Forensics consultancy advises U.S. police on leveraging biometrics from suspect’s devices
A company advising U.S. law enforcement on mobile forensics is advising them to avoid looking at suspect’s phones which may use Face ID in order to avoid accidentally triggering the facial recognition unlock feature, which after five failed attempts would require them to unlock the device with a password, Motherboard reports.
Suspects have been protected from being compelled to reveal their passcodes by rulings that consider divulging the passcode to be a potential form of self-incrimination, and therefore blocked by the Fifth Amendment. The FBI recently forced a suspect to unlock his iPhone with Face ID, however, after a U.S. District Court judge ruled earlier this year that federal investigators can use suspect’s biometrics to unlock electronic devices.
“iPhone X: don’t look at the screen, or else… The same thing will occur as happened on Apple’s event,” a slide from consultancy Elcomsoft says. The slide was part of a presentation obtained by Motherboard and later confirmed as authentic by Elcomsoft. Apple Senior VP of Software Engineering Craig Federighi was unable to unlock an iPhone X in the allotted number of attempts at a Face ID presentation in 2017. The slide also reviews the expiry and attempt rules for Touch ID.
UK police simulated a mugging to acquire a suspect’s device while it was unlocked in 2016, Motherboard reports, after determining they would be unable to compel him to unlock it with his fingerprint.
“With Touch ID, you have to press the button (or at least touch it); that’s why we always recommend (on our trainings) to use the power button instead, e.g to see whether the phone is locked. But with Face ID, it is easier to use ‘accidentally’ by simply looking at the phone,” Elcomsoft CEO Vladimir Katalov told Motherboard.