iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 138
A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Re:"Baked into" (Score:5, Insightful)
"Baked into" implies it's non-removable and non-optional. "Included with" implies it's optional. The terms are discrete and worth using.
Re: (Score:2, Informative)
He does have a point though, tech world today is full of stupid, needless phrases that are meant to sound nice to investors and shareholders rather than actually describe something accurately.
We could say the mechanism is integrated, built-in, anything really. But no, let's use some appy-app appminology to appscribe apps and appctions a device comes pre-apped with.
Re: (Score:2)
Perhaps it should only be used for talking about hardware. Clearly it would be fitting in that context. You go inform the Internet. I'll wait here.
Re: (Score:2)
Re:"Baked into" (Score:4, Interesting)
Yep, I'm even older and can attest that the phrase was very common from before I was born. It used to be electronics jargon, and software adopted it later.
Re: (Score:2)
Honestly, with the baking of a PCB, I'd be curious as to what other term you'd use. You smear it with solder paste, put components on top of the paste, and put it into a big ass oven at 500 degrees or so for 15 minutes to melt the paste, then put it on a cooling rack so the solder can solidify. If that's not baking, then I don't know what is.
If you are doing reflow soldering at 500 deg. F for 15 minutes, you're going to be pulling out a charred, useless, potato-chip-looking specimen, unless most of that time was spent doing pre-heat and cooling profiles.
When we did prototype reflow in a toaster oven (with a temperature controller!) in our lab, IIRC, it generally took under 30 seconds at around 425 F to get a good flow of the solder-paste. Of course in our lab, we didn't use lead-free (RoHS) solder-paste, either. But still...
Re: (Score:2)
Many of the terms we use in computer technology comes from existing concepts. Just to name a few: application, file, virus, boot, handshake, cache, screen, menu, command, forum.
It doesn't matter that the words have a double meaning. It matters that they effectively communicate intent.
Re: (Score:1)
No, "baked into" implies the author is an arse.
Re: (Score:1)
No, "baked into" implies the author is an arse.
No.
COMPLAINING about the generally-accepted term "baked into" implies the POSTER is an arse.
Re: (Score:2)
Generally accepted by whom? Not anyone I work with. They just think its comical.
Re:"Baked into" (Score:5, Insightful)
"Integrated" would be a less colloquial term and clearer and more transparent to a diverse audience.
Re: (Score:1)
"Integrated" would be a less colloquial term and clearer and more transparent to a diverse audience.
Oh, FFS! Knock it off with the juvenile sophistry already!
Did you understand the intent of the term?
Then that is all that is required, unless we are talking about a "Scope of Work" or other contractual-type document, where every word must be clear and precise in its meaning. And if you want to do that, use German. It has a "one word, one meaning" aspect to its language.
In fact, I don't know the language; but if what I said above is actually accurate, I'm not sure you can actually make Puns in German at all
Re: (Score:2)
I had no issues with it... but bad English is a fairly universal language, and "baked into" would leave most non-Americans puzzled.
Re: (Score:2)
It's also an easier term to coin while massaging sage scented beard oil into your soul patch while cruising along on a hover-board discussing the profound implications of embracing the semi-popular ideas..
But remember, hover-boards should not be used while consuming locally sourced craft beers!
Or using your iPhone to control them!
https://www.tomsguide.com/us/a... [tomsguide.com]
Re: (Score:3, Insightful)
I wasn't aware that the standard well-understood phrase "baked in", that has been around far longer than I have been alive and doesn't come from cooking, is now "cool" and "hipster".
Maybe it's time to stop worrying about hipsters hiding under your bed.
Re: (Score:2, Funny)
Hiding under the bed is so mainstream. Hipsters hide in your pillowcase.
Re: (Score:2)
Imagine a birthday cake. You might make it with eggs, and sugar, and flour, a bit of oil and such. These ingredients all get BAKED IN and cannot be removed no matter how hard you try, you'll have to make a new cake from scratch to change their presence.
On top of the cake you put some candles. These candles are INCLUDED WITH the cake and can be removed at your leisure. Same with the frosting, you can scrape that off if you're careful, so it's included, not baked in..
