90 comments

[ 2.9 ms ] story [ 144 ms ] thread
This title is so misleading... It makes it sound like this is a button for cops to get into a phone, but it's really a button you press to turn off Touch ID until a password is entered.
We've removed ‘cop button’ from the title, which is ridiculous.
> With fears over access to devices at border control points around the world, this quick trick will at least prevent Touch ID from being used until a passcode is entered.

This won't help much at borders. Customs will require you to unlock the phone before you can enter the country (or just refuse to allow you to bring the phone, if you're a citizen).

Just an idea, if you're really afraid of customs checking your phone, couldn't you bring 2 phones, and hide your real phone deep in your luggage, and bring a moderately used/old smartphone with you? I feel like customs only wants to see a phone, and as long as you present them what they want to see...
Consider that if they discover this, then you look much more suspicious, and you're going to have a harder time explaining yourself.
better yet just bring one phone, wipe it to factory settings before the flight, when you land log into dropbox and restore from backup. No hiding phones (makes it look really suspicious) and easy to comply with their requests.
I too, love handing all of the contents of my phone to Apple.
That’s nice. What does that have to do with the comment to which you replied? Your comment sounds like something an Apple fanboy would say, who’s just looking for an excuse to inject the name of their favorite company.
Uhh, he is bashing Apple...I guess because he assumes iCloud backup is the only way to backup an iPhone?

You can back up an iPhone locally with iTunes. Unless you are afraid they will go through your laptop to find your phone backup.

Uhh, he is bashing Apple...

Sure, that much is obvious. The question is, why even bring it up unless supporting a narrative that no one asked about? There's no mention of Apple in the replied-to comment.

iTunes backup doesn't really fit with the scenario that is being discussed, which is making sure agents don't get access to your information during customs. If you back up to your computer, then they can demand your computer password. If you don't bring your computer, then you can't restore from the backup upon exiting customs.
That's why I said Dropbox, you don't need your own laptop with you.
FWIW, you can encrypt iDevice backups (on your computer) with a password too.
While it's more effort than I'd be prepared to go to, there is nothing stopping you storing the encrypted backup of your iPhone on the server/service of your choice, then pulling from said server location to restore via iTunes upon arrival.

You don't need to keep the encrypted backup stored locally on the laptop you take with you through customs.

Customs is likely to consider "I wiped my phone, so there's nothing on it" suspicious too.
If you're a US citizen it doesn't matter, they won't bar you from entering just because you choose to cross with a factory-reset phone.

If you're not a citizen, then I have no idea. I've seen people claim they'll block you from entering the US if you do this, but I'm pretty sure that's just speculation.

The only solution for a non-US citizen is to simply not travel to the US. This is far less of a loss than it seems to many; it's a large and fascinating world out there and there's many other wonderful places to visit instead.
On an iPhone you wouldn't have to use DropBox. Just backup to iCloud.
I'd much rather enter without my phone than allowing them to search it, so I'd say it helps a lot for certain cases.
Am I missing something? Admittedly I have not traveled much internationally, but I don't remember customs ever asking me to unlock my phone.. I have only traveled to and from Europe though. So maybe it's different in the US?
It's not normal, but it can happen if they decide to give you special attention.
What's the country? I heard there are several.
Is there any country that would say: Oh, you refuse to unlock the phone? Ok, carry on. Have a nice visit.
As a visitor, maybe not. But as a resident, sure.
(comment deleted)
The article title is suspiciously ambiguous. It's almost as if they _wanted_ to encourage outrage and motivate people to click through...
> The new iOS 11 feature is even more relevant when you consider that Apple is expected to introduce face unlocking with the next iPhone.

I read that as "fake unlocking".

Which would be a really cool option: a cop or TSA tries to unlock your phone but gets instead a sandboxed environment which makes them think they actually unlocked the phone.

That would be nice, something like user accounts. Would be useful not just for this. You have one iPad for the family? You probably don't care about those games for 2 years old when you are using the phone yourself - just switch to your account which doesn't contain these apps!

Unless that's already a thing I'm not aware (now using Android)?

