FBI stymied by Apple’s Lockdown Mode after seizing journalist’s iPhone

Post reporter was compelled to unlock MacBook Pro with fingerprint, however.

See full article...

 

[adespoton]

As previously reported, the FBI executed a search warrant at Natanson’s home as part of an investigation into a Pentagon contractor accused of illegally leaking classified data. FBI agents seized an iPhone 13 owned by the Post, one MacBook Pro owned by the Post and another MacBook Pro owned by Natanson, a 1TB portable hard drive, a voice recorder, and a Garmin watch.

I shudder to think what would happen if authorities found some reason to visit my home. I've got collections of computers and computer-adjacent electronics going back to the 1980s.

Not a lawyer and the language may not be correct, but I believe it boils down to your fingerprints (and face for that matter) are "publicly accessible," while something like a password or PIN is private knowledge.

Yeah; and this is the reason that my work devices require a PIN before you get to the Yubikey prompt (which also needs a different PIN), and I never use index finger or thumbprints for unlocking my personal devices. And I use a full keyboard password instead of a numpad PIN on my phone, so a robo-unlocker is going to have serious difficulties.

 

[adespoton]

I just had a thought: similar to how you can use a non-standard skin surface to unlock a fingerprint reader... has anyone tried training facial recognition unlock with a unique expression or hand in the way? So that a "regular" attempt would fail, but a "secret" gesture would do the trick?

 

[adespoton]

Dont all phones these days reset or brick the phone after just a handful of wrong PIN entries?

Yes. And forensic investigators have discovered that if you reset the phone between each attempt, the counter tracking the number of attempts is cleared. Upside: you have to wait the entire reboot cycle for each attempt. Downside: you have an infinite number of attempts with a fixed delay.

And if this was modified so that the number of attempts was stored unencrypted on disk... well then, DFU mode would allow an attacker to continually reset that value to 0.

 

[adespoton]

I believe that is no longer correct on modern iPhones, the counter isn't stored in RAM or on the SSD but on special secure enclave storage, which has undergone several upgrades over time.

Cellebrite can't brute force any device tha has the 2nd gen Secure Enclave Storage Component.

I believe they found a way to leverage debug mode to get around that? And that technique is disabled if the phone is in lockdown mode.