Re: (Score:1)
I think the battle is lost as much as I'm on your side.
As for the arguments here that it's a distinction from "included" other terminology is available. If "baked-into" is supposedly mandatory but some exploit is found to remove or bypass it then what does it become?
Perhaps the best way to win this war is just to invite more stupid terminology. Let's not upgrade, let's "level up" our hardware and installation. Let's not have "Pro" as a suffix but "Boss", etc.
Re: (Score:2)
I just thought the guy who added it was high at the time, we are about to get "High" Sierra from them. I can't think of how many times the subway "artist" baked my sandwich while totally baked, most recently after I was out in the sun too long and my skin was totally baked.
I see you (Score:2)
Ain't it grand that with the 8, all someone will have to do is shove the phone in your face.
Re: (Score:1)
If that rumoured feature is there, then pretty obviously it would be programmed to also deactivate after the 5 presses on the home button.
Re: (Score:2)
The cops can also start breaking your fingers one by one until you reveal the passcode. "Yes your honor, he came with his fingers stuck when we closed the door, a stupid accident".
Re: Not in the UK (Score:4, Interesting)
I know this probably sounds difficult to believe, but it's actually true. [telegraph.co.uk]
Officers have become increasingly frustrated with criminals who refuse to hand over the passwords for their encrypted mobiles, denying them access to vital information.
But the Metropolitan police have come up with a novel solution, by snatching an iPhone from a suspect on the street before he had a chance to lock it.
Officers investigating a credit card racket realised that crucial evidence was stored on the phone of suspect Gabriel Yew, 45, that would be inaccessible without his password.
To get round the problem covert officers from Operation Falcon, the Met police team that investigates major fraud, seized the mobile from Yew's hand as he took a call in the street. They then tapped the screen to prevent it from locking while the evidence was being downloaded.
Re: (Score:1)
Re:Not in the UK (Score:5, Informative)
You'll be held in contempt until you provide it.
Re: (Score:2)
If you ran a program that encrypted a portion of your computer's hard drive without giving you the unlock code there is no way you could know the code to give to the police. But under UK law you can be held in Contempt of Court and jailed indefinitely for not handing over when asked the code you don't know. And in these days of crypto ransomware running w
Re: (Score:2)
Then you get a free treatment against memory loss. After being hung at your toes upside down for a day you might suddenly remember it.
Re: (Score:2)
I know you put it in quotes to indicate lying about forgetting it, but since it cannot be proven that you are lying about forgetting it, it doesn't really matter.
Re: (Score:2)
It's a shame that people assume that people reference the US as if its laws apply everywhere.
Unfortunately, US laws ARE enforced all over the world.
Re: (Score:2)
In the UK you can be compelled to hand over your passcode too.
Not by the police, you cannot. That takes a magistrate's order.
Re: (Score:2)
It's a shame that people assume that people reference the US as if its laws apply everywhere.
In the UK you can be compelled to hand over your passcode too.
You can in the US too.
what i find surprising (Score:4, Insightful)
is that unlocking your phone with a password is considered different from using a fingerprint according to the law/police.
Re: (Score:2)
Re: what i find surprising (Score:5, Informative)
The difference is that the cops are already going to physically take your hand , stick it in ink, and force it onto paper if they have arrested you. They're going to go through your possessions and if they find keys, can try them on locks they also find on you.
They can't make you say anything though. In fact, they will specifically advise you of your right NOT to talk.
This is one of the reasons why biometrics make terrible single-factor authentication. If not for yubikey or smartcard as 2fa, I wouldn't use finger print on my laptop. Biometrics are better replacements for usernames than passwords, imo, especially given the limited ability to change most of them, and the fact that anyone who is in physical possession of both you and the device doesn't need your cooperation.
Re: (Score:2)
There's also the plausible deniability factor. "Gee, officer, you've got me so flustered, I can't remember the password."
Re: (Score:2)
That works with police. It doesn't work with the courts, apparently.
Re: (Score:2)
From what I know (and it may be obsolete) it hadn't shaken out fully in the courts yet.
Re: (Score:1)
There's also the plausible deniability factor. "Gee, officer, you've got me so flustered, I can't remember the password."
