FBI makes suspect unlock iPhone X in first confirmed instance of forced Face ID

Posted:
in iPhone edited October 2018
The FBI recently ordered a suspect to unlock his iPhone X via Face ID, in the first known example of police doing so anywhere in the world.

iPhone X Face ID


The incident occurred on Aug. 10, when the FBI searched the house of Grant Michalski in Columbus, Ohio during a child abuse investigation, Forbes reported on Sunday, citing court documents. Special agent David Knight ordered Michalski to face the iPhone, triggering Face ID.

Michalski was ultimately charged with receiving and possessing child pornography. The search uncovered related Kik conversations, including a chat with someone who was really an undercover officer.

Only some data was obtained from the iPhone however as the FBI didn't have Michalski's passcode, which put up roadblocks for forensic tools after the device had been locked for more than an hour. Knight noted he wasn't able to document things like app use or deleted files, but added that he'd discovered that the Columbus Police Department and the Ohio Bureau of Investigation have "technological devices that are capable of obtaining forensic extractions from locked iPhones without the passcode," presumably referring to hardware offered by Cellebrite and/or Grayshift.

A lawyer for Michalski, Steven Nolder, told Forbes that the FBI turned to Cellebrite, but has so far failed to get anything useful. He also commented that police are now using boilerplate language in warrants to cover Face ID.

Mandatory Touch ID unlocks have been happening for years, even being used on corpses. Though controversial the practice is currently legal, and sometimes claimed to be necessary by U.S. law enforcement since suspects can't be forced to turn over their passcodes. Conventional forensic tools are often defeated by the full-disk encryption and other security measures in iOS.

Cellebrite and Grayshift recently scored major contracts with the U.S. Secret Service, valued at $780,000 and $484,000, respectively. Grayshift also picked up a $384,000 deal with Immigration Customs Enforcement.
«134

Comments

  • Reply 1 of 61
    SoliSoli Posts: 10,035member
    1) If you're going to be a criminal then don't use a fricken a biometric (which I shouldn't be telling them, but I figure if they were smart enough to come to this forum then they'd already know better).

    2) I'm glad he was dumb enough to use Face ID if it gets a child pornographer and child abuser off the streets.

    3) Slight segue, but still very much the same issue: a recent study has shown that the one thing all human traffickers have in common is that they use the internet for sales. I wish we had better tools to stop this.
    Anilu_777cornchipracerhomie3radarthekatsupadav03randominternetpersonjahblade
  • Reply 2 of 61
    gustavgustav Posts: 827member
    According to FaceID security guide, FaceID can be disabled by simultaneously holding volume down and power for two seconds.
    racerhomie3Rayz2016ivanhcornchipacejax805jbdragonjahbladejony0
  • Reply 3 of 61
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 
    maciekskontakt
  • Reply 4 of 61
    Anilu_777 said:
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 

    Do you support back doors to allow police to get into any device they want?
    anton zuykovGeorgeBMacjahbladedarkvaderjony0watto_cobra
  • Reply 5 of 61
    racerhomie3racerhomie3 Posts: 1,264member
    If you suspect the cops or FBI are after you disable FaceID or TouchID by triggering Emergency SOS mode.
    jbdragondarkvader
  • Reply 6 of 61
    Anilu_777 said:
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 
    Next you will be telling us if you have nothing to hide then you dont mind the cops accessing your phone?
    redgeminipaanton zuykovStrangeDaysGeorgeBMacjbdragon78Banditjahbladedarkvaderjony0watto_cobra
  • Reply 7 of 61
    Soli said:
    1) If you're going to be a criminal then don't use a fricken a biometric (which I shouldn't be telling them, but I figure if they were smart enough to come to this forum then they'd already know better).

    2) I'm glad he was dumb enough to use Face ID if it gets a child pornographer and child abuser off the streets.

    3) Slight segue, but still very much the same issue: a recent study has shown that the one thing all human traffickers have in common is that they use the internet for sales. I wish we had better tools to stop this.
    Did you know that the definition of sex trafficking is broader than you realize: it does not only include pimps who coerce women into pristitution but also a john who happens to be caught in a sting can also be arrested for it now 
    anton zuykovStrangeDaysjbdragonjahbladedarkvader
  • Reply 8 of 61
    If you suspect the cops or FBI are after you disable FaceID or TouchID by triggering Emergency SOS mode.

    People do not need to have "something to hide" in order to hide "something". What is relevant is not what is hidden, rather the experience that there is an intimate area, which could be hidden, whose access should  be restricted. Psychologically speaking, we become individuals through the discovery that we could hide something from others.

    Julian Assange states: "There is no killer answer yet. Jacob Appelbaum (@ioerror) has a clever response, asking people who say this to then hand him their phone unlocked and pull down their pants. My version of that is to say, 'well, if you're so boring then we shouldn't be talking to you, and neither should anyone else', but philosophically, the real answer is this: Mass surveillance is a mass structural change. When society goes bad, it's going to take you with it, even if you are the blandest person on earth.

    Gabyanton zuykovStrangeDaysjbdragonjahbladedarkvaderwatto_cobra
  • Reply 9 of 61
    chasmchasm Posts: 3,273member
    How long before TSA decides to use these powers to force travelers to open their social media in a similar manner, I wonder?
    GeorgeBMacjbdragonwatto_cobra
  • Reply 10 of 61
    News like this always makes me feel like I've got about half a dozen of personalities, and they are having a huge brawl…

    There's the security/IT-person part of me that wants to just yell "mooove", and show them how to secure data.
    There's the privacy/integrity/politician/philosopher-part of me, that's very anti anyone being able to intrude on data that's basically an extension of our most inner thoughts.
    And then there's that fantasy vigilante-persona, that after reading "child abuse" and "child pornography" would like to do things that would make even batman shy away in fear.

    At the end of the day I'm just happy knowing that predators like these get caught because they are stupid, and that they can't help themselves talking to other people(/police).

    (Then, of course, there's the group of personalities that are fighting about whether or not he should get medical help, or just have his private parts put into a meat grinder.)
    randominternetpersonwatto_cobra
  • Reply 11 of 61
    chasm said:
    How long before TSA decides to use these powers to force travelers to open their social media in a similar manner, I wonder?
    Thing is, anyone that really wants to can easily stay safe/secure by applying a lil bit of tech knowhow; and that that tech knowhow could fairly easily be put into an app/guide that almost anyone could use. (Things like erasing our phones, and then downloading an encrypted backup once we're feeling safe again.)

    Knowing that we basically know that the arms race, in this particular case, must, for technological reasons, end up being lost by "the government", should that compel us to take a certain stance on this issue?!

    IMNSHO I think that knowing that those having something to hide always will be able to (successfully) do so, knowing that, we should protect the privacy/integrity of individuals before granting more powers to the government. Meaning that we should be against forced backdoors into iOS, against TSA accessing (non-public) social media etc.

    Anyone here that feel that they have good arguments against this?
    Gabykingofsomewherehot
  • Reply 12 of 61
    Anilu_777 said:
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 
    Next you will be telling us if you have nothing to hide then you dont mind the cops accessing your phone?

    Didn't they have a warrant? This wasn't some case of them stopping a random guy on the street and looking for something to charge him with. Nor is it mass surveillance. Nor did they ask Apple for a risky backdoor. They had grounds for search. They searched. Where is your problem with this?


    svanstromgatorguychristophbforegoneconclusionjbdragon
  • Reply 13 of 61
    radarthekatradarthekat Posts: 3,842moderator
    svanstrom said:
    News like this always makes me feel like I've got about half a dozen of personalities, and they are having a huge brawl…

    There's the security/IT-person part of me that wants to just yell "mooove", and show them how to secure data.
    There's the privacy/integrity/politician/philosopher-part of me, that's very anti anyone being able to intrude on data that's basically an extension of our most inner thoughts.
    And then there's that fantasy vigilante-persona, that after reading "child abuse" and "child pornography" would like to do things that would make even batman shy away in fear.

    At the end of the day I'm just happy knowing that predators like these get caught because they are stupid, and that they can't help themselves talking to other people(/police).

    (Then, of course, there's the group of personalities that are fighting about whether or not he should get medical help, or just have his private parts put into a meat grinder.)
    “...on data that’s basically an extension of our most inner thoughts.”

