In practice, it might have the opposite effect. Currently, 4-digit PINs are (presumably) brute-forceable and the alternative of entering a longer, cryptographically-secure password every time you want to use your phone is impractical, so it doesn't really matter whether you can be legally compelled to divulge your PIN or not.
However, with a fingerprint ID, you can now use a cryptographically strong password to encrypt your phone (which you have to enter on device boot or after 48 hours of the device being idle [1]), while still having the convenience of actually being able to use your phone once it's on via the fingerprint scanner. So I see that as a security win.
Of course, Wired's premise isn't even valid in some countries, e.g. the UK, which have powers to legally compel you to hand over your passwords regardless. For all I know this is true in the US too.
IANAL but as far as I know the issue of divulging a passphrase has not been completely settled by the US courts. It seems that the courts are converging on something like this:
1. If the prosecutor can prove that incriminating evidence is encrypted, you can be compelled.
2. If you ever divulged your passphrase to the government or provided the plaintext, you can be compelled.
3. If you have not divulged the passphrase and the government has no proof that incriminating evidence is encrypted, you cannot be compelled.
If I remember correctly, the prosecutor cannot both compel you to give up a passphrase and use your knowledge of the passphrase as evidence against you (e.g. to prove that you controlled the computer in question).
That does you no good if you get nabbed with your phone in the decrypted but locked by fingerprint state. (which would be the common state since the password is a pain in the ass to enter if it's strong, so you do it on boot or something). So provided whoever has your phone can force you to put your thumb on your phone, forge your print, or cut off your thumb, they get your data.
Or fingerprint you at the detention center after you're arrested filming some cops beating a protester. Probably can just print it out to film