Just a side note, but it is generally accepted in law that lying to a law enforcement officer or a judge is in and of itself a crime.
Yes such a thing can be quite difficult to prove in an acceptable way, but why take that risk when you don't need to?
If you lie about not remembering the password, if it later can at all be shown that isn't at all likely to have been possible, you'll either get in more trouble than before, or possibly get in trouble where you wouldn't have otherwise.
If you simply respond that
Re: (Score:2)
They can make you use your fingers, but you don't have to tell them which finger is the right one. Unfortunately, it doesn't look like you can force the iPhone to only accept one attempt before requiring a passcode, so they've got multiple tries at guessing which one is the correct one.
Re:what i find surprising (Score:4, Informative)
what is the difference if the police ask you to unlock your phone and you refuse?
It's similar to the distinction we make in cryptography between what you know and what you have.
Generally speaking, what you know is protected by the 5th Amendment. They cannot compel you to testify against yourself. What you have is not protected by the 5th Amendment. It's material evidence that can be used against you in a court of law.
Provided they have a valid warrant, the police still need a means to execute a search that doesn't rely on compelling you to share something you know. For years, that meant they had nothing they could ask us for, since all we had were passcodes, and they couldn't compel us to turn those over (which led to the false belief that they couldn't compel us to turn over anything at all that would allow access). But the police have the right to collect material evidence, such as a fingerprint, and use it in the pursuit of their investigation. And they have a right to access the contents of the phone. If it just so happens that your device is locked by something material, that's a shame for you, but it's not testimony: it's simply evidence that can be used against you. It's no different than having a key on you that can open a safe.
And really, when you think about it, this all makes sense. If the police weren't allowed to use material evidence that you were forced to provide against your will, we'd find ourselves in a bizarre world where pretty much any material evidence collected from a defendant (e.g. DNA, fingerprint, blood, etc.) would be inadmissible. After all, who would consent to "testifying against themselves" by allowing a DNA sample or fingerprint to be collected that could place them at the scene of the crime? In fact, it'd be so far reaching that we wouldn't even be able to seat the defendant in the courtroom against their will, since the jury may recognize that the person in the security footage is the same as the person sitting at the defendant's table, or an eyewitness may be able to point at them to confirm that they are the same person. They would, effectively, be "testifying against themselves" by being forced to provide something they have—their physical appearance—that can be used against them.
Thankfully, this is a case where common sense won out in the courts, since the courts have repeatedly held that material evidence is not testimonial in nature, and thus is not protected so far as the 5th is concerned. In fact, most of those examples I just gave are ones that the Supreme Court or appellate courts have mentioned in the major cases addressing the topic of what is or isn't covered by the 5th (usual disclaimer: IANAL).
All of which is to say, the courts have made a pretty clear distinction between testimonial and material evidence. Passcodes are protected under the 5th because they're testimonial in nature, whereas biometrics are protected solely under the 4th because they are material in nature. You can use either method to lock your phone, but the 4th is a significantly weaker form of legal protection than the 5th, so which you choose to use will come down to how you balance security and convenience.
Re: (Score:2)
The Netherlands for example.
Re:what i find surprising (Score:5, Insightful)
A fingerprint is physical, like a key. The taking of fingerprints does not fall within the category of either communication or testimony so as to be protected by the Fifth Amendment privilege. United States v. Wade, supra.
A PIN is knowledge, and protected.
Re: (Score:2)
Touch ID is orientation-agnostic. Check it out.
Re: (Score:2)
Most people do not have an effectively unlimited number of fingers, and hence it's possible for the police to try all of them.
Re: (Score:2)
At least on my phone 4 failed fingerprint authentication attempts and the phone requires the passphrase to unlock.
So if you have only 1 finger enrolled and it's not a common one the police only have a 40% change of brute forcing the fingerprint authentication. (Less if you can deliberately choose some wrong fingers)
Still that's more just a hope they might not get in. (And most people
Re: (Score:2)
That's the US legal system for you. Obtaining textual type information - words, letters, numbers - is considered a form of speech, even when written. Law enforcement cannot coerce speech out of a person, spoken or written. Physical evidence and physical searches are allowed, and apparently courts are allowing the use of biometrics to access things fall into that category. At least for now until higher courts rule on this and provide proper guidance.