    This!  Exactly.  I’ve long held the position in this debate that society is going to have to decide whether our minds are truly sacrosanct, in the long run, because there may very well come a day when we will be able to detect/scan/record/read thoughts directly from a human brain.  And along the path to that day we need to determine whether smartphones and other personal data-containing devices represent  an extension of our minds.

    There already exists a technique that can infer some of what’s in a person’s mind. It’s a system that measures brain activity and it can tell with a very high degree of accuracy whether a person recognizes a scene shown to him/her.  The example is a murder scene where the public has not been informed of the murder weapon, left at the crime scene, or shown the crime scene.  A suspect is monitored while shown a series of images, some of a different location (a mock crime scene or unrelated one) along with images of the actual crime scene, and then the murder weapon.  The method can accurately determine whether the suspect recognizes the actual crime scene and murder weapon.  It’s a big leap from there to mind reading, because it’s generally accepted that everyone’s mind is a series of associations and snippets rather than whole stored images; a very complex set of data that can store the same memory vastly differently encoded from one brain to the next, but such inference techniques as described above might be able to take us a fair way along the path toward gathering data from a person’s mind, with or without his/her permission. 
    edited October 2018 StrangeDayswatto_cobra
  • Reply 14 of 61
    hentaiboyhentaiboy Posts: 1,252member
    chasm said:
    How long before TSA decides to use these powers to force travelers to open their social media in a similar manner, I wonder?
    New laws in New Zealand (came into effect today) allow Customs to perform a “digital strip search” of travellers.
    If you don’t give them your pin code, or open phone with fingerprint, you can be fined $5000 and have your device seized. 

    https://www.tvnz.co.nz/one-news/new-zealand/travellers-refusing-hand-over-phone-password-airport-now-face-5000-customs-fine
    StrangeDaysrandominternetpersonjbdragonSpamSandwichnetling
  • Reply 15 of 61
    There's never been a logical reason to think that digital = law free zone. The key is to have clearly defined rights on both sides of the issue, same as with the search of physical property. The tech world evolves and changes fairly rapidly and legislators/law enforcement need to do a better job of staying on top of it so that the public has a clear understanding of the parameters.
  • Reply 16 of 61
    Anilu_777 said:
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 

    Do you support back doors to allow police to get into any device they want?
    Do you support back doors to allow police to get into any device they want and possibly plant evidence on said device?

    There fixed it for you.

    It is all a question of balance.
    jbdragondarkvaderbeowulfschmidtwatto_cobra
  • Reply 17 of 61
    Anilu_777 said:
    I hope the bastard gets worse than life. I support law enforcement gaining access to child abusers’ devices so they can put them away. 

    Do you support back doors to allow police to get into any device they want?
    Do you support back doors to allow police to get into any device they want and possibly plant evidence on said device?

    There fixed it for you.

    It is all a question of balance.
    Read access to a backup of data doesn’t necessarily equal the write access required to plant anything.

    Just saying that there are different ways to implement backdoors to data. 
  • Reply 18 of 61
    There's never been a logical reason to think that digital = law free zone. The key is to have clearly defined rights on both sides of the issue, same as with the search of physical property. The tech world evolves and changes fairly rapidly and legislators/law enforcement need to do a better job of staying on top of it so that the public has a clear understanding of the parameters.
    That's something that's easy to say for someone coming at this from an analog perspective.

    Digital security is either that something is secure, or it isn't; there's no way to make digital security safe enough from criminals while at the same time be weak enough that it can be broken after some sort of legal review/warrant.

    There have been several attempts at making solutions that have "secure" backdoors, but they've all ended up the same as with those suitcases with TSA approved locks (to which anyone can 3D-print a masterkey).

    It's the world that evolves, and our previous view on security can't easily be applied to this new digital world.
    StrangeDaysrandominternetpersondarkvader
  • Reply 19 of 61
    chasm said:
    How long before TSA decides to use these powers to force travelers to open their social media in a similar manner, I wonder?
    I always shut off my phone when going through security also if I get pulled over by the police, just in case. It makes you have to put in the passcode to get into it when its turned back on. 
    watto_cobra
  • Reply 20 of 61
    chasm said:
    How long before TSA decides to use these powers to force travelers to open their social media in a similar manner, I wonder?
    You have to face their machines in certain way anyway, so doing the same with the phone might be a surprisingly easy case for them to win.
Sign In or Register to comment.