The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-
It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when ‘at rest’, ie shutdown.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn’t fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern
On iOS, with a locked device, quickly press the lock button five times to do the same, it should bring up the power off/SOS screen, which you can dismiss.
This can also be done by holding down both power and volume up buttons for a few seconds.
You should always turn off / reboot your phone if you expect it to be potentially be taken
Simply being locked after being unlocked once leaves the phone in a less secure state than if it was fully off or just rebooted and never unlocked.
If you need your phone to record the interaction, then you might only get as far as locking it, but always strive to shut it down.
Five clicks of the lock button on an iPhone will force a password or pin to enable biometrics again.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn’t fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
2 things. Unless I accidentally enabled this setting, it’s on by default. And what do you mean by lockscreen bypass software. What would be the point of lockdown if its not effective against law enforcement trying to brute force your privacy?
it’s on by default
It may well be on by default now. I just know I had to enable it the last time I looked at this.
what do you mean by lockscreen bypass software
Tools such as those provided by Cellebrite and similar.
Lockdown mode is mainly to disable biometrics, to prevent someone on the street forcibly using them to unlock your device. It’s not going to stop an entire agency with more sophisticated tools.
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn’t bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.
I use biometrics to access some of the apps on my phone. But my home screen requires a password to unlock.
that’s precisely why i never stopped using a password to access my phone.
How is current USA administration performing these clear gestapo level violations of amendments and everyone’s just like “okay”. ?!
Because there’s no resistance to follow. We have no leaders out there speaking against this. It’s a massive population of sheep being governed by wolves
Pedowolves
I don’t know what it is on android, but five quick presses of the primary button on iOS will put the phone into a mode where you must enter your password to unlock it.
Also pressing the primary and a volume key for a couple of seconds.
Android has a feature you can turn on that adds “lockdown mode” as an option if you hold the power button, which requires a password. I just tried taking a screenshot, but I don’t think I can while in the power menu.
You can also just turn your phone off. Biometrics don’t work on a fresh boot.
Or better yet use GrapheneOS 2FA biometric + PIN + duress PIN + auto reboot:
- If someone spies on you unlocking your phone, they don’t get your encryption password
- If they figure out your PIN, they can’t unlock your phone without you physically being there, and your phone may reboot to the password unlock before they get it to you
- If they compel you to use biometrics, they can’t legally compel you to give them your PIN
- If they decide to start trying out common PINs and you set your duress PIN to one of them, then it wipes your phone
Or grapheneos but compartmentalize sensitive data to a profile where you use no fingerprints, only pins. Duress can be entered anywhere right? So if you’re being compromised , enter the duress pin.
Why would you use only PIN when you can use both?
What’s interesting is that the DC Circuit doesn’t allow authorities to force someone to unlock their device with biometrics. I’m assuming that Natanson’s home is not inside the DC Circuit.
It’s a legally unclear area right now whether or not authorities can force you to unlock your device with biometrics. As such, it’s better not to use them: https://decentproject.org/should-you-use-biometrics-on-your-phone
For my apps, I use biometric unlocks. To get in passed the lock screen to get onto my phone’s home screen, I have to enter a pattern. I figure that if they’re already passed the pattern, more pattern won’t stop any unauthorized user. So, it really isn’t worth the inconvenience to enter the pattern for all my apps (like banking, cc, investments, etc.) over and over. But, if they can’t figure out my pattern after so many tries, my phone auto-erases.
phone auto-erases.
i’m WAAAY too clumsy and forgetful to have auto-erase on!
yeah, just wait until you start getting tremors. auto-erase will fuck you over
Just also stop saving critical stuff on your phone you’ll never use nor open again. A good mailbox is an empty mailbox, empty signal chat and so on. With AI it is leaking any away possibly out your phone
Jokes on the cops, my finger barely works half the time and I have to end up doing my doodle.
I only use a 10-digit pin number I’m guaranteed to never forget. I type it in every time. But, I don’t spend much time on my phone, sometimes I even forget it when I leave the house.
You could set it up so that only your left pinky works. After they try the other more likely fingers they’re just going to figure it didn’t work.
Yes maybe, but. Is that any more or less convenient than a pin/passcode? Also, the most cursory surveillance prior to arrest will note the strange way you unlock your phone.
i guess another way is to use those shitty privacy screen protectors that do not work with fingerprints at all. They can try all they want, its not gonna work.