Re: (Score:2)
This is going to get really bad if/when we get the tech to meaningfully read minds.
"You have the right to remain silent, but there's no point because we'll just read what you're thinking straight out of your brain, which is a physical object that we can look at as much as we want."
I'd hope that's obviously crazy, but as you say... US legal system.
Re: (Score:2)
From a legal perspective, there is not much difference. The law can compel you to provide a fingerprint or password. The difference is that they can physically force you to provide a fingerprint by simply manhandling you. For a password, there is no way for them to force you to provide it.
It does not mean you cannot be put in jail for failing to provide the password, but providing the information is always 100% voluntary.
If it exists in the physical world, the law can force you to provide it.
The English language (Score:3)
The Russian tourist asks a British cop: Sir, can I? - Cop: Yes, you can!
No, Sir, I mean, may I? No, you may not.
The cops MAY NOT force you to hand over your passcode, but they CAN.
what I'd like to see (Score:2)
Simple PIN unlock (not just finger print as an easy option, something that works right out of the shower) and long password to unencrypt for booting.
I have android, but the if I want a secure phone (long boot password), my only easy unlock option is the fingerprint, which doesn't work with touch screen gloves, and doesn't work with post shower fingers.
Then, make the five button click reboot rather than disable touch.
Re: (Score:2)
Hmm, every Android phone I've had, out of the box, has a simple passcode unlock (or pattern unlock) available if you want it.
If you're willing to root, it's pretty easy to set up the device to be encrypted and require a password in order to boot. Even without rooting, install Tasker and you can set up any special button sequence you want and make it perform pretty much any action you want, including shutting down or rebooting.
Re: what I'd like to see (Score:1)
Do they allow password boot and pin unlock?
Every android device post encryption I've used couldn't do that (pretty encryption it's irrelevant, I don't recall).
Re: (Score:2)
If rooted, yes. You can make it behave however you like. I don't know about stock Android behavior on this point, though.
Re: (Score:1)
OK, I just checked.
I can do PIN, Password, Swipe to boot, and then pair either of them with fingerprint optionally for unlocking.
I'd like to do Password to boot, then PIN, or Finger to unlock.
Finger print fails to work often enough that it's pretty useful as an only unlock method (and if my password is a long password entered rarely, it effectively is not an option for normal use).
Re: (Score:1)
Effectively, PIN and pattern are useless for boot security as I understand it.
oblig. xkcd (Score:5, Funny)
https://www.xkcd.com/538/ [xkcd.com]
Officer... (Score:1)
Officer learns about new feature of iOS 11
Officer sees you tap iphone quickly five times
Officer arrests you for terrorism offences
Re: (Score:2)
Muggers might have even less restrictions about forcing the passcode out of you than cops.
And you get charged with obstruction if you resist (Score:3)
Re: (Score:2)
I'm not saying it will pass legal muster. Prosecutors use the pain of the process to wear down defendants. You will be vindicated in the end but be out thousands of dollars in attorney's fees and time spent incarcerated.
You don't get it. When a cop arrests you, he can take a look at your personal possessions. Mostly to make sure you don't carry knifes, guns, spray cans, anything dangerous. Looking at your personal possessions includes your unlocked phone. And it includes putting your finger on the finger print scanner of your locked phone. That's prevented. And in that situation, you cannot be forced to reveal a passcode or use it to unlock your phone.
What you are talking about is cops with warrants, or being in court.
Be careful with this (Score:2)
A lot of comments on the 5th amendment here, buy taking proactive action to prevent access to evidence would likely be seen as obstruction of justice. Basically, if it is reasonable to a judge that knew an investigation was about to happen and you do something like this, it is no different than wiping your hard drive or burning your flash paper. It would be best not to use touch id at all.
Biometric security isn't. (Score:2)
Don't bother (Score:1)
Excellent! (Score:2)
There is some hope for the Fourth and Fifth Amendments!
Not that Apple actually intended this. I would not be surprised if this feature goes away. Soon.