It is already a thing on Android.
>Which would be a really cool option: a cop or TSA tries to unlock your phone but gets instead a sandboxed environment which makes them think they actually unlocked the phone.

after a few months of that being popular, TSA will institute a policy where the agent will ask a standard question of "are you using a decoy account or otherwise trying to hide the true contents of your phone" every time they inspect a phone. answer yes, they ask for the real account, answer no, and you committed a felony by lying.

But if you refuse to answer, that's a 5th amendment right
Your 5th amendment right not to incriminate yourself of course. But that doesn't mean the TSA have to let you fly. They would just turn you away for not cooperating. Just like they would turn you away if you said they couldn't search your bag because of your 4th amendment right to not be searched without probable cause.
as a European, I don't think we get that protection. In this instance its the first plane home
(comment deleted)
What is the definition of "true contents"? The sandboxed environment is a real environment. Its contents are true. Not sure you can easily construct a question that makes you guilty of perjury.
I wouldn't trust my freedom on judges accepting that argument.
I guess this is better then nothing as a quick fix, a very mild improvement over simply shutting off/rebooting the phone. But Apple has the elements in place for much, much more effective methods such as a touch-based coercion code system. While in current stock iOS any finger registered with Touch ID is equivalent from a user's perspective, internally all of them are registered as separate events. Via jailbreaking it has therefore been possible to have different actions triggered by different fingers, which allowed a normal Touch ID action to additionally run any script, reboot the phone, or even wipe the phone, with zero apparent trigger by the user.

Now that jailbreaking is mostly dead that's no longer an option, but Apple could of course implement this even better, with both Touch ID and actual alternative passcode options. Apple could offer not merely disable/wipe options, but more transparent hiding (via encryption) of apps and data a user deems sensitive. This is one area where the extremely heavily sandboxed nature of iOS and hardware key system offers a significant potential advantage not merely to infosec but to opsec as well. It is far more feasible to hide sensitive data without leaving fingerprints or shadows in other apps or the system itself. Temporal and geographic location conditions could also be taken into account as possible triggers in intuitive and user friendly ways. Of course, if bandwidth is known to be sufficient on each end of a trip, a "high risk area transit mode" that completely clears the device of all data except user-designated travel essentials (wallet, ticket information and such) could be another option. If WiFi sync/restore was fixed to be more reliable then users and organizations could even do that themselves via VPN back to their own core systems.

At any rate I hope Apple gets more aggressive here, the potential is exciting and they're in a real position to do a lot of good for personal privacy, and critically in a way that's highly accessible to even non-technical users. This isn't even remotely just about corrupt or overbearing law enforcement either, in many parts of the world "high risk" applies to a lot of other trips where one might encounter criminal elements. Just as one wouldn't carry tens of thousands in cash through those areas or even debit cards with access to the same, carrying any other device that's a close equivalent is a bad idea, yet a smartphone is also a powerful safety and communication tool at the same time. If effectively it can use temporal, geographic and user-memory stored conditions to change itself on the fly that'd be great.

There is an option in iOS to allow you to use TouchID after you've logged into your phone (so authenticating inside of apps, or using TouchID for the app store) but to disable TouchID logging into your phone (so you're forced to use the passcode). I've had this on since I discovered it and have been happy.

My concern around something like the what the article mentions (and the other methods like force restarting your phone (I am not a lawyer so might not be an actual concern)) would be any charges of destruction of evidence (https://www.law.cornell.edu/uscode/text/18/1519) or otherwise getting caught up in a law where they could use the fact that you purposely disabled TouchID on your phone after you have been caught or something.

There's no destruction of evidence though, they just can't access it without getting the password from you. Which is pretty much the same thing as when they'd need you to unlock your computer etc. If you throw your phone on the ground, drive over it with a truck and set it on fire, sure. But all you're doing here is ensuring they can't grab your fingerprints and unlock the device against your will and without a warrant.
"Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both."

Just because it's not destruction of evidence doesn't mean you can't go to jail for making the evidence hard to get at.

