this post was submitted on 28 Apr 2024

389 points (83.6% liked)

Technology

70998 readers

3321 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

389

Stop Using Your Face or Thumb to Unlock Your Phone (gizmodo.com)

submitted 1 year ago by [email protected] to c/[email protected]

244 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 46 points 1 year ago (14 children)

Terrible article. Even worse advice.

On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.

I suspect the same is true on Android.

Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.

With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.

If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.

[–] [email protected] 10 points 1 year ago (2 children)

Or they make a copy of your phone, alphanumeric password and all, and just sit on it for ten years until quantum computers make solving the password a piece of cake.

You should assume that any device confiscated by authorities will be copied and broken into eventually. Treat all data on said device as if it's already compromised.

load more comments (2 replies)

load more comments (13 replies)

[–] [email protected] 51 points 1 year ago (9 children)

FYI Androids have a feature for this. If you are ever forced to interact with a cop you can press the side button and volume up(might be different on other phones) to select lockdown which will force your phone to only be opened with the password. Its gross that we need this feature, but now you know.

[–] [email protected] 12 points 1 year ago

iPhones do this too. Hold the lock and volume down button until your phone buzzes, to get to the SOS/reboot screen. Once that screen is activated, it’ll disable biometrics until the passcode is entered.

You can even take photos/videos with the locked phone, and the recordings won’t be able to be deleted from your iCloud until the passcode is entered. Handy for recording cops. Cuz even if they take your phone and delete the recording, it’ll still sit in your “Recently Deleted” for 30 days. And while the phone is locked, they can’t access that Recently Deleted folder to permanently wipe it. So you can just access your iCloud account from any computer and recover the “deleted” footage.

[–] [email protected] 6 points 1 year ago (2 children)

Yeah, but I want a combo that force starts the feature. I want to pull out my phone and be able to blind start it, not stare at my screen to select the correct thing.

load more comments (2 replies)

[–] [email protected] 10 points 1 year ago (1 children)

iPhones also have this feature, for a long time now:

https://ios.gadgethacks.com/how-to/keep-law-enforcement-out-your-iphone-your-privacy-intact-0194999/

Rather irresponsible of the article to not point out these features on Android and iPhone. Did a cop or government official write that article?

load more comments (1 replies)

[–] [email protected] 7 points 1 year ago

It's good that they have this, but there are a lot of situations involving cops where it's not going to be safe to stick your hand in your pocket. I'll just leave the biometrics off on my devices.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Edit: Maybe:

You can instead hold the power button for 1 second to open the same menu. Feels easier to me.

[–] [email protected] 3 points 1 year ago (1 children)

Usually that just launches the Google Assistant on most new phones.

[–] [email protected] 1 points 1 year ago

Ah, I don't use that on my Pixel 7 Pro, so it gives the old menu.

load more comments (4 replies)

[–] [email protected] 1 points 1 year ago

I really think this depends largely on who you are and what you do with your phone. I have face recognition and fingerprint recognition both enabled on my phone. It's good enough to prevent a thief from gaining access to my device, and if law enforcement asked, there's nothing on my phone that could possibly be incriminating. Realistically, I'd have no issue just unlocking my phone and giving it to a police officer, although I do know well enough to always get a lawyer first. Biometrics add an extra layer of convenience; it's nice to just look at my phone and it unlocks. My concern personally is more about someone stealing my phone and accessing my accounts than self-incrimination.

If I ever was going to put myself in a situation where I'd run afoul of the authorities, I'd leave my phone at home anyway.

load more comments