It sounds like fpgaminer's argument is that biometric keys can't be compromised because of "liveness tests". An argument against would have to rebut this assumption.
My gut instinct tells me that this assumption is absurd, but I lack the specific knowledge of these systems to prove it.
> It sounds like fpgaminer's argument is that biometric keys can't be compromised because of "liveness tests".
You're arrested, and the cops hold the phone up to your face to unlock it. That's a pretty big compromise, and there's literally nothing you can do to prevent it.
The police holds up the phone, pointing towards the suspect:
Detective: "Is this yours?"
_Suspect glances in the direction indicated, phone unlocks._
Detective: "Nevermind, I got it from here."
-----
At least TouchID required physical assault to get you to unlock the phone. FaceID on the other hand can be defeated with perfectly legal attention grabbing techniques.
This doesn't seem to be a valid argument when discussing the police in the United States.
Without a warrant: No information taken from your phone by the police is admissible.
With a warrant: A judge can compel you to unlock any device with a biometric lock, regardless of what sort of biometric lock we are discussing. Fingerprint, iris scan, or face, it simply does not matter.
Warrants aren’t always required. Also, lack of a warrant just means the direct evidence they gather won’t be admissible, but it might lead them to new evidence. Also, it’s not just the police one needs worry about.
Even if an illegal search of your phone led to new evidence, in the US that new evidence would fall under a legal doctrine known as "fruit of a poisonous tree".
Fruit of the poisonous tree is a legal metaphor in the United States used to describe evidence that is obtained illegally.
For example, if a police officer conducted an unconstitutional search of a home and obtained a key to a train station locker, and evidence of a crime came from the locker, that evidence would most likely be excluded under the fruit of the poisonous tree legal doctrine.
Border agents operate under a different set of rules and have been searching mobile devices without a warrant or even probable cause.
However the ACLU and EFF have filed a new lawsuit challenging this behavior, now that the Supreme Court has ruled that the police cannot conduct warrantless searches of cell phones inside the US.
> Without a warrant: No information taken from your phone by the police is admissible.
Doesn't (or can't) law enforcement also use parallel construction (based on information obtained without a warrant)? I believe the point about what's admissible is not as clear cut as you state in a single sentence.
Well, that's usually not the case in the other 96% of the world.
And even there, would this stop a police force who routinely abuses, beats up, or even kills innocent people on the street for no or imagined provocation?
Keys and faces don't really matter. It's a 3-part test.
1. You are a government agent
2. You are on a quest for evidence
3. You are searching in a place where there exists a reasonable expectation of privacy
If all 3 of these are true, you need a warrant (at least in the US). Doesn't matter if the keys, or in this case your face, are right there. The fact that you locked your phone with something the cop doesn't normally have is enough to require a warrant.
Requiring a warrant seems like an action many cops could not care less about nevertheless.
For one, there are tons of loopholes, from border searches to "evidence of criminal activity" (dead easy to "prove" for a black/latino/poor person and have the court agree), and unless you can afford a good lawyer, good luck trying to prove your rights were violated:
Nobody's saying that home security is good. The point the parent was making is that, even with a "liveness test", compared to other biometric identification, this is a regression from fingerprint-based authentication for the iPhone.
Technically I could see FaceID being marginally more secure in one very specific edge case... If you are asleep. With TouchID, all that is needed is to push their finger to the phone. With FaceID, your eyes would need to be open (theoretically, let's see in practice).
Sure, for some people. I'd be surprised if you could unlock my phone with my hand without waking me up (light stomach sleeper).
Honestly, the easiest attack would just be to ask me about my dogs. 99.99% chance I'll unlock my phone, pull up pictures and show them to you (easy grab) or just hand you the phone and let you browse through them.
I’m a very heavy sleeper and a paranoid person, so unless I’m home (which I would be woken before you could get to my phone), I usually disable TouchID by rebooting (or now hitting power button repeatedly).
Keep in mind, you don't need to refuse to TouchID/FaceID forever, just for the timeout (which I do wish was configurable -- I think one hour is reasonable).
1. You're walking, with your phone in your pocket.
2. Suddenly, a cop accosts you. You don't have time to react.
3. They detain and restrain you (with handcuffs or otherwise)
4. They pat you down and find your phone
5. They hold up your phone to your face to unlock it
I know that people who've never been detained or interacted much with cops think that this is a completely unlikely situation, or easily avoidable, but I promise you it is not.
TouchID isn't great from a law enforcement perspective, but it's light years ahead of FaceID.
As someone who has been stopped/questioned/detained before domestically and internationally (as well as at border checkpoints) as well as mugged, I can assure you that touch vs look is pretty much the same (definitively not light years in difference). The solution is to be proactive. If you are going to walk down the street in an at risk area, you hit the power button five times. If you are about to go through a CBP checkpoint, then do the same. When you go to sleep, do the same (admittedly TouchID is more susceptible here than FaceID).
FaceID / TouchID are a "convenience" to be used when you are comfortable with your surroundings. Can you be caught off guard even when you are paranoid? Of course, nothing is ever guaranteed in life, except death and taxes as the saying goes!
> The solution is to be proactive. If you are going to walk down the street in an at risk area, you hit the power button five times. If you are about to go through a CBP checkpoint, then do the same.
You and I have incredibly different experiences of policing and detention if, for you, "be proactive when you're at-risk" is appreciably different from saying "don't use FaceID ever".
Or I guess our detection of risk differs. I have never been detained when I didn't have a "hair on my neck raise" with enough time to disable my phone.
If you are in such high risk situations continuously that "be proactive when you're at-risk" is appreciably the same as "don't use FaceID ever", then I say you are doing something very wrong and not just incidentally being stopped for a suspicion of possibly doing something wrong.
Either way, your experience is definitely not in the 99.9999% of the population which FaceID would be sufficiently safe if it proves to be as secure as Apple implies. For you, let's hope you aren't using a numeric pin code either!
Even for long alphanumeric passcodes, a pipe wrench has a 99.99% effectiveness in passcode discovery, given sufficiently bad actors. https://xkcd.com/538/
However, if police are willing and legally able to do that, then I think basically all phone security goes out the window anyway.
The biometric attacks being discussed here are ones that could quite plausibly be used against you in many/most districts in the US, and be totally legal for the police to use.
Please don’t link to XKCD, especially when it’s been already done multiple times in this thread. It is pretty much the lowest effort comment you can make besides maybe “+1”.
I heard in another comment in this thread it has focus detection, so you would have to look at the phone for it to unlock. Can not find any other source of this though.
It's in the marketing materials for the phone, was mentioned multiple times on stage during the introduction, and is in the introduction to the whitepaper that this entire HN thread is about. So yeah - a couple of sources are available...
> It requires you to look at the phone to unlock. Close your eyes or look away and it won't unlock.
Yeah, I'm going to say that this is an absolutely unrealistic expectation to have of someone who's just gotten detained and is concerned about having the contents of their phone viewed by law enforcement.
"Make sure that you don't open your eyes at any point in the direction where they might be holding your phone" is completely unactionable.
As is the assumption you won't be forced to touch your finger to the phone. I can assure you, if someone wants into your phone bad enough, they will break your fingers if thats what it takes.
My gut instinct tells me that this assumption is absurd, but I lack the specific knowledge of these systems to prove it.