Feds use the face of a suspect to unlock his Apple iPhone, and thus expose his criminal actions
The FBI has used the facial recognition security built into the Apple iPhone X against one of its owners, in order to help them in their investigation.
The iPhone X of course famously ditched the home button, which used to contain a fingerprint reader, and instead users can open their device using the TrueDepth camera via facial recognition.
But critics have long warned that facial recognition is a flawed technology to secure a device, and the FBI seems have exposed one of its major weaknesses.
Face ID is one of the headline features of the expensive iPhone X and is just one of the options that can be used to unlock the device.
To some the most secure method to safeguard a handset is the six digital passcode and/or biometric fingerprint, but many iPhone X users opt for the quick and easy facial recognition option (Face ID) for their handsets.
One person learned to his cost how that can be used against them, after Forbes reported on a case in the United States (Columbus, Ohio), where for the first time ever, the FBI forced an Apple iPhone X owner to unlock their device with their face.
The FBI had arrested a suspect, 28 year old Grant Michalski, whilst he was being investigated for child abuse.
The FBI obtained a search warrant and entered Michalski’s home on 10 August 10 as part of their investigation. Special agent David Knight then unlocked the suspect’s iPhone by holding up the handset to his face, as they did not have Michalski’s phone passcode.
This allowed the FBI investigator to delve into the contents of Michalski’s device, including his online chats and photos.
Unfortunately for Michalski, the unlocked handset provided a treasure trove of incriminating evidence, including Kik conversations that included a chat with an undercover officer posing as a father looking for sex with minors.
Michalski also apparently discussed abusing minors, and he was eventually charged with receiving and possessing child pornography.
The development is significant as it signifies a new front in the privacy battle between tech firms and law enforcement. In 2016 Apple famously refused to assist the FBI in unlocking the iPhone belonging to a dead terrorist.
And in the past, Apple iPhones that boasted fingerprint touch ID have been unlocked by police using the fingerprint of the dead owner.
It should also be noted that handsets secured by facial recognition technology do have the potential be abused by thieves. For example, a robber could confront iPhone X owners and force them to unlock their expensive phones to steal information or wipe it in order to sell the handset on the black market. There are also concerns abusive partners can exploit the technology to look through their spouses’ messages.
British police meanwhile have developed a low tech but highly effective strategy to deal with the problem of accessing vital data on locked smartphones.
Police detectives at Scotland Yard’s cybercrime unit in 2016 took down a fake credit card fraud racket by legally ‘mugging’ or ambushing the criminals while they were using their phones, in order to bypass smartphone encryption.
And last year a Vietnamese cybersecurity firm claimed to have tricked the facial recognition feature on the iPhone X using a 3D-printed mask.
Researchers at Bkav created the $150 mask, and they said it took them less than a week to spoof Face ID and say it was even easier than they expected with only half a face needed to create the mask.
It should be noted that Apple will disable the Face ID after five attempts, and force the user to enter a passcode, which should be secure.
Quiz: What do you know about Apple?