Forensics firm urges police not to look at screens of iPhones with Face ID

Posted:
in iPhone
While U.S. police are now sometimes forcing suspects with Face ID-ready iPhones to unlock their devices, Apple's technology is simultaneously making that a risky proposition, one security firm is warning agencies.

iPhone XR & Face ID


Elcomsoft is spreading the warning in a slide presentation, telling law enforcement "don't look at the screen, or else." If they even glimpse at an iPhone's TrueDepth camera, according to Elcomsoft, they could encounter the same problem Apple executive Craig Federighi did when showing off Face ID in 2017 -- a locked phone demanding a passcode.

"This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Elcomsoft CEO Vladimir Katalov explained to Motherboard. "So by looking into [a] suspect's phone, [the] investigator immediately lose[s] one of [the] attempts."

The first known example of U.S. police demanding someone unlock Face ID occurred Aug. 10, when the FBI searched the house of a Columbus man as part of a child abuse investigation. He cooperated, helping to build a case against him for child pornography, but initially only a limited amount of information was extracted from his iPhone X, since agents didn't have a passcode.

Courts have ruled that the Fifth Amendment protects suspects from being forced to share a passcode, which ironically makes biometric security the best legal avenue for searching a mobile device. A number of people have already been made to unlock iPhones with Touch ID, even the dead.
«1

Comments

  • Reply 1 of 24
    so turn on “require attention” or better yet, hold the power and volume down button & it disables Face ID requiring you to enter your pin to unlock. 
    claire1aaronkalbuktechiecincymacairnerdwatto_cobra
  • Reply 2 of 24
    claire1claire1 Posts: 510unconfirmed, member
    and don't break people's arms.
    watto_cobra
  • Reply 3 of 24
    NemWanNemWan Posts: 117member
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    claire1JessiReturnskingofsomewherehotlostkiwiMisterKitolscaladanianentropysaaronkalbElimu
  • Reply 4 of 24
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    I wasn't aware of that one. There's always the five quick taps on the power button. Someone can do that without even taking their phone from their pocket.
    watto_cobra
  • Reply 5 of 24
    netmagenetmage Posts: 276member
    On modern iPhones it is hold wake and volume in (squeeze both sides) for a few seconds.
    Five presses of wake button is emergency call.
    edited October 2018 gatorguyairnerdwatto_cobra
  • Reply 6 of 24
    macxpressmacxpress Posts: 4,973member
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    I wasn't aware of that one. There's always the five quick taps on the power button. Someone can do that without even taking their phone from their pocket.

    That is SOS on a newer phone which also makes a loud noise until you cancel it. Probably not a good idea. 
    StrangeDayswatto_cobra
  • Reply 7 of 24
    these arbitrary decisions such as 5th amendment protecting your face but not your deadbolt key need to be decided.   People's rights shouldn't be decided on a whim or case by case basis.  Rules should be more defined.  We can hold your house keys against you but not your actual face, but maybe a good picture of your face we can use or we'll 3D print a composite of your face from the pic and use that...
  • Reply 8 of 24
    sphericspheric Posts: 1,789member
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    Just tried this (in German). It showed me my own contact data and definitely did NOT disable Face ID.
    bb-15airnerdwatto_cobra
  • Reply 9 of 24
    https://forums.appleinsider.com/post/quote/207757/Comment_310045

    if you hold the volume and power buttons for less than 3 seconds it will activate the need passcode without the alarm sounding. 
    watto_cobra
  • Reply 10 of 24
    macxpressmacxpress Posts: 4,973member
    spheric said:
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    Just tried this (in German). It showed me my own contact data and definitely did NOT disable Face ID.
    It worked for me...you must not have done something right. Either way though...not something you want to do when being asked to unlock your phone. It's not very inconspicuous. 
    edited October 2018 watto_cobra
  • Reply 11 of 24
    netmage said:
    On modern iPhones it is hold wake and volume in (squeeze both sides) for a few seconds.
    Five presses of wake button is emergency call.
    While five presses does bring up the SOS screen, if you cancel it, you'll see that a passcode is now required. It doesn't actually do the SOS function. You can also power off on that screen, which could be helpful, too.
    edited October 2018 watto_cobra
  • Reply 12 of 24
    designrdesignr Posts: 531member
    these arbitrary decisions such as 5th amendment protecting your face but not your deadbolt key need to be decided.   People's rights shouldn't be decided on a whim or case by case basis.  Rules should be more defined.  We can hold your house keys against you but not your actual face, but maybe a good picture of your face we can use or we'll 3D print a composite of your face from the pic and use that...
    It's not entirely arbitrary. As I understand it, compelling someone to reveal something to you like their passcode is a form of compelled speech and a form of compelled testimony against themselves which is expressing disallowed in the US constitution. Whereas something like your fingerprint and/or face are something intrinsically about you that they can just use.

    Now I'm not entirely sure where things stand legally with forcing someone to open they eyes (which I think is required for Face ID).

