Apple Facing Class Action Lawsuit Over 'Error 53' iPhone 6 Bricking

iphone6s-gold-select-2015Seattle-based law firm Pfau Cochran Vertetis Amala (PCVA) today followed through with plans to bring a class action lawsuit against Apple over the "Error 53" controversy that made headlines last week.

"Error 53" is the error code that some iPhone 6 owners have received after third-party repairs that affect Touch ID were made to their iPhones, rendering the devices unusable. As explained by iFixit, repairs made by third-party services using components not sourced from the original device cause the iPhone to fail a Touch ID validation check because the mismatched parts are unable to properly sync. Parts that can impact Touch ID include the screen, flex cable, and Home button.

When this Touch ID validation check fails during an iOS update or restore, Apple disables the iPhone, effectively "bricking" it in an effort to protect Touch ID and the related Secure Enclave that stores customer fingerprint information. Apple says that without the validation check, a malicious Touch ID sensor could be used to gain access to the Secure Enclave.

PCVA attorney Darrell Cochran, who is leading the Error 53 lawsuit, claims that Apple's security argument is invalid because affected iPhones often work fine for several months following repairs as the validation check only occurs when downloading a new version of iOS. He also cites Apple's failure to give a warning about the consequence of an update as an issue that will be featured in the lawsuit.

"No materials we've seen from Apple ever show a disclosure that your phone would self-destruct if you download new software onto a phone," Cochran said. "If Apple wants to kill your phone under any set of circumstances and for any reason, it has to make it crystal clear to its customers before the damage is done."

Compounding the problem, according to Cochran, is how disagreeable Apple's reaction to the problem has been. "The error code 53 signals the death of the phone, and Apple's response has been to say 'you have no options; it's not covered under warranty, and you have to buy a new phone.'"

PCVA is aiming to get affected iPhone customers new, working devices to "provide immediate relief" to consumers. It is also seeking upwards of $5 million in damages and an update to eliminate the repair restrictions. PCVA is asking customers who have been impacted by Error 53 to get in touch.

Aside from explaining the reasoning behind the Error 53 message and its consequences, Apple has remained quiet about the controversy. MacRumors has, however, heard from a retail source that certain Apple Stores have received the go ahead from Apple to replace third-party screens and other components to resolve the issue. It is not yet clear if this replacement policy will be extended to all Apple Stores or if Apple will make an official comment on the situation.

Related Forum: iPhone

Top Rated Comments

Markoth Avatar
106 months ago
So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?
Score: 42 Votes (Like | Disagree)
Muzzakus Avatar
106 months ago
Totally justified lawsuit. There is absolutely no reason to brick the phone for an optional feature such as touchid. Invalidate the fingerprints and allow the user to continue using the phone via the regular pin.
Score: 34 Votes (Like | Disagree)
springsup Avatar
106 months ago
There is so much misinformation about this, I'm going to repost the technical explanation I gave in the other thread:

The API hides a lot of the implementation details, so most developers won't know how it really works, but Apple document it in their iOS Security Guide (PDF) ('https://www.apple.com/business/docs/iOS_Security_Guide.pdf').

When you boot your iPhone up, the filesystem is encrypted. It's just full of meaningless junk; you can't use the phone. Once you enter your passcode for the first time, the system reads the filesystem key (which itself is stored encrypted by your passcode), and tries to decrypt it. If your passcode is correct, it will end up with the correct filesystem key, and it can unlock your iPhone's hard drive and read useful data from it. This filesystem key is called "NSFileProtectionComplete".

(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode and the device UID.
... when a passcode is entered, the NSFileProtectionComplete key is loaded from the system keybag and unwrapped.
IMPORTANT: At this point your phone is unlocked. That is all there is to it. This filesystem key gets placed in the Secure Enclave so your iPhone can read/write from its hard drive. We haven't used TouchID or fingerprints so far, just a passcode. This is why you always need to give your passcode after a restart.

So how does TouchID work, exactly?

