Roger Fingas
Security and biometrics experts are said to be divided on the question of whether police — or the FBI — could have used the body of Sutherland Springs shooter Devin Kelley to unlock his rumored iPhone.
Nominally, the "liveness detection" features of Apple's Touch ID would have prevented that, Mashable noted on Wednesday. The company's fingerprint sensors use RF waves to test the skin underneath the outer layer, and are also capacitive, relying on an electrical charge living people generate.
"If the fingerprint technology is equipped with what is called liveness detection, or in professional terms 'Presentation Attack Detection,' it will with a high security reject false fingerprints," said Daniel Edlund of Precise Biometrics, a company making fingerprint authentication software. "It doesn't matter if it is a copy of a fingerprint, such as a rubber, silicon or plastic replication, or a dead finger."
A senior staff attorney for the Electronic Frontier Foundation's digital civil liberties group, Nate Cardozo, said that he understood Touch ID will work with dead body, but that Face ID on the iPhone X won't because of attention detection.
"Touch ID, definitely," added Phobos Group researcher Dan Tentler. "Face ID? Hard to say, you could probably get it done if you had the body, and were able to open the person's eyes. But then again, there was that one guy who shaved his beard and Face ID quit working, so it's hard to say."
UnifyID CEO John Whaley suggested that both Touch ID and Face ID could be bypassed with enough effort.
"It is certainly possible to authenticate with biometrics even without user consent, or the person even being alive," he remarked. "This is especially true if the factor they use is static, like a fingerprint or a face. One attempt to combat this is to use a liveness check, but even those are often easily spoofable."
A week ago, a report claimed that investigators failed to talk to Apple during a crucial 48-hour window before Touch ID demands a passcode to reinitialize. Instead Apple ended up reaching out after a press conference, by which time it was already too late. It's not yet known if the FBI has secured a warrant for Kelley's possible iCloud account.
Oliver Haslam
William Gallagher
Christine McKee
Sponsored Content
Malcolm Owen
Andrew Orr
40 Comments
Well, I know for sure you can’t enter my passcode if I’m dead. If I’m a homocidal, suicidal maniac, about to kill myself after going on a shooting spree, I would hope the last though that goes through my mind isn’t, “Did I remember to turn off Touch ID?”
These articles always present biometric security as the one and only way to get into a phone once it is set.
#TwinGate #MomGate #DeadGate
Stupid FaceID has cause so many problems since release. /s
Hell. yes, use the dead body to unlock the phone. It’s not like they can do anything more to the guy...
I remember in the forums when Touch ID was NEW, it was sold as a solution to the rash of smartphone thefts (sometimes by aggravated robbery) which was happening everywhere. People started commenting that thieves would just cut off your finger to unlock your stolen phone. I guess they were busy trying to come up with ways Touch ID was stupid or annoying or wouldn't work, and Apple would be doomed. Now they all defend Touch ID and Face ID is the new doom.