Police 3D Print Dead Man’s Fingers To Unlock Smartphone, But There's One Little Problem

Law enforcement officials are seeking help from a professor at Michigan State University with creating a special 3D printed replica of a homicide victim's fingers in order to unlock his phone using his fingerprints. In theory it sounds like a brilliant idea, one that would sidestep the potentially contentious process of trying to get Apple or Google to assist with unlocking the device, only there's a pretty major roadblock that stands in the way.

There are safeguards in place that require a passcode if a fingerprint scanner hasn't been used in quite some time. For example, as of iOS 9, Apple added a new wrinkle to its Touch ID security, that being an 8-hour time limit in between login attempts using your finger. If it's been more than 8 hours since you've logged into your iPhone using Touch ID, then it will ask for your passcode. As MacWorld discovered, this is a rolling timeout that resets each time Touch ID unlocks a devices.

Apple iPhone

Even without the relatively new 8-hour time limit, there are other restrictions that would likely thwart the aforementioned law enforcement officials from cracking the security of an iPhone (it's not known to the public what type of phone the victim had). Taken from Apple's iOS Security Guide (PDF):
  • The device has just been turned on or restarted.
  • The device has not been unlocked for more than 48 hours.
  • The passcode has not been used to unlock the device in the last six days and Touch ID has not unlocked the device in the last eight hours.
  • The device has received a remote lock command.
  • After five unsuccessful attempts to match a fingerprint.
  • When setting up or enrolling new fingers with Touch ID.
Had it not been for the time limit restrictions, the clever idea of taking a victim's fingerprints that are on file and molding a 3D printed replica of his fingers might work, though not without some technical creativity.

Anil Jain, the professor at MSU tasked with making the replicas, planned to coat the 3D printed fingers in a thin layer of metallic particles. That's because fingerprint readers on phones are capacitive and work by closing tiny electrical circuits. The ridges on people's fingers cause some of the circuits to come in contact, and skin is conductive enough for the process to work. That's not so with plastic, hence the layer of metallic particles.

From a legal standpoint, things can be a little murky. In this case, police are trying to crack the security of an iPhone that belonged to the victim, not the murder suspect, so there's no worry of self-incrimination. And since the victim is dead, there's no worry of finding evidence of crimes he might have committed and bringing him to trial.

It's also interesting to note that courts recognize a difference between a fingerprint password and one that's memorized.

“Courts generally draw a line between the ‘contents of the mind’ (which is protected) and ‘tangible’ bodily evidence like blood, DNA, and fingerprints (which is not),” Bryan Choi, a researcher who focuses on security, law, and technology, told Fusion.

What that means is that a password you've memorized might be protected by the Fifth Amendment, but your fingerprints aren't. That actually played out in 2014 when a court in Virginia ruled that a suspect can be required to unlock a phone using their fingerprint, but couldn't be forced to give up a memorized password.

Via:  Fusion
Show comments blog comments powered by Disqus