Let's look at what happens when you lock the phone, and how it's different between TouchID and non-TouchID:

If Touch ID is turned off, when a device locks, the keys for Data Protection class Complete, which are held in the Secure Enclave, are discarded. The files and keychain items in that class are inaccessible until the user unlocks the device by entering his or her passcode.

With Touch ID turned on, the keys are not discarded when the device locks; instead, they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s fingerprint, it provides the key for unwrapping the Data Protection keys, and the device is unlocked.
So basically if you have TouchID disabled (passcode only), this key gets thrown away and you need to enter the passcode again next time you unlock. It's the exact same process as you go through on first-boot.

What Apple is saying here is that TouchID just holds on to the key which you already obtained via your passcode for a while (48 hours if the device stays on). But is TouchID really completely optional? Let's ask Apple:

When Touch ID scans and recognizes an enrolled fingerprint, the device unlocks without asking for the device passcode. The passcode can always be used instead of Touch ID
Okay, I guess that settles it.

What about other stuff like iTunes/ApplePay purchases? How does that work with TouchID?

Touch ID can also be configured to approve purchases from the iTunes Store, the
App Store, and the iBooks Store, so users don’t have to enter an Apple ID password. When they choose to authorize a purchase, authentication tokens are exchanged between the device and the store. The token and cryptographic nonce are held in the Secure Enclave. The nonce is signed with a Secure Enclave key shared by all devices and the iTunes Store.
So when you enter your iTunes Store password the first time after a reboot, your device gets a temporary token to use for purchases, stores it in the Secure Enclave, and guards it behind TouchID. Again, it's totally optional; just a shortcut for entering your password.

The same applies to Apple Pay:

The Secure Element will only allow a payment to be made after it receives authorization from the Secure Enclave, confirming the user has authenticated with Touch ID or the device passcode. Touch ID is the default method if available but the passcode can be used at any time instead of Touch ID. A passcode is automatically offered after three unsuccessful attempts to match a fingerprint and after five unsuccessful attempts, the passcode is required. A passcode is also required when Touch ID is not configured or not enabled for Apple Pay.
Man, Apple is really going to regret writing this document...

So yeah, in conclusion:

1. it is totally technically possible to rip the TouchID sensor out of your phone and still be able to unlock it (assuming you have the passcode).
2. TouchID does not seem to be essential for any single feature of the device; it is only ever a shortcut for entering the passwords you have already recently entered in to the phone.
3. It's really weird that Apple only check the TouchID sensor's integrity when they update the OS. Surely they should check that on every boot?

So what did Apple do wrong?

1. Apple should have communicated better (not when performing the update, but when buying the device!) that the TouchID sensor can only be replaced by an authorised technician.
2. If the TouchID sensor is compromised, they should fall-back to the passcode. As I said, the passcode is the only thing you really need to unlock the device.

Law firms? I just did all of your investigation work for you. Feel free to cut me a cheque.

EDIT: Rewritten for greater clarity for non-technical folks.
EDIT2: My personal feeling is that this is a bug -- I mean, what if the legit sensor developed a hardware fault? You don't want the machine to just lock all access. I think Apple did intend to fall-back to the passcode if the TouchID sensor, but unfortunately this is a catastrophic bug: even if Apple fix it, once you're locked out of the phone you can't update to get the fix. They should release a software update ASAP and repair any affected phones for free.
Score: 34 Votes (Like | Disagree)
ToroidalZeus Avatar
106 months ago
Seems like they have legit case.

So... They made third-party repairs, which annulled their warranty, and bricked their phone and now they're suing? Why does Apple owe them anything, exactly? Didn't they agree to Apple's terms when they purchased the device?
There is a lot of misinformation on this subject. The "brick" happens when someone replaces the TouchID sensor--with a GENUINE OR 3rd party part. Apple is most likely within their right to disable TouchID when they detect a mismatched sensor as it's a security risk. However bricking the device and not giving any warning is probably going too far.
Score: 30 Votes (Like | Disagree)
lampwins Avatar
106 months ago
It amazes me how little people actually care about their security (and do not confuse security with privacy here). Apple is trying to protect its users, but they are too stupid to realize.

