

Apple’s Cool iPhone Fingerprint ID Means You’re Screwed - rbcgerard
http://blog.simplejustice.us/2014/10/31/apples-cool-iphone-fingerprint-id-means-youre-screwed/

======
donkeyd
I just don't see how this changes much. You have to give them a finger print,
but nowhere does it say that you have to provide the fingerprint onto the
device. This means they'll have to lift it and reproduce it in order to unlock
the device. Since you're fingerprint is undoubtedly already on the phone they
could just lift it and unlock the device anyway...

~~~
r00fus
> Since you're fingerprint is undoubtedly already on the phone they could just
> lift it and unlock the device anyway

I don't think your smeared fingerprints all over your phone are going to be
high-quality enough to enable them to unlock the phone.

The process identified by the CCC crack [1] seems _very_ involved and seems to
require a lab-environment. You get 5 tries and 48 hours to unlock the phone or
it will revert to passcode prompts... add in time requirement for a warrant,
and this may be just enough difficulty to dissuade LEOs from attempting this
method all the time.

One thing is certain, you should likely not use the simple passcode - that's
brute-forceable. But a manageable complex passcode and TouchID sounds very
convenient and relatively secure.

Oh, and always shut down your phone if you get pulled over. First power-on
unlock mandates passcode entry.

[1] [http://www.ccc.de/en/updates/2013/ccc-breaks-apple-
touchid](http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid)

------
calgaryeng
Page is down. Cached version:

[http://webcache.googleusercontent.com/search?q=cache:T5Tk3Zb...](http://webcache.googleusercontent.com/search?q=cache:T5Tk3ZboqiIJ:blog.simplejustice.us/2014/10/31/apples-
cool-iphone-fingerprint-id-means-youre-
screwed/+&cd=1&hl=en&ct=clnk&gl=ca&client=firefox-a)

------
swamp40
Not really surprising from a legal standpoint.

Fingerprints and DNA can be legally taken from you by law enforcement without
your permission - but _information_ , like your PIN #, cannot legally be
forced from you.

Just one more thing to add to the _" Law Breaking for Dummies"_ book.

------
jmnicolas
I have a hard time believing that the Police can't unlock an iPhone without
its user permission. Maybe they want to spare the cost of a forensic expert or
is the phone so well secured ?

~~~
dmishe
It's the whole apple/android full encryption debacle that has been going on
for what, two months now? Brute-forcing an iPhone with iOS 8 is extremely
slow.

------
no_future
Barring the fact that Apple probably provides tools for unlocking their
devices to authorities(like Microsoft's COFFEE), its a 4 digit passcode, it
isn't that hard to crack.

------
k2enemy
>...so when Apple offered fingerprint ID in place of a PIN to access its
iPhone, what hipster could resist?

Stopped reading after the first sentence.

------
remarkEon
I wonder if one could be compelled to tell law enforcement which finger print
opens the device, or that any of yours do at all.

~~~
donkeyd
This would be knowledge, which you don't have to share, according to the
article.

~~~
greenpizza13
So therefore the answer is to try and use the wrong finger 5 times until the
phone requires a passcode. Done.

~~~
remarkEon
Yeah that's what I was getting at.

------
gergles
When you get pulled over, hit the fingerprint sensor 5 times; that invalidates
the use of it and you're done.

~~~
pillfill
Or just turn off the phone. It requires a password on restart or 48h of
inactivity.

You can hate biometrics (and I'm still skeptical in general), but Apple did a
damned fine job of how they implemented it.

------
astrowilliam
Resource limit reached. Can't access the page. This is the site of Scott H.
Greenfield, TV Legal Analyst.

