As Apple continues to update its iPhones with new security features, law enforcement and other investigators are constantly playing catch-up, trying to find the best way to circumvent the protections or to grab evidence. From a report: Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect’s iPhone X with their own face, leveraging the iPhone X’s Face ID feature. But Face ID can of course also work against law enforcement — too many failed attempts with the ‘wrong’ face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism. “iPhone X: don’t look at the screen, or else… The same thing will occur as happened on Apple’s event,” the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple’s 2017 presentation of Face ID, in which Craig Federighi, Apple’s senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. “This is quite simple. Passcode is required after five unsuccessful attempts to match a face,” Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple’s own documentation on Face ID. “So by looking into suspect’s phone, [the] investigator immediately lose one of [the] attempts.”
Read more of this story at Slashdot.