So it's an accidental feature? How doe that work? (Score:3)
What's new? (Score:3)
I used an option in Settings to disable the fingerprint scanning on my phone quite some time ago. If the idea is that you set your phone up in advance, that's nothing new. If the idea is that you can quickly do it when being arrested, that's legally risky.
Re: (Score:2)
Not to mention highly unreliable. You have to be able to perform the action, if the cop handcuffs you and then removes the phone from your pocket, how are you going to tap the button 5 times? And yes, cops are likely to do it in that order, they don't want to give you the opportunity to go for a weapon.
So I'm really not sure what this brings to the table. If you have access to your device to do this, you could have simply long-pressed the power button to reboot the phone and force a password instead.
Re: (Score:2)
The thi
Re: (Score:2)
By the time you see the cop, they often have a gun pointed at you and are telling you not to move. reaching for your phone at that time would be a very bad idea. And if you CAN press the power button rapidly 5 times, why can you not also simply long press it once? That reboots the phone causing it to also require a password.
Not sure how long that will stand up (Score:3)
Usually, the high-profile "phone unlocking" cases you hear of lately are terrorism or drug-related. Your average iPhone owner is most likely looking to protect his contact list, evidence of dealings, etc. than planning an attack. I'd say Apple aimed this feature squarely at their core demographic -- affluent Millenials:
- Locking up your phone when high/drunk prevents people from using your fingerprint without your knowledge to get access to the phone
- If you're stopped for a minor offense (traffic stop, DWI, etc.) it could prevent the police from finding anything else to make your situation worse if they are suspicious
- Almost all non-violent interactions with the police involve traffic issues or drugs. If a cop catches you in possession of a small amount of drugs, they may or may not be more willing to just let you go if they have to go through a whole search warrant process, take you in and fill out paperwork to see what's on your phone.
What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS) and the phone instantly wiped itself by shorting out the flash memory and destroying itself. You wouldn't have your $1000 computer in your pocket anymore, but you'd have to decide if that was worth less than the evidence the police could have obtained.
I guarantee this is going to get challenged in court to sort it out. 200+ years ago, and even in the Miranda era, no one was carrying a device capable of storing every personal detail of their lives in their pocket. The best you'd ever get is a drug dealer's notebook with their contacts. Phones are interesting in that they're extensions of the people who carry them.
Re: (Score:2)
What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS) and the phone instantly wiped itself by shorting out the flash memory and destroying itself. You wouldn't have your $1000 computer in your pocket anymore, but you'd have to decide if that was worth less than the evidence the police could have obtained.
That could be possible proof that you destroyed evidence though. I think I'd rather see something like multiple passcodes combined with a way to mark files or features as "special encrypted". One pass code unlocks everything while another unlocks everything but the specially marked items. Of course, such a system would have to obfuscate that there are multiple passcodes and encrypted items while also no overwriting the protected spaces while not fully unlocked.
Re: (Score:2)
What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS)
Just saying... Three long, three short, three long is "OSO", not "SOS".
Phones need a compromised feature (Score:2)
Not just "Emergency SOS" (Score:2)
Re: (Score:2)
I thought about this, and when the phone is "cop locked" it shouldn't be totally locked down.
Actually, a locked iPhone _can_ do certain things, like calling emergency services, taking photos (and deleting photos taken while locked), and some other things.
Re: (Score:2)
For the uber-paranoid (Score:2)
They should offer a 2 factor option of PIN and fingerprint.
Faceless ? (Score:1)
Re: (Score:2)
Re: (Score:2)
... if there's a secret button combo that reactivates Touch ID if it's been deactivated in this manner, but a combo that Apple only provides to law enforcement and other Government organizations.
If you're going to add a backdoor why not have one that just unlocks the phone without having to involve its original owner. That is, a backdoor that can be used without creating a witness who now knows about it!
Re: (Score:2)
hammer?
I can't believe the ridiculous placement of the fingerprint sensor on the recent Samsung phones, it's like they thought to themselves "where's the worst possible place for the fingerprint scanner? Let's put it there!"
But then again, that describes basically every single design decision from Samsung since the end of the Note 4.
Re: (Score:2)
how do I rapidly disable it on this device?
The easy way is to long press the power button. That will re-boot the device causing it to require the password.