Slashdot Mirror
Cops Are Now Opening iPhones With Dead People's Fingerprints (forbes.com)
An anonymous reader shares a report: In November 2016, around seven hours after Abdul Razak Ali Artan had mowed down a group of people in his car, gone on a stabbing spree with a butcher's knife and been shot dead by a police officer on the grounds of Ohio State University, an FBI agent applied the bloodied body's index finger to the iPhone found on the deceased. The cops hoped it would help them access the Apple device to learn more about the assailant's motives and Artan himself.
This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.
Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.
This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.
Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.
I stopped reading Forbes articles when they started requiring me to disable my adblocker.
Tell you what. If I'm murdered and the cops think there might be something on my phone that would tell them who murdered me, I'm cool with them using my finger to unlock it.
Apropos of nothing, are you cool with them having an incentive for shooting you rather than taking you in, in order to get at your information?
Except Hippies didn't used to worship a prophet who fucked children, enslaved all races, sacked and destroyed cities, and had 64 war campaigns during which he committed war crime after war crime, good ol' Muhammad. At least the worst that Jesus Christ did was overturn a few tables, though that guy wouldn't be proud about what his followers became in their idiocy considering his Pacifism.
It would be nice if these devices automatically unlocked after some time limit, like 1 year.
That would imply an application Logic-based lock, but instead, these phones use cryptography so the passcode is required to decrypt the data; "Fingerprint" access only works while the key derived from the passcode is still in volatile memory, and once the phone sleeps or reboots or something, that memory is purged, and the decryption key needs to be supplied again.
If they didn't encrypt the data ---- then everything on your phone could potentially be stolen by a criminal attacking either Apple's servers or the phone itself and finding a flaw in the Logic-based lock.
I used to do TPM drivers for embedded systems, it's not that far fetched of a feature to time out when your TPM already has an NVRAM. From NVRAM it's simple to embed an RTC (simple but not free, increases costs by several cents and creates supply chain disruption by introduction of a new variant). There are other ways to deal with this problems as well, and I'm not married to this idea.
My main point is the solution that most of the people on slashdot demand is not really feasible. That solution being to do nothing to disrupt the status quo and lock devices down so that nobody, not even law enforcement, can get into the device. If you can't trust your police and legal system to not violate your rights on your cellphone, how can you trust them in any other aspect of your life? Fix the real problem of corruption and public distrust.
“Common sense is not so common.” — Voltaire