Error 53: Apple remotely bricks phones to punish customers for getting independent repairs

Well, best practices say you should change your fingerprints every 90 days - be sure to use at least one non-standard whirl…

That. Would. Be
Awesome

iPhone SE (Squid Edition)

I’m not saying the design is what a reasonable non security person would expect, but given how much of a pain apple makes it to get into their handsets, I believe they see it as all one device that you aren’t allowed to tamper. Shit, they were replacing scews on Old phones with new slots, to prevent you the owner from opening it.

Lastly, and I think you’ll agree–if an hsm is physically compromised, even if it doesn’t brick itself you’re giving Thales a call for a new device.

OK, then I’m out for the weekend. This is my anti-theft-tag dissection story:

The little flattened white box ones I never figured out, despite dissecting dozens of the things. They have a folded up piece of what looks like 1/4" chromium oxide recording tape in them. I could look it up, I suppose, but that’d be cheating. Don’t tell me.

The totally flat ones that are laminated into tags and stickers are composed of two linked metal foil antennae. On either side of the doorway leading out of the store are a couple of pylons. One of the pylons broadcasts RF energy which is picked up by one of the two antennae in the tag; this energizes the other linked antenna, which is of a different length and thickness so it sends the energy back out in a different wavelength. The other pylon is a receiver calibrated to detect the rebroadcast energy. The link between the two foil antennae in the tag is very very very fine - like a hair - so the cashier can hit it with a very powerful burst of energy at very short range and burn it out, so it won’t work any more. In some, more elaborate tags, there is a little bit of circuitry in between the two antennae, so it can be programmed with product id information (aka RFID) but the simplest cheapest ones are just a very elegantly designed layer of tinfoil. I was proud of figuring this out, but really it’s pretty simple.

There are variations on all these schemes that use hard plastic tokens instead of stickers, and they are spiked onto textiles that won’t hold a sticker, like fuzzy skirts and fur coats. The spikes are held in various clever ways, involving spring steel and magnets, so they can be removed by cashiers and reused. Sometimes you find one on something you’ve bought after you get home, because they don’t always work, probably due to failed or unplugged pylons. I brute forced a couple of those off after they’d been left on clothing by unobservant cashiers and figured out the attachment methods.

So a young lady of my acquaintance bought a coat and when she got home and it had a big ol’ spike token on it. Looked kind of like a battered white plastic mushroom! I thought, this thing must be older than dirt, it’s so big and scarred, it’s probably really interesting. Messing about with magnetic coils and shims didn’t get it off, so I forced it. Well, the reason it was so big was so that it could hold a remarkably large quantity of bright blue permanent ink under pressure, and forcing the spike broke the containment… ruining the coat and splashing my hands and forearms and randomly speckling my face with stuff that smelled worse than diesel. The coat was returnable - since the store had booby-trapped it by not removing the ink bomb before it went off - but I had to tell this story to people for at least a month before I wore enough skin off that it wasn’t instantly noticeable. Luckily it was purplish blue, so when I got tired telling the truth I’d tell people it was woad, and that I was “celebrating my cultural heritage.”

Actually that’s exactly what you expect when your phone gets stolen, and you remote-wipe it. That makes your personal data inaccessible to muggers, and bricking (not just erasing) the whole phone means that iPhones are increasingly worthless to thieves.

An “opt-in” model would mean that iPhone theft would thrive, and most theft victims would end up thinking “dang, I wish I’d opted in”, as many (including me) did when Touch ID wasn’t available and they didn’t bother with a passcode as it’s so cumbersome.

As for lifting the user’s fingerprints from the glass and making a fake fingertip that will fool the Touch ID sensor (and not just any old FTIR fingerprint reader)? I don’t know. Perhaps the CIA could manage that, so yeah, if you’re Jason Bourne, don’t count on Touch ID. But if you’re a normal person, and your concern is having your phone stolen, well, I strongly doubt that a fence can or would go to such lengths, much less crack the passcode required to reassign it to someone else’s fingerprints. It’s highly effective at its job, which is to render petty theft futile, whether or not the original owner was a paranoid security wonk.

This error 53 business is clearly a fuckup on Apple’s part, but to be clear, the fuckup is that the phones didn’t brick themselves as soon as the secure subsystem was tampered with. The idea that they’re punishing their customers, or would have allowed this to happen if they’d foreseen it, is just plain infantile. Do adult humans seriously believe that Apple makes money that way? They sell 34,000 iPhones an hour, they’re not sweating about whether a handful of people are cheating them out of $100 on a repair job.

I’ve also seen it said the phones with the worst security are rooted Android units. I find that some what one sided. Sure a rooted phone has the ability for any program to run in an elevated state, but that cuts both ways. I remember back when Windows XP became the mainstream Windows OS and rootkits where in big swing. Ever seen a rootkit try and work on a FAT32 install of XP? With any level of anti-virus software it gets wiped out instantly. It can’t use the OS to hide from the other programs, there are no alternate data streams or security settings for FAT32…it’s just files. Similar things go for a rooted Android system. I like being able to see everything because if you can’t how do YOU know if something is wrong?