Exactly - reminds me of the person who is being held indefinitely due to not giving up the encrypted hard drive password.

https://arstechnica.com/tech-policy/2017/03/man-jailed-indef...

There is an important difference in this case from other cases like this. The police argue that they already know what's on the hard drive:

>Forensic examination also disclosed that Doe [Rawls] had downloaded thousands of files known by their "hash" values to be child pornography. The files, however, were not on the Mac Pro, but instead had been stored on the encrypted external hard drives.

Combine this with the witness statement (defendant's sister said he showed her CP) and this becomes a little bit more unique than just not procuring a password.

> The police argue that they already know what's on the hard drive

Then send it to trial and let a jury decide if the evidence is compelling enough to convict.

What they're doing now is just indefinite detention.

I'm not a lawyer and I don't know much about contempt works. Indefinite detention sounds bad but I don't know how else it would be handled or if this is actually that unusual of a case besides the cryptographic aspect.

I am all for due process and fair treatment but this is also a bit of a tangent from the original topic.

(comment deleted)
I don't think requiring a warrant before providing the evidence is the same thing as impeding an investigation. You may as well claim that demanding a warrant before allowing police into your house is "destruction of evidence".
Never said you couldn't go to jail for it, just not for destruction of evidence. You also have to account for the 5th Amendment and the right against self-incrimination. This thing is a lot more complicated than quoting choice excerpts from Title 18.

Aside from that, Title 18 doesn't apply to just any situation. Not unlocking your phone when the border patrol asks you for it is not a crime against the United States. They can make your life difficult, deny you entry and send you back, but that's a different matter.

As to within the US I'm not sure, but to the best of my knowledge they have to present you with a warrant.

https://www.aclu.org/know-your-rights/what-do-when-encounter...

>any record, document, or tangible object

Many of us here are programmers, so we might be mislead by 'record' or 'document', but this is not talking about software configuration, but tangible objects. Faking bank statements, shredding accounting records, and the like.

For similar reasons to the situation where you can't be compelled to give up a password (a record in the IT sense, but not in this sense), I think it'd be a very hard sell to classify this in this sense.

Obligatory: IANAL.

You can be compelled to give up passwords.
Depends. In the UK, yes, in then US I don't know, but in germany you can't. And it cannot be held against you.
"or tangible document", not "or other tangible documents" which would imply the "records" and "documents" had to be tangible, which they do not.

Files are regularly referred to as documents and all manner of data are referred to as "records", as a programmer. So if I deliberately made it harder for authorities to get into my browser history on my phone I'd possibly be guilty of "concealing" "records" which may have been relevant.

While its great that Apple continues to focus on users, realistically what percentage of the user base even requires this feature? Okay sure, maybe this is just whining about stuff I don't personally care about. But, if you have a finite development budget, why not focus even more on trimming the OS so it doesn't slow down after every update, or tracking edge case bugs (which are rare, but when they do occur, their impact is very high) like the music library disappearing from the phone(I was affected by this bug twice) at a seemingly random time.
I would be willing to bet that Touch ID, OS optimization, and iTunes are managed by separate teams.
On Android, you can do the same by running Google's Find My Device app and locking the phone. It will then require a password/passcode to unlock. It feels a bit funny to lock the very device you are holding in your hands, but it's simple and effective.
Find my iPhone works the same way. You can put a device in "Lost Mode" and it will lock the device, enable low power mode, and disable TouchID.

The problem is, once you're device is sized I'm fairly certain it's standard operating procedure to put the phone in a faraday cage or airplane mode, rendering remote activation of this feature useless.

I meant that you do it on the device itself, not remotely. The article is about temporarily disabling fingerprint unlocking and that's what you can achieve with the Android app (does Apple's let you lock the device you're holding in your hands? It might have a sanity check that only allows you to do it with your other devices).

The alternative would be to remove manually all your fingerprints, then readd them later.

You can do this with Find My iPhone too. The issue in question, though, makes both of those useless as you'd need to unlock the phone, open the app, navigate to the device in question, and then lock it. If you're in the presence of an attacker or other intruding force, it's doubtful they would let you continue use of your phone in that manner. Tapping the power button can be done subtly and quickly enough to still make it useful.
Finally. I can't believe it's taken this long.