    Thankfully Apple provides some ways to disable the biometrics and force the use of passcode and everyone should a) know what these are for their phone (the simplest is just turn the phone off), and b) always be prepared to do so whenever having any encounter with law enforcement regardless of whether you think you're a criminal...never consent to a search of anything (and you'd have to if passcode is required). This is just basic wise citizenship.
    edited October 2018 cornchipwatto_cobra
  • Reply 13 of 24
    entropysentropys Posts: 1,850member
    I don’t think the fifth amendment is ‘arbitrary’. Americans had to vote for it.
    watto_cobra
  • Reply 14 of 24
    A few years ago, I thought it would be neat to have a code/biometric that opened an alternative phone instance that had some basic pictures apps and such, enough to look real.   Not sure how Face ID could do this, as there’s less customization versus multiple fingerprints and passcodes. 
    watto_cobra
  • Reply 15 of 24
    MplsPMplsP Posts: 1,663member
    macxpress said:
    spheric said:
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    Just tried this (in German). It showed me my own contact data and definitely did NOT disable Face ID.
    It worked for me...you must not have done something right. Either way though...not something you want to do when being asked to unlock your phone. It's not very inconspicuous. 
    It really doesn’t matter if it’s inconspicuous - after you disable Face ID, you can’t be compelled to give your pass code. 
    watto_cobra
  • Reply 16 of 24
    ElimuElimu Posts: 1unconfirmed, member
    The following gave me failed attempts:
    * Tucking in both lips or my TOP lip.
    * Sticking my tongue out towards my nose.
    * Making one lip stretch opposite direction from the other (looks crazy)
    * Opening mouth as wide as possible. 
    * Using top lip to cover nostrils (like something smells bad)
    That’s all that I could do without using my hands. 
    sweetheart777watto_cobra
  • Reply 17 of 24
    MplsPMplsP Posts: 1,663member
    On a slightly related topic, has anyone heard anything more from that Vietnamese company that supposedly could create a mask to fool Face ID?
    sweetheart777watto_cobra
  • Reply 18 of 24
    analogjackanalogjack Posts: 1,071member
    macxpress said:
    spheric said:
    NemWan said:
    "Hey Siri, whose phone is this?" disables FaceID/TouchID.
    Just tried this (in German). It showed me my own contact data and definitely did NOT disable Face ID.
    It worked for me...you must not have done something right. Either way though...not something you want to do when being asked to unlock your phone. It's not very inconspicuous. 
    Yeah worked for me too on my SE, it gave the contact details but when I went to open it it required my 15 letter diceware passcode. Which is moderately annoying. What you could do is simply say that it's not your phone and then just say 'look.. hey Siri whose phone is it', then you can say, oops sorry I guess it was my iPhone after all. The cops wouldn't even realise.
    watto_cobra
  • Reply 19 of 24
    analogjackanalogjack Posts: 1,071member

    MplsP said:
    On a slightly related topic, has anyone heard anything more from that Vietnamese company that supposedly could create a mask to fool Face ID?
    Don't worry about it it's all bullshit.
    watto_cobra
  • Reply 20 of 24
    davidwdavidw Posts: 975member
    these arbitrary decisions such as 5th amendment protecting your face but not your deadbolt key need to be decided.   People's rights shouldn't be decided on a whim or case by case basis.  Rules should be more defined.  We can hold your house keys against you but not your actual face, but maybe a good picture of your face we can use or we'll 3D print a composite of your face from the pic and use that...
    The 5th Amendment do not protect your face or your fingerprint. They are treated the same as the key to your deadbolt. The government, with a search warrant, can get the key to your deadbolt from your landlord or hire a locksmith. Just as they can take a mug shot of your face or get your fingerprint when charged with a crime and booked. 

    However, unlike having the key to a deadbolt, which anyone can use to unlock your door and there's no need to force you to do it, having a picture of your face or an ink copy of your fingerprint will not unlock your iPhone. The real question is, can you be forced to unlock your own phone, knowing that what's in it will incriminate you in a crime. Where as the government don't need you to unlock your deadbolt once they have the key, they still need you to unlock your phone, by placing the your correct finger/thumb  on the sensor or looking into your phone with the right facial expression. 

    So far, it seems with several court rulings, that what ever is required to unlock your phone, be it your fingerprint, face or pass code, is not protected by the 5th, as it is not considered self incrimination to unlock your phone, even if you know that there is evidence in your phone, that may be used against you. And not doing so can get you tossed in jail on a contempt of court charge. 

    However, with a pass code, the government can not force you reveal your pass code, if you simply tell them ... "I forgot". The government can still initially toss you in jail for not unlocking your phone but eventually they have to ask ....... what if you actually did forget your pass code? How can they prove that you didn't forget? It is not impossible nor  improbable, that someone might forget their pass code.

    Now if you clearly tell the courts that you know your pass code but you're not going to unlock your phone, then theoretically, the courts can toss you in jail for contempt, until you unlock your phone or until they found some other way to get the information from it and they no longer need the pass code from you. 
    designrwatto_cobra
Sign In or Register to comment.