Police Told to Avoid Looking at iPhone Screens Locked With Face ID

Police in the United States are being advised not to look at iPhone screens secured with Face ID, because doing so could disable facial authentication and leave investigators needing a potentially harder-to-obtain passcode to gain access.

Face ID on iPhone X and iPhone XS attempts to authenticate a face up to five times before the feature is disabled and the user's passcode is required to unlock the smartphone.

Elcomsoft presentation slide talking about Face ID (image via Motherboard)

Given the way the security system works, Motherboard reports that forensics company Elcomsoft is advising law enforcement, "don't look at the sceen, or else... the same thing will occur as happened [at] Apple's event."

The note appears on a slide belonging to an Elcomsoft presentation on iOS forensics, and refers to Apple's 2017 presentation of Face ID, in which Apple VP Craig Federighi tried and failed to unlock an iPhone X with his own face, before the device asked for a passcode instead.

Apple later explained that the iPhone locked after several people backstage interacted with it ahead of Federighi, causing it to require a passcode to unlock.

The advice follows a recent report of the first known case of law enforcement forcing a suspect to unlock an iPhone using Face ID. The action subsequently helped police uncover evidence that was later used to charge the suspect with receiving and possessing child pornography.

In the United States, forcing someone to give up a password is interpreted as self-incrimination, which is protected by the Fifth Amendment, but courts have ruled that there's a difference between a biometric recognition system like Touch ID and a passcode that you type into your phone.

In some cases, police have gained access to digital data by forcing people to unlock mobile devices using their fingers. Indeed, before Face ID was in use, law enforcement was advised how it could avoid locking Touch ID fingerprint-based authentication on Apple's iPhones. "With Touch ID, you have to press the button (or at least touch it)," Vladimir Katalov, CEO of Elcomsoft, told Motherboard. "That's why we always recommend (on our trainings) to use the power button instead, e.g to see whether the phone is locked. But with Face ID, it is easier to use 'accidentally' by simply looking at the phone."

Related Roundup: iPhone XS
Tags: Face ID, law
Buyer's Guide: iPhone XS (Buy Now)

Discuss this article in our forums

First Case Surfaces of Law Enforcement Forcing Suspect to Unlock iPhone With Face ID

A Forbes report has highlighted the first known case of law enforcement forcing a suspect to unlock an iPhone using Face ID.

The incident reportedly happened in August when federal agents obtained a warrant to search the house of a man in Columbus, Ohio, as part of a child abuse investigation.

Apple marketing image for Face ID

According to case documents, FBI agents got 28-year-old Grant Michalski to put his face in front of his iPhone X to activate the Face ID facial authentication.

After the device was unlocked, investigators looked through Michalski's chat history, photos, and other files stored on the phone. Evidence discovered on the device was used to charge the suspect later that month with receiving and possessing child pornography.

Several previous cases have occurred where law enforcement has gained access to digital data by forcing people to unlock mobile devices using their fingers. One case even reportedly involved trying to use the finger of a dead person to unlock a phone, which ultimately didn't work.

However, this appears to be the first case in which Face ID has been used, so it's likely to reignite debate over where the law stands in relation to biometric authentication methods.

In the United States, forcing someone to give up a password is interpreted as self-incrimination, which is protected by the fifth amendment and against the law. Nevertheless, courts have ruled that there's a difference between a biometric recognition system like Touch ID and a passcode that you type into your phone.

In the case highlighted by Forbes, the FBI was eventually locked out of the phone and had to gain a second search warrant to allow them to conduct a more thorough search of the device using a third-party unlocking solution, likely similar to Grayshift.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: FBI, Face ID, law

Discuss this article in our forums