I can't be the only one who thought this would be an obvious, and increasingly needed, feature.

Hope Google steps up, with Android. And that it is a feature that manufacturers and carriers cannot bury nor turn off.

If you want to disable touch ID on the fly as is today (iOS 10), just use a finger that it doesn't recognize a couple of times in a row and then "Oops it wants my full passcode now"
I just tried this. On iOS 11 on my iPad, putting the wrong finger three times in a row prompts for a passcode, but, you can hit cancel and then use a correct finger and it will still unlock. So I don’t know if that helps you because it doesn’t require a password after three incorrect tries, just prompts you for one.
Five incorrect/bad fingerprint reads will require passcode.
On 08/05/17 I was kidnapped at gun point and at one point forced to turn over my iPhone and on two occasions had to provide the gunman my passcode.

I learned about tapping the power button 5x's but still don't know what would have occurred and if such a function would have endangered by life (I believe it triggers a emergency services call, but that could have tipped off the gunman if he heard an voice asking "911, what's your emergency?" From the phone). So I believe the following would have been useful: an alternate passcode that would have unknowingly triggered my location and activated the mic to emergency services without the gunman being aware.

wow, glad you are ok. could you please elaborate? Do you live in the States? Would you mind talking about why you were kidnapped and what preventative measures you will take going forward? I am involved in cryptocurrency and worry about this quite a bit but luckily I live where citizens can concealed carry so that at gives me a fighting chance.
Not the same poster but I was robbed last year (but not kidnapped...) and something similar happened. They told me to unlock the phone, then kept me there while they ran a factory reset on it. They had zero interest in my personal data -- they just wanted to sell the phone.
My kidnapper used my phone to find an ATM/my bank (maybe other reasons too), and you couldn't make this up but Apple Maps gave him a bank location like 20 miles away and I got my phone back by telling the frustrated attacker I would find a closer bank, it was shortly after getting my phone that I made my escape.
(comment deleted)
I live in Miami, FL (multiple time murder capital of the world) but was on my way to a family timeshare/small beach town. This occurred in broad daylight at a gas station and perhaps ironically ended in Fort Pierce, FL (8th safest city in the US, according to one publication) after being forced to drive the attacker at gunpoint.

After plenty of time to contemplate what action I would take (sorry can not discuss my mental state further) I ultimately opened my driver door and jumped/fell out while my car was in gear. The attacker managed to get into the driver seat and flee.

Good news, my wi-fi only iPad was in the car and I got a location the next morning, unfortunately I had to drive into a housing projects and verify both my car and gunman before police went out and made the arrest. Another irony is the police wouldn't get a warrant to get my iPad from the (last) known location or even search for the gun (defendant didn't have it on him at time of the arrest).

Truely the most horrific thing was actually the first sergeant on the scene responding to my 911 call and the first words out of his mouth were "cut the crap." Luckily the entire department was outfitted with body cams in June due to prior police misconduct and recommendations from a grand jury, again 8th safest city in the US. I have already made my public record request for the video.

I'm not into guns, nor will I turn to one now, but that may change. It's possible a gun would have only got me shot or in hindsight worse with the police response (not all the responding officers responded similarly). I guess I'm considering a dashcam for my car, I'm not sure that would have helped prevent anything, but it's possible it may have deterred the attacker.

I don't want to detract from your story, but just want to point out that you may be misremembering what you've read about Miami. It was dangerous in the 80s, but is pretty safe today. And while it may have been the murder capitol of the US decades ago, I seriously doubt it was ever the murder capitol of the world.

I think the takeaway is that even safe locations require personal vigilance.

