Also, iirc iphones have this feature where if you appear to be under duress, it will refuse to unlock and disable face id. Is this true?
While there's always https://xkcd.com/538/ there are not currently quantum computers that can factor 4k RSA keys, so the court can order whatever it wants, unless they have a way past that (which may involve variations of xkcd 538), they ain't getting shit out of a properly configured digital safe. (construction of said safe is left as an exercise to the reader.)
For the relative handful who are custodians of that sort of data, history suggests a smaller minority than they'd like to admit have a readily achievable breaking point. The true believers who are left then are a minority that's hardly impossible to track and subvert through attacks that don't involve decryption on a device.
The point of that XKCD wasn't to be THE SINGULAR EXAMPLE, it's sort of a Zen Koan for people who only think in terms of technical risks and solutions.
The duress password feature is also useful. Entering it will completely wipe the phone and reset it to factory.
We just need a UX which makes it impossible to know how many profiles a phone has configured. Not some kind of sneaky hidden mode that you can be labeled a terrorist for having enabled, just that's how it works--you have to know a profile exists in order to log into it.
Of course it's not going to stand up to forensic scrutiny, but that's not what the feature is about anyhow.
This is famously used by Uber to protect their systems from the French police, for instance.
>GrapheneOS improves the security of the fingerprint unlock feature by only permitting 5 total attempts rather than implementing a 30 second delay between every 5 failed attempts with a total of 20 attempts. This doesn't just reduce the number of potential attempts but also makes it easy to disable fingerprint unlock by intentionally failing to unlock 5 times with a different finger.
Though with all the devices GrapheneOS supports, there are only two fingers you can plausibly use with the device: the thumb, usually on your dominant hand. It is quite awkward to be using anything else.
All this biometric talk in the world and it’s rarely made convenient for the user like this.
It was likely almost as fast as a physical keyboard smartphone for instant entry into an app.
Cut to my phone failing to recognize the fingerprint whenever it feels like or maybe because the humidity is 0.5% from the ideal value
sigh
heh it would suck to be beaten with a wrench to unlock your phone and, finally, to make it stop you relent but then the phone is like "nope, sorry. if you're gonna be dumb you gotta be tough".
Sort of: if you hold the buttons on both sides of the phone for about three seconds, it will bring up the Power Off/SOS screen. You do not need to interact with that screen, just display it. Easy-peasy, you can do it with the phone in your pocket. Once that screen is displayed, it requires a passcode to unlock the phone. The courts have determined that the passcode is protected by the 5th Amendment, but biometrics are not.
https://arstechnica.com/tech-policy/2023/12/suspects-can-ref...
A solution that can seem like plausible deniability could be interesting.
My impression is deliberately doing this would be illegal. It would have to be convincingly deniable somehow.
Is there a way to do that?
You'd also have to rely on this unnamed other to force that particular finger, rather than the others...
E.x. if one had a "dead man's switch" phone that required a passkey every x minutes, and each time you did so it set the next threshold...
Which requires them to prove they know that device likely contains relevant information. Just being party to a court case doesn't mean you're forbidden from deleting anything ever again... like I said there are very specific rules for evidence, and one cannot begin to claim something relevant is destroyed if you can't even show that you had any idea what might have been destroyed in the first place.
Extreme example, imagine a stroke or head injury causing memory loss.
OTOH DNA/Face/Fingerprints, usually can't be 'forgotten'.
The 5th Amendment has been (so far) interpreted to only limit things that require conscious thought, such as remembering a password and speaking it or typing it.
And unlike a witness, you can legally lie and mislead officers.
> The warrant included a few stipulations limiting law enforcement personnel. Investigators were not authorized to ask Natanson details about what kind of biometric authentication she may have used on her devices.
The warrant said they couldn't demand she do those things, not that they couldn't ask.
Makes me question the rest of the reporting.
badc0ffee•1h ago
sturges•1h ago
doubletwoyou•1h ago
if i dont click those 5 presses fast enough it instead opens apple cash or whatever it’s called
i’m assuming that in a stressful situation it’d be much more consistent to hold down power and volume rather than clicking quickly
aftbit•50m ago
michaelmior•1h ago
ranger_danger•1h ago
rimunroe•1h ago
Maybe someone with more knowledge can chime in here.
fragmede•56m ago
retsl•25m ago
> Automatic Restart is a security mechanism in iOS 18.1 iPadOS 18.1 and or later that leverages the Secure Enclave to monitor device unlock events. If a device remains locked for a prolonged period, it automatically restarts, transitioning from an After First Unlock state to a Before First Unlock state. During the restart, the device purges sensitive security keys and transient data from memory.
https://help.apple.com/pdf/security/en_US/apple-platform-sec...
> [...] inactivity reboot triggers exactly after 3 days (72 hours). [...]
https://naehrdine.blogspot.com/2024/11/reverse-engineering-i...
GrapheneOS also has this (https://grapheneos.org/features#auto-reboot) with a default of 18 hours.
Maybe one could try to force restart (https://support.apple.com/en-gb/guide/iphone/iph8903c3ee6/io...) to quickly get to BFU. But I could imagine that it'd be hard to remember and then execute the right steps in a stressful situation.
gurjeet•1h ago