Experts split on whether police can use dead bodies to unlock an iPhone
Security and biometrics experts are said to be divided on the question of whether police — or the FBI — could have used the body of Sutherland Springs shooter Devin Kelley to unlock his rumored iPhone.
Nominally, the "liveness detection" features of Apple's Touch ID would have prevented that, Mashable noted on Wednesday. The company's fingerprint sensors use RF waves to test the skin underneath the outer layer, and are also capacitive, relying on an electrical charge living people generate.
"If the fingerprint technology is equipped with what is called liveness detection, or in professional terms 'Presentation Attack Detection,' it will with a high security reject false fingerprints," said Daniel Edlund of Precise Biometrics, a company making fingerprint authentication software. "It doesn't matter if it is a copy of a fingerprint, such as a rubber, silicon or plastic replication, or a dead finger."
A senior staff attorney for the Electronic Frontier Foundation's digital civil liberties group, Nate Cardozo, said that he understood Touch ID will work with dead body, but that Face ID on the iPhone X won't because of attention detection.
"Touch ID, definitely," added Phobos Group researcher Dan Tentler. "Face ID? Hard to say, you could probably get it done if you had the body, and were able to open the person's eyes. But then again, there was that one guy who shaved his beard and Face ID quit working, so it's hard to say."
UnifyID CEO John Whaley suggested that both Touch ID and Face ID could be bypassed with enough effort.
"It is certainly possible to authenticate with biometrics even without user consent, or the person even being alive," he remarked. "This is especially true if the factor they use is static, like a fingerprint or a face. One attempt to combat this is to use a liveness check, but even those are often easily spoofable."
A week ago, a report claimed that investigators failed to talk to Apple during a crucial 48-hour window before Touch ID demands a passcode to reinitialize. Instead Apple ended up reaching out after a press conference, by which time it was already too late. It's not yet known if the FBI has secured a warrant for Kelley's possible iCloud account.