(comment deleted)
(comment deleted)
I'd also like to not detract from your story but i'd like to weigh in on people's perspective of Miami. As @ryanwaggoner put it, Miami was most likely the murder capital of the world by certain studies and reports but this has changed so much since the 80's/early 90's. I speak from experience as a Miami resident for over 28 years. I have lived in the most atrocious neighborhoods growing up and attended some notorious schools. Nowadays, these neighborhoods have changed dramatically for the better, although some areas still remain unsafe to roam (sometimes but not entire of Liberty City, Overtown, Carol City) - but by all means Miami has improved so much. Never did I experience what you went thru and I feel sorry you experienced it and that it makes you feel unsafe - I do wish this never happens again to you nor anyone else. Just so you know, I am from the worlds' 3rd murder capital of the world, San Pedro Sula (Honduras), and I would happily live in any part of Miami you put me in (no matter the stories anyone hears) than rather go back to my native city/country from which I have a very high chance of being killed any day.
I think my statement was clearly a historical point about the city, look at my verbiage. Also, I was born and raised in Miami and have lived here longer than you, including the years Miami was murder capital of the US, yes I wrongly said the world.

The idea of Miami being safe is relative, even today, because it still has the highest murder rate in Florida. Moreover, most killings in Miami are not random like the kidnapping that occurred to me, no matter where I go or have ever went in Miami I have always felt safe because even in the worst neighborhoods no one wants a random murder which will bring police unlike say a car burglary because that's bad for business. So for example last night by myself I drove through overtown (one of the neighborhoods you mention as still bad) on my way to wynwood, and I couldn't have felt safer because people either look at me like a potential customer or undercover cop (only because I don't look like the typical wynwood hipster).

That said, nothing like this has ever happened to me in Miami and that is the irony/point, because this occurred to me in a small relatively safe beach town/resort area outside of Miami ultimately ending in the 8th safest city in the US.

Edit: to put things in perspective, in cocaine cowboys you will see a shooting on the open streets in the middle of the day, that was on 168th I was born on colonial drive/160th street, and also the Dadeland shooting in the middle of the day again about 2 miles from my current house, but to your point today Dadeland is safe and the busiest mall by foot traffic in the US (or it was a few years back).

Yes a Duress code is a very old and well known concept and I am unsure why it's not already built into phones. Either opening a separate version of the phone with different apps, or silently notifying people/authorities.

[1] https://en.wikipedia.org/wiki/Duress_code

Obviously I hope some good can come from my experience and I plan on publishing the story once I obtain all video/audio evidence. And while I want to publicly acknowledge Apple Find my Phone lead to the arrest of the attacker and recovery of my stolen vehicle, I know HN is the one place I could turn to get a push to bring the duress code (thanks for the terminology) to the attention of the public and phone manufacturers/software developers.
In the alarm industry this is known as the "under duress code" and it's a feature I've wanted for a long time on my phone. Aka, being asked to decrypt/unlock my phone against my will, would trigger a wipe or launch some sort of vanilla/pared down O/S with little access to my personal data/info.
You know it occurred to me while on a trail run the other day, that TouchID is actually a very interesting feature in my case. I bring my phone for three reasons:

1. Music. But I can get that from a much much smaller device.

2. GPS. I use RunKeeper. But I could totally use a GPS watch, or even a pedometer for this. I run the same trails after all and know the distances.

3. For emergencies. This is the big one. If I trip and break or sprain something, I want to be able to call for help. Even scarier, if I pass out suddenly and someone finds me, I want them to call for help.

It occurred to me that in that third category, if I pass out and someone finds me with my phone (and if they don't just rob me blind and leave me), they can use my thumb to unlock my phone, then call or text one of my contacts. I don't need to be conscious for that.

P.S.: How great would have Pebble Core been? And why hasn't anyone else tried it? Come on Apple, give us a cell-network connected, GPS equipped iPod Nano!

    P.S.: How great would have Pebble Core been? And why hasn't anyone
    else tried it? Come on Apple, give us a cell-network connected, GPS
    equipped iPod Nano!
According to the rumors the next Apple Watch will have LTE, so that would seem to be the product you're asking for
If you're unconscious, the only contact that needs to be called is emergency services.
I mean of course. But if I am 3 miles into a wooded trail, they will be waiting a while. Aside from CPR I'd such is needed, not much to do. I'd certainly appreciate a call or a message being sent in that case.