iOS 11 Touch ID lockdown is sneaky security done right

Chris Davies - Aug 17, 2017, 4:03pm CDT
iOS 11 Touch ID lockdown is sneaky security done right

Apple’s iOS 11 has a secret lockout option that temporarily disables Touch ID, a so-called “cop button” that could take advantage of legal loopholes about phone searches. While an increasing number of smartphones have fingerprint readers, and indeed all iPhones have for the past few generations, the idea that not all security systems are created equal goes further than just on-device security. In fact, while Touch ID might be more convenient than a PIN code or password, there are cases when it could be less resilient from legal compulsion to unlock your device.

The issue goes further than simply whether biometrics are more or less secure, inherently, than a PIN might be. Instead, it relies on legal precedent about whether investigators such as the police are allowed to compel users to either hand over their PIN or press their finger against the scanner. While US federal courts have ruled in some cases that it’s alright for law enforcement to force people to unlock their phone when it’s secured by a fingerprint, usually fifth amendment rights prevent the same but for forcing a PIN disclosure.

The new iOS 11 feature was spotted by Twitter user @alt_kia, who shared screenshots from the latest beta version of the upcoming OS. It’s a little-publicized side-effect of the new software’s panic button action, triggered by pressing the power button rapidly. That pulls up a screen where contacting emergency services like 911 is made easy.

However in the process it also temporarily disables Touch ID. To reactivate it, the user has to put their PIN or passcode in, just as they’d have to do if they powered the iPhone off altogether and restarted it.

It’s not the first time Apple has envisioned using Touch ID for something more than just unlocking the iPhone. Back in late 2015, the company was granted a patent for triggering a call to emergency services using Touch ID. The “panic mode” would be activated when a certain registered finger was used, allowing those being pressured to open their phone – or in the midst of a mugging – to secretly contact the police.

Data security has increasingly come under the spotlight, however, with the rise in searches of smartphones, particularly at US borders. As the Electronic Frontier Foundation has advised, travelers are legally allowed to decline – under the fifth amendment – to unlock their devices if asked to by border patrol agents. However, the impact of doing so can extend significantly beyond potentially missing your flight; indeed, non-residents of the US could even face a permanent ban on entering the country in future if they refuse to comply. Even if you won’t unlock the device, customs and border control can still seize it from you.

Must Read Bits & Bytes