Slashdot Mirror
Cops Told 'Don't Look' at New iPhones To Avoid Face ID Lock-Out (vice.com)
As Apple continues to update its iPhones with new security features, law enforcement and other investigators are constantly playing catch-up, trying to find the best way to circumvent the protections or to grab evidence. From a report: Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect's iPhone X with their own face, leveraging the iPhone X's Face ID feature. But Face ID can of course also work against law enforcement -- too many failed attempts with the 'wrong' face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.
"iPhone X: don't look at the screen, or else... The same thing will occur as happened on Apple's event," the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. "So by looking into suspect's phone, [the] investigator immediately lose one of [the] attempts."
"iPhone X: don't look at the screen, or else... The same thing will occur as happened on Apple's event," the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. "So by looking into suspect's phone, [the] investigator immediately lose one of [the] attempts."
Is anyone seriously buying this? They can come and go freely, remotely, into all your consumer garbage devices. iProducts are absolutely not an acception in any way. Stop pretending as if this is a thing where "law enforcement" is made out to "desperately try to uphold the law in spite of all the evil encryption".
You have to be a complete cretin to believe these nonsensical news that constantly get pumped out. Sadly, 99% or more of all people are beyond cretins in stupidity...
Simply outlaw personal use of cryptography, and require manufactured to provide a backdoor code. Then we won't need police officers jumping through a lot of hoops trying to get around privacy laws.
He will have to make do with the pay phone, until the hangman comes for his orange ass.
Have gnu, will travel.
This is not the first time Elcomsoft has made it onto Slashdot. In the past, they were the target of law enforcement to protect Adobe's right to use weak crypto to "secure" eBooks and PDFs. It is interesting that they would go from arresting employees of Elcomsoft for finding flaws in American products to then getting advice from the same exact company for finding flaws in American products. It is almost like the USA is bi-polar when it comes to wanting these flaws exposed.
How long before LEOs are issued with devices to cover iphone front cameras
...but not local LE who have not quite that level of gear or skill.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I use my dog's face to unlock my phone.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
I've heard that sphincter shape is as unique as finger prints. Cops cannot tell you to strip without a warrant or exigent circumstances.
Perfect solution. Though to be honest, it might affect behavior in public. Some people will be tempted to revert accidental locking.
I got busted for speeding last year but it was pretty egregious. I peeled out at a light and was going 73 in a 40 MPH zone. The cop who pulled me over was an ass, though, and wrote the ticket for 80. That way it's 40 over the limit and the fines and penalties go way up. So, I asked the cop to see the radar. He flatly refused. I told him I think that's because he didn't have radar and that he was just mad because I had a nice car and I broke traction at the light and he took it as a personal challenge to his authority. To that he blew up, had me exit the car, and searched my shit without my consent/signature, by the way, since I flatly refused consent. So, I'm sitting in the back of his car and he finds my cell phone. The fucker immediately brings it to me to unlock. I was like "Sure, no problem." My phone is a Philips E570 and it doesn't even have a TCP/IP stack (battery lasts 5-6 months, though - yes *months*). My call history was disabled, my texts (which I get few of) were cleared, and there was four fifths of five eighths of FUCK ALL for him to see. So, he gets pissed at that "What kind of shitty phone do you use man?" to which I replied "One that cops can't rape for info, it would seem, officer." So, he then wrote this huge angry, lying, bullshit rant on the ticket for the judge to read. So, I was looking at a fat ticket that could have revoked my license and even possibly jail time. I was pissed because he claimed he found my speed by "pacing" even though it took him forever to catch me nearly a quarter mile behind (he had to escape from behind a bunch of cars, I was in the front rank). There is no way he could have paced me, realistically - he just wanted to write that magical "40MPH Over" on the ticket to try to take my license or fuck me into the stony lonesome jailhouse. So, after a couple of months we go to court. I absolutely refused to go along with any of the charges and kept telling them "let's do a jury trial." Finally, the judge asks me "Why do you want a trial? That costs a lot of time and money and would cost you far more if you lost." I told the judge "Because the officer is lying and I can't stand it. It's also because I don't believe you can find seven people in this town who would agree with the cops that fleece us all day." The judge was pretty angry at that and gave me a lecture about how wonderful the pigs are and what great civil servants they are. So, I shrugged that off, too and said "Then let's do a trial." My lawyer kept having to interrupt and say things like "... uhm.. I mean.. that is... if we can't come to another agreement or set of charges." I had all kinds of photos of the area where I peeled out. Documentation showing my car was rear wheel drive and there was a 15% grade causing it to easily break traction taking off. The jury would have told the DA to fuck herself, I'm pretty sure and the bitch knew it. So, in the end after all the bullshit lectures and down-talking to me, you know what they got me on (because I agreed) ? Failure to use turn signal. I piddly $35 ticket and a 2 point violation only (wrist slap). The judge was FURIOUS and told me I'd better hope I don't have any more cases come up with him. Then as I paid my $35 at the fine window and the officer was walking off I started singing Dead Kennedy's "I Fought the Law and I WON." and giggling like a 10 year old girl. He looked like he wanted to fucking shoot me in the face. I can't think of too many more satisfying situations. It fucking rocked. I still peel out at that light to this day. Fuck the police.
Cop with gun pointing at suspect
"Take your face away from the screen reallllllll slowly"
And that slashdot poster...... was Albert Einstein!!!
apple should just lock the phone completely if it detects a cop looking at it
Phones that unlock with a fingerprint should have a "lock and require password" that can be activated with a different fingerprint. That way there's a risk of locking a phone and needing a password if law enforcement attempts to compel someone to unlock a phone with a fingerprint.