And Apple iPhone customers who are treated just like thieves.

That’s… Not entirely true… (Derail time!)

The last versions of zeus and variants used a combination of in memory hooks without touching the filesystem, except on boot and shutdown. They didnt even need ads streams. This worked surprisingly well for a number of reasons–machines are generally not hard-killed, so it would always write back to the fs when winlogon was terminated. And since it patched (I seem to recall) exports you could fool almost any user/kernel based scan.

A solution we came up with at sana security was to use what was called an early boot driver, we called it the early hammer (ebhammer.sys). You could insist on the order of drivers loading, so on a clean machine we had a fighting chance. But on a preinfected machine? Yeah, grab your OS install discs.

Rootkit.com was a fun place for awhile, till they got fucking pwned.

Edit

Hay, memory lane! It’s me!

Being on TV was fun

Edit

I said ADS streams. What, did I fail my SAT test? I’m gonna head down to the ATM machine.

This had NOTHING to do with stolen phones and thieves. Bricking the phone months after a repair does NOTHING to prevent theft.

Nor does it explain the lack of warning when the pretend-security fingerprint readers were first added to iPhones. Nor the lack of warning when they pushed out the update that would brick the phones.

And if they somehow didn’t predict that it would happen, it doesn’t explain why they haven’t stopped pushing the update once the problem became apparent - as they’ve done with other updates in the past. It doesn’t explain why they don’t fix or replace phones bricked because of their own screw-up.

That the phone is a brick when its security hardware is swapped out is exactly what prevents theft.

Again, the mistake is that this didn’t happen as soon as the hardware changes were made.

It doesn’t explain why they don’t fix or replace phones bricked because of their own screw-up.

The guy in the Guardian clickbait article got his phone replaced by apple for £270, which is less than half the retail price of a new phone, when no one is disputing that his warranty had been voided by the previous repair.

Aha! Have I got a song just for you!

(derailing the derail?)

Y’all are worse than the RBF commentators.

EXCEPT that isn’t what is happening at all. If your iPhone gets stolen and you remote lock your device it doesn’t brick it. This isn’t bricking for security reasons, this ONLY bricks if you get your phone serviced by an unauthorized (not paying apple tons of money) repair shop and the phone detects a new part installed. The thieves aren’t going to be swapping out parts in your phone, they are going to get your data which they still can do, and wipe and resell the phone which they still can do. This doesn’t protect the consumer in any way, nor has there been much effort to change the holes that would protect the consumer. The effort is all being put into ensuring that only paired certified apple parts are used. The sensor isn’t what even does the authorization, replacing the sensor doesn’t in any way compromise the security no matter what data the sensor sends it still has to match the stored data.

The pieces that it is checking are not necessary to tamper with to get access to the phone.

People can fool themselves all day long that apple has done this for their protection, but those people aren’t understanding what is being done and why. This was only done and only serves to strong arm huge fees and a percentage from repair shops to become certified apple repair shops. The real kicker is they have limitations on the number of certified repair shops within a certain radius, so many shops can’t even get into the program.

F*cking the customer gets them angry at the non apple shops and is anti-consumer and anti-competitive, and just the sort of bullshit that apple has been pulling lately. I miss Steve.

Yes, most the industry experts who have analyzed this say it isn’t to protect the device from thieves and hackers but rather enforce apple only repair. So the smart adults do.

you don’t need to swap it out to resell the phone, the Chinese black market (which is where most stolen iphones end up) has no problem reading the info off, wiping the phone and replacing the image with one that can’t be remotely locked. You shouldn’t make statements that are ignorant of the current black market for phones and phone security. @RogerStrong is correct.

RBF? What site is that? I was thinking it was starting to feel a bit Slashdot-esque.

cf.

Steve Jobs was a genius, and a wizard. His contribution to the culture and business practice was minimal, but nobody could wield the RDF like him. He was so good that it’s still going on years after his passing.

Did somebody brick her phone unexpectedly?

Oh, yeah. It is kind of similar. Perhaps Cory could post a grand meta-narrative on Richard Dawkins, Feminism, Apple, Gamergate/Anita Sarkeesian with a side of Donald Trump next?

Nope. Not when it doesn’t get bricked, until a software update 10 months later.

And not when the phone has a remote-wipe ability. The phone could have been wiped when the security hardware was replaced, rather than bricked.

And then there’s the Dr. Strangelove complaint: “What good is a doomsday device if you don’t TELL anybody?” If this sort of bricking is supposed to prevent theft, not publicizing it defeats the purpose.

Apple had the option of warning its customers who might require 3rd-party repair, ahead of time. They had the option of warning them before the update was pushed out, so that they could refuse the update or switch from fingerprints to passwords. They had the option - once complaints of bricked phones started pouring in - of halting the update to more phones until it was fixed. An option they’ve used before.

In all cases they decided not to. None of those decisions can be explained by “security.”