Slashdot Mirror
Cops Told 'Don't Look' at New iPhones To Avoid Face ID Lock-Out (vice.com)
As Apple continues to update its iPhones with new security features, law enforcement and other investigators are constantly playing catch-up, trying to find the best way to circumvent the protections or to grab evidence. From a report: Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect's iPhone X with their own face, leveraging the iPhone X's Face ID feature. But Face ID can of course also work against law enforcement -- too many failed attempts with the 'wrong' face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.
"iPhone X: don't look at the screen, or else... The same thing will occur as happened on Apple's event," the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. "So by looking into suspect's phone, [the] investigator immediately lose one of [the] attempts."
"iPhone X: don't look at the screen, or else... The same thing will occur as happened on Apple's event," the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. "So by looking into suspect's phone, [the] investigator immediately lose one of [the] attempts."
Have gnu, will travel.
I use my dog's face to unlock my phone.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Trump can't use the iPhone... every time he stares into a digital camera, the CCD breaks!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Yep.
There are two classes of information involved in searches: Things you have and things you know.
Bio-metrics are things you have. Pass codes are things you know.
The things you have are subject to search. The things you know are protected by the 5rh amendment.
It little behooves the best of us to comment on the rest of us.
How about "Hey Siri, lock the phone."
No idea if this works but it would make for a reasonably simple, non-intrusive solution.
the justification for not needing one for fingerprints is the same for face scans.
Correct. In Maryland v King the Supreme Court put DNA scans in the same category. No warrant or probable cause is needed.
From the ruling: "taking and analyzing a cheek swab of the arrestee's DNA is, like fingerprinting and photographing, a legitimate police booking procedure that is reasonable under the Fourth Amendment."
Not sure how finicky the facial recognition is on these things, but couldn't you just stick out your tongue or something when registering your face ID? Whenever you wanted to unlock the phone, you would stick out your tongue again. If someone pointed your phone at you in an attempt to unlock it, you could just sit there and do nothing, and the phone would register a failed attempt, right?
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
"Hey Siri, whose phone is this?" will require a passcode as long as the phone is locked when you ask the question.
The Dead Kennedys released the version that the OP was quoting. The Clash version said "I fought the law and the law won"
FC Closer
I'm amazed nobody has mentioned this yet.
- Go to Settings->Emergency SOS
Make sure "Call with Side Button" is on (that's the default) and turn off Auto-Call.
On any iPhone with Face ID, pressing the side button 5 times will now activate Emergency SOS mode, which immediately disables Face ID. There's a similar mode on Touch ID devices.
So, any time you're going through TSA, a border crossing, or see a cop heading towards you, press the side button 5 times. The phone will vibrate twice to indicate it's working. You don't even need to take it out of your pocket.
I'm sure Android has something similar, but the process would be device/skin-specific.
The right to protest the State is more sacred than the State.