Where my phone would lock if it got more than 5 feet away from my Apple Watch.
Apple already has a system for detecting your Apple Watch for logging into Mac desktop/laptops, so this isn't much of a stretch.
To a Lisp hacker, XML is S-expressions in drag.
This may be a trolling response, but it sure was entertaining.
Yes, that how I solved this problem: Giving up these "convenience features" by only accepting a 7-digit passcode--not using FaceID or Fingerprint.
It's states right on the sticker, "Do not look at with remaining eye"
Coming soon to a news article near you:
Man in custody bashes own face to avoid Face ID unlock
Wait, these cameras point at the user? Seriously? What kind of narcissist would want a camera that points at THEMSELVES? Would that not be some kind of mental disorder?
Police: Don't look into the subjects phone so it doesn't lock you out.
or
Non-Police: Don't use biometrics ( face-id or fingerprints ) to unlock your phone in the first place.
If you just stick to a decent password, not only will it help those forgetful law enforcement types ( because it won't matter if they look at your phone or not ) but you also cannot be forced to give up a password ( in the US at least . . . . for now ) so it's a win-win for everybody :D
Personally, I think the phones should have an emergency user-configurable duress code. Key it in even once and the phone encrypts the entire phone ( just to be sure ) to some random key ( plausible deniability. . . . you truly won't know the passcode to unlock it at that point ) or just runs an embedded version of Bleach-Bit ( or similar ) that kills any hope of pulling any data from the device at all.
On that thought, I wonder if the App Store would even allow such an app to begin with.
Let's put their ' privacy for the consumer ' speeches to the test shall we ?
Not sure how finicky the facial recognition is on these things, but couldn't you just stick out your tongue or something when registering your face ID? Whenever you wanted to unlock the phone, you would stick out your tongue again. If someone pointed your phone at you in an attempt to unlock it, you could just sit there and do nothing, and the phone would register a failed attempt, right?
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
Smart enough to figure out how to login, at least, Coward.
Thanks (I think). I don't like authority, don't like being fleeced and lied to, and I'm not ashamed of driving hard. I don't see that it's trolling, unless you are a cop who likes to fund your city with speeding tickets. If you are, okay yeah, that was trolling. Also, if you are, die slowly on fire, please. Thanks. ;-P
Clash song. Not D.K.
One cop picks up a suspect's phone, when her parter says to her, "Marion... don't look at it. Shut your eyes, Marion, don't look at it, no matter what happens."
Another looks at the phone and exclaims, "it's beautiful!" and next thing you know, the phone's FaceMelter app activates...
It's almost as if the entire device was covered in s. Do not look directly at the s!
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
I carry a flip phone that only does calls and texts. I clear the call log and texts every morning. Not that I ever get many of either. I think that a data destruct (duress) passcode is a great idea, as well as any attempt to open the phone case or connect to it while it is locked destroys all data (factory reset). To charge the phone it must be unlocked to plug in the cable and start the charging. In a few minutes the phone should lock itself, and when locked all data transfer capability and connectivity except for charging should be totally disabled.
BTW a friend of mine who describes himself as an old hippy musician was stopped as he was walking home from a bar one night. He had had a couple of beers over the course of several hours, but was not legally drunk. He is legally blind, and only has a state issued ID. The officer was an ass and got very angry that my friend's ID was a month or so out of date. My friend (who has a tendency to become an ass when treated badly) ended up in court. When the judge (who was being an ass) charged my friend with contempt of court, his exact words were "GOOD, because I have the upmost contempt for this kangaroo court!" He was fined and released.
Sure sounds like a shithole country to me.
When Apple advertises LEO defeat, charge then for conspiracy.
I just listened to that song and it's "I Fought the Law and the law WON"!
Why wait for 5 attempts? just one failure and lock-out; even send some SoS for help. You know there is no reason someone should be looking into your phone [may be provide a exception set like for family]
The Dead Kennedys released the version that the OP was quoting. The Clash version said "I fought the law and the law won"
FC Closer
Then you didn't listen to the Dead Kennedys song the OP was quoting, you listened to a different version.
FC Closer
Dozens of groups have covered the Clash's song.
The Clash covered that song. I'm not sure who the original was by, but with 30 seconds Googling I found a version by the Bobby Fuller Four from 1964.
Just noticed an earlier version by The Crickets in 1960.
What fascist country do you live in where you need ID to walk down the street?
It might go off, or lock up, or bite your face off! Don't look at it! Don't touch it, don't even turn your head towards it. Just pretend that you happen to be in the same room, be cool!
Hell, let's just bury the thing, it's cursed or something!
I'm amazed nobody has mentioned this yet.
- Go to Settings->Emergency SOS
Make sure "Call with Side Button" is on (that's the default) and turn off Auto-Call.
On any iPhone with Face ID, pressing the side button 5 times will now activate Emergency SOS mode, which immediately disables Face ID. There's a similar mode on Touch ID devices.
So, any time you're going through TSA, a border crossing, or see a cop heading towards you, press the side button 5 times. The phone will vibrate twice to indicate it's working. You don't even need to take it out of your pocket.
I'm sure Android has something similar, but the process would be device/skin-specific.
The right to protest the State is more sacred than the State.
Yeah, but Dead Kennedy's did their version specifically to highlight the murder of Harvey Milk by a cop who said he ate too many Twinkies. The chorus "I Fought the Law and I won." is much different (as a previous poster pointed out) than The Clash version because DK wanted to highlight the injustice and ridiculous nature of the case. They also say "I AM the law so.... I won." that lyric points to the fact that the murderer was a local cop. Not to say I don't like The Clash's version, it's pretty great, it just didn't fit the occasion I was acting out in.