is no reason to believe this has happened yet but it is a potential vector and one Apple is aware of. For this reason, when you upgrade your iPhone to a new version of iOS, it checks to make sure that Touch ID hasn’t been tampered with. If it has, then Error 53 triggers and your phone is locked. For an even more secure system, Apple should arguably be checking the components even more often than they do.
Statement from Apple on “Error 53” failed security checks/component mismatches. (Full article coming soon!) pic.twitter.com/ZKOtyu1whh
— Rene Ritchie (@reneritchie) February 5, 2016
The issue then, is not so much that Apple is blocking third-party repairs, but that third-party repairs are triggering the error. There are many iPhone repairs you can even do yourself as long as you are careful. According to Kyle Wiens from iFixit, the problem occurs when the Home Button or the cable connecting it to the motherboard is replaced. As long as you don’t interfere with either of these components, the majority of repairs should still be possible.
What Can You Do?
First, if your iPhone has Error 53, Apple recommends contacting their support team. What happens next depends largely on your exact circumstances. The age of your phone, state of your warranty, insurance, and exact problem will all play a role. Given the furore that has surrounded the situation, Apple may make more allowances than they otherwise would have.
Apple doesn’t want people messing with the hardware chain tied directly to their highly secure TouchID/Apple Pay system…
— Greg Koenig (@gak_pdx) February 6, 2016
Second, for the time being it seems safest to get any repairs to the Home Button or Touch ID set up done by an authorised repair centre. Even if it costs more initially, the cost of replacing your iPhone if the error is triggered could be far higher.
Third, if you’re going to repair your iPhone yourself, make sure you buy your components from a reputable site like iFixit. There are some reports of faulty screens also causing the component check to fail.
Honestly, Apple wanting ironclad security around TouchID seems pretty understandable (3rd party repair introduces a huge unknown) #error53
— John Kneeland (@SirKneeland) February 5, 2016
And lastly, the whole situation is a reminder to keep your iPhone backed up. If you don’t already have a backup setup, we’ve got an entire article that will walk you through setting one up. With services like iCloud Backup, there is no excuse for losing more than a day or two’s worth of text messages if your phone dies. Although Error 53 appears to be a particularly annoying issue, you should always make sure you are protected against data loss.
The Error 53 situation seems to be a giant mess. Information security is always about threading the line between keeping unwanted users from accessing your device without inconveniencing legitimate users too much. That’s why experts recommend people use strong unique passwords but so few people actually do; remembering a long password is more effort than many people are willing to make.
It would appear that in this case Apple has their users’s best interests at heart. Error 53 is a security feature that’s being triggered by what the company sees as a legitimate concern. Given the number of complaints from customers, however, it seems that Apple may have strayed too far across the line and has started inconveniencing their legitimate users.
With all the uproar surrounding things, I wouldn’t be surprised to see Apple rethink how this exact security mechanism is implemented.
Has Apple gone too far or are the media overreacting to a legitimate (if annoying) security feature? Let us know in the comments below.