But on the other hand, Availability is a part of the CIA triad so bricking the phone does violate this premise.

However, Apple is doing this because a piece of hardware inserted between the Touch-ID Sensor and the Secure Enclave could in theory either intercept scans or access the enclave.

They are doing this to protect you, not as a "screw you for trying to fix your own phone." People will always see what they want to see though, I suppose.
Score: 29 Votes (Like | Disagree)
goobot Avatar
106 months ago
I agree that their Touch ID should be disabled, but is there some reason that's not possible?

If they got a message saying "Touch ID disabled" I'd say these people have no case.

But as it is, isn't this like making your iMac refuse to boot because you broke the DVD drive?
It's more like a car not starting because you tried a cheap knockoff key.
Score: 21 Votes (Like | Disagree)

Popular Stories

iPhone 16 Camera Lozenge 2 Perspective Gray

Five Key Upgrades Coming to iPhone 16

Friday March 15, 2024 1:45 pm PDT by
The iPhone is Apple's top-selling product, and it gets an update every year. In 2024, we're expecting the iPhone 16 and iPhone 16 Pro lineup, with an arguably more interesting feature set than we got with the iPhone 15 and iPhone 15 Pro. Subscribe to the MacRumors YouTube channel for more videos. Capture Button All four iPhone 16 models are set to get a whole new button, which will be...
When To Expect New iPads Feature 1

Apple to Announce New iPads on March 26, Rumors Claim

Monday March 18, 2024 4:02 am PDT by
Apple is widely expected to release new iPad Air and OLED iPad Pro models in the next few weeks. According to new rumors coming out of Asia, the company will announce its new iPads on Tuesday, March 26. Chinese leaker Instant Digital on Weibo this morning 日发布%23">claimed that the date will see some sort of announcement from Apple related to new iPads, but stopped short of calling it an...
airpods 3 orange

Two New AirPods 4 Models Expected to Launch in September or October

Sunday March 17, 2024 7:56 am PDT by
Apple suppliers will begin production of two new fourth-generation AirPods models in May, according to Bloomberg's Mark Gurman. Based on this production timeframe, he expects the headphones to be released in September or October. Gurman expects both fourth-generation AirPods models to feature a new design with better fit, improved sound quality, and an updated charging case with a USB-C...
iphone se 4 modified flag edges

iPhone SE 4 Expected to Depreciate Heavily

Tuesday March 12, 2024 9:04 am PDT by
Resale value trends suggest the iPhone SE 4 may not hold its value as well as Apple's flagship models, according to SellCell. According to the report, Apple's iPhone SE models have historically depreciated much more rapidly than the company's more premium offerings. The third-generation iPhone SE, which launched in March 2022, experienced a significant drop in resale value, losing 42.6%...
iOS 17 Passkey With Apple ACCOUNT Feature

'Apple ID' Expected to Change to 'Apple Account' Starting With iOS 18

Sunday March 17, 2024 7:13 am PDT by
MacRumors was first to report that Apple was planning to rebrand "Apple ID" to "Apple Account" across its software platforms and websites like iCloud.com as early as this year, and now Bloomberg's Mark Gurman has corroborated this change. A mockup of the new Apple Account branding In his Power On newsletter today, Gurman said the new "Apple Account" branding will start to be used later this...
General iOS 17 Feature Orange Purple

iOS 17.4.1 Update for iPhone is Imminent

Monday March 18, 2024 5:27 am PDT by
iOS 17.4.1 and iPadOS 17.4.1 should be released within the next few days, with a build number of 21E235, according to a source with a proven track record. MacRumors previously reported that Apple was internally testing iOS 17.4.1. As a minor update for the iPhone, it will likely address software bugs and/or security vulnerabilities. It is unclear if the update will include any other changes. ...