Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Has anybody ever thought about how Face ID is pretty much a backdoor into your iPhone? Think back a few years to when Apple refused to open a felon's iPhone for the US government, because "they couldn't." If that happened now, they wouldn't even have to ask Apple, given the felon has Face ID enabled.

Edit: I'm kind of surprised by the downvotes, given I thought HN was pretty big on personal privacy. Just thought I'd stir up the discussion, that's all.

Edit 2: I personally think U2F is the way forward here, not Face ID or Touch ID or other biometrics.



The risks of forced unlocking with FaceID have been discussed, including in court: https://appleinsider.com/articles/19/01/14/face-id-touch-id-...

The main alternative to biometric ID is a PIN. Those are seldomly changed, and are relatively easily shoulder-surfed. I've seen children who can't even read yet learn their parent's iPad PINs. If you're afraid of the police, surveillance needs to be your threat model.

There's some ways to prevent being forced to use face unlock if you see it coming, by squeezing your phone: https://www.macworld.com/article/3236793/how-to-quickly-and-...


I didn't know you could disable face ID by squeezing your phone. Thanks for the info, and for the court case as well.

I think a strong password on my phone is important, rather than a simple PIN, given it's my second factor for nearly everything.


Just as an FYI for anyone reading this thread: Android has a similar feature called "lockdown", that can be triggered by holding down the power button for a second and then selecting the option.


possibly, but they have to be quick about it:

>To use Face ID, you must set up a passcode on your device.

>You must enter your passcode for additional security validation when:

>The device has just been turned on or restarted.

>The device hasn’t been unlocked for more than 48 hours.

>The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID hasn't unlocked the device in the last 4 hours.

>The device has received a remote lock command.

>After five unsuccessful attempts to match a face.

>After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.


I wasn't aware of some of these. Thanks for sharing.


There's limitations. iOS requires a passcode after so long and after so many bad attempts or after a reboot. The time law enforcement would have to use your face to get in is pretty short.


The fingerprint sensor found on most phones doesn't always require intent, either.


Interestingly, touch ID launched 1 year after Apple refused to unlock an iPhone for the FBI.


Did you mean FaceID? The iPhone 5c in the San Bernardino shooter case was released at the same time as the iPhone 5s, which introduced TouchID.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: