iPhone 6 encryption stops FBI, but not clever 7-year-old
NEW YORK (CNNMoney)
When it comes to privacy, Matthew Green is a guru. This college professor knows all about NSA spying, encryption, computer security — the works.
Yet he’s met his match: his 7-year-old son.
You see, Green owns an iPhone 6 Plus. That means everything on the phone is encrypted until Green — and only he — unlocks it with his finger.
But Tuesday morning at dawn, little Harrison crept into his parents’ bedroom and walked over to his dad’s side of the bed. He quietly reached for his father’s iPhone, grabbed his right hand and pressed his large thumb onto the fingerprint scanner.
Green woke up and couldn’t blame the kid. After all, it was dad who loaded the phone with Minecraft and Angry Birds Transformers.
For Green, who teaches cryptography and computer security at Johns Hopkins University, it’s a perfect argument against the notion that iPhone encryption is unbreakable — for thieves or police.
Apple recently rolled out encryption that no longer lets the company bypass your passcode. Cops can’t spy on you by going straight to Apple (AAPL, Tech30). The FBI director says iPhone encryption protects pedophiles by holding back police. Not so, Green said.
Green had this to say on Twitter that morning: “Dear FBI: next time you say ‘think of the children’ I implore you to note how easily mine can bypass Apple encryption using physical attacks.”
Green explained to CNNMoney why biometric features — like fingerprints or voice — aren’t effective if you want to keep someone out of your phone. A police officer could just press your finger down onto the scanner.
“This is a really serious problem,” Green said. “In a situation where you’re under arrest, biometrics are not very good [at protecting your information.]”
In fact, this is already happening. In a Virginia Beach case involving an EMT accused of strangling his girlfriend, a state court judge ruled that police can force you to unlock your phone with your finger.
Then again, if you disable the iPhone’s TouchID — or use a phone without a fingerprint scanner — you can plead the Fifth Amendment and not say your passcode.