Police 3D Print Dead Man’s Fingers To Unlock Smartphone, But There's One Little Problem
There are safeguards in place that require a passcode if a fingerprint scanner hasn't been used in quite some time. For example, as of iOS 9, Apple added a new wrinkle to its Touch ID security, that being an 8-hour time limit in between login attempts using your finger. If it's been more than 8 hours since you've logged into your iPhone using Touch ID, then it will ask for your passcode. As MacWorld discovered, this is a rolling timeout that resets each time Touch ID unlocks a devices.
Even without the relatively new 8-hour time limit, there are other restrictions that would likely thwart the aforementioned law enforcement officials from cracking the security of an iPhone (it's not known to the public what type of phone the victim had). Taken from Apple's iOS Security Guide (PDF):
- The device has just been turned on or restarted.
- The device has not been unlocked for more than 48 hours.
- The passcode has not been used to unlock the device in the last six days and Touch ID has not unlocked the device in the last eight hours.
- The device has received a remote lock command.
- After five unsuccessful attempts to match a fingerprint.
- When setting up or enrolling new fingers with Touch ID.
Anil Jain, the professor at MSU tasked with making the replicas, planned to coat the 3D printed fingers in a thin layer of metallic particles. That's because fingerprint readers on phones are capacitive and work by closing tiny electrical circuits. The ridges on people's fingers cause some of the circuits to come in contact, and skin is conductive enough for the process to work. That's not so with plastic, hence the layer of metallic particles.
From a legal standpoint, things can be a little murky. In this case, police are trying to crack the security of an iPhone that belonged to the victim, not the murder suspect, so there's no worry of self-incrimination. And since the victim is dead, there's no worry of finding evidence of crimes he might have committed and bringing him to trial.
It's also interesting to note that courts recognize a difference between a fingerprint password and one that's memorized.
“Courts generally draw a line between the ‘contents of the mind’ (which is protected) and ‘tangible’ bodily evidence like blood, DNA, and fingerprints (which is not),” Bryan Choi, a researcher who focuses on security, law, and technology, told Fusion.
What that means is that a password you've memorized might be protected by the Fifth Amendment, but your fingerprints aren't. That actually played out in 2014 when a court in Virginia ruled that a suspect can be required to unlock a phone using their fingerprint, but couldn't be forced to give up a memorized password.