Apple confirms iPhone-killing “Error 53,” says it’s about security

The iPhone’s most mysterious and dangerous bug is tied to Touch ID tampering and unauthorized repairs, at least according to Apple.

For months, some iPhone users have been running into a mysterious bug called “Error 53,” which can render some newer handsets unusable. Now, Apple has chimed in with an explanation.

With Error 53, some iPhone 6 and 6s users have found that their handsets no longer work after an iOS update. Stranger still, Apple’s support site barely documents the problem, lumping it in with other error codes that appear to be more easily resolved. As reported last year by The Daily Dot’s Mike Wehner, the only fix for Error 53 is to send the phone back to Apple and get a replacement.

But The Guardian has an update on the issue with official word from Apple on its cause. The company is blaming the problem on unauthorized third-party repairs, which can disrupt the unique pairing between the iPhone’s Touch ID fingerprint reader and the “secure enclave” that stores fingerprint data. Without this pairing, the risk is that someone could install a malicious Touch ID sensor and steal sensitive data, so Apple’s response is to shut everything down when the pairing fails.

"When an iPhone is serviced by an unauthorized repair provider, faulty screens or other invalid components that affect the Touch ID sensor could cause the check to fail if the pairing cannot be validated," Apple's spokeswoman said. "With a subsequent update or restore, additional security checks result in an 'error 53' being displayed."

Why this matters: In lieu of any explanation from Apple, some observers have speculated that Error 53 is the company’s way of imposing a monopoly on repairs. Although Apple’s latest iPhones are fairly easy to fix, the unique Touch ID pairing process could jeopardize any do-it-yourself plans that involve the home button or its fingerprint reader. Apple’s statement suggests that this is the price users must pay to secure their fingerprints, which in turn can provide access to all kinds of sensitive data.

Questions remain

While Apple’s statement sheds some light on the company’s thinking, it doesn’t neatly answer every question about Error 53.

For one thing, The Daily Dot’s Wehner suffered the error without having any unauthorized repairs done. In his case, Touch ID merely failed on its own, and although he had been using the phone without fingerprint recognition for about a month, an iOS update eventually caused the phone to get stuck in a boot loop. Apple’s statement doesn’t explain this scenario.

Moreover, what’s the use of "additional security checks" if they only occur during an iOS update? It’s unclear from Apple’s statement whether users are still at risk between the time of repair and these additional checks. If there isn't a risk in the interim, why not warn users before they update?

One thing does seem certain, however: If something happens to your home button, and you get it fixed without Apple’s blessing, Error 53 may not be far behind.

Join the CSO newsletter!

Error: Please check your email address.

Tags smartphoneiphone 6Applemobile phoneiPhone 6smobility

More about Apple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place