Ohio iPhone X Owner Busted for Trafficking After FBI Forces Face ID Unlock

3 Min Read Published: Oct 1st, 2018

Text Size

- +

Toggle Dark Mode

It’s been a while since we’ve looked into the state of law enforcement with regards to its burgeoning ability to gain access into the locked mobile devices of those charged with a criminal offense. And while it’s not like we expected the controversial issue to fade into oblivion anytime soon, it appears there is now an even greater threat, specifically to the security of those with Face ID-equipped iPhone models like the iPhone X, XS and XS Max.

What Happened?

In what’s reportedly the first known case of law enforcement doing so anywhere in the world, a report published over the weekend revealed that the U.S. Federal Bureau of Investigation (FBI) recently forced a suspect to unlock his iPhone X using Face ID.

Citing court documents, Forbes on Sunday reported that back on August 10, 2018, FBI agents obtained a warrant to search the home of Columbus, Ohio resident, Grant Michalski, who was being investigated in connection with child abuse allegations.

Face the Facts

Upon questioning, Ohio FBI Special agent David Knight reportedly ordered Michalski to look into his iPhone X, which triggered the Face ID unlock mechanism and allowed agents overseeing the case to uncover some rather incriminating information — including a felony-laden Kik conversation between him and someone who was actually an undercover agent.

Ultimately, Michalski was charged with receiving and possessing child pornography, the publication reports.

Not all of Michalski’s data was accessible from his iPhone X, however, since investigators didn’t also have his 4-digit passcode. Given that Face ID requires Passcode authentication after one-hour of non-use, this obviously didn’t afford authorities much time to scope out the contents of Michalski’s device. In fact, special agent Knight admitted that he wasn’t able to document certain things like app usage and files.

No Place to Hide?

Troublingly, the agent went on to note that while he had limited success combing through Michalski’s iPhone, he was recently informed of the Columbus Police Department and Ohio Bureau of Investigation’s new “technological devices,” which, in his words, are capable of “obtaining forensic extractions from locked iPhones without the passcode.”

Presumably, Knight is referring to recent hardware devices, like those from Israeli mobile security firm, Cellebrite, or the even more sophisticated GrayKey box developed by Grayshift.

Deigned to brute force hack into essentially any password-protected iPhone in as little as seconds, but as long as days, these hardware devices have exploded in adoption, prompting major contracts with the U.S. Secret Service valued at $780,000 and $484,000, respectively, as well as an additional $384,000 contract between Grayshift and U.S. Immigration Customs Enforcement (ICE).

Steven Nolder, a lawyer representing Michalski, told Forbes that the FBI ultimately turned to Cellebrite in its bid to access his client’s iPhone — though authorities have failed to find any new useful or otherwise incriminating information on it.

While controversial, law enforcement’s use of brute force hacking hardware is completely legal in the U.S., and is sometimes even necessary, the paper notes, since suspects can’t be forced to turn over their passcodes under those same laws.

Unfortunately, in Michalski’s case, his hidden activities were far too extreme and unlawful to remain hidden for long. But the good news, for the rest of us, is that Apple has generally been a few steps ahead of the curve when it comes to protecting its user’s privacy and data.

And the Cupertino tech-giant is always working on updates to thwart mechanisms like the GrayKey box in their tracks.

How to Disable Face ID Quickly

Moreover, Face ID users who find themselves in a similar predicament can also force turn off the biometric security feature, which will automatically require a passcode in the presence of law enforcement or whoever may be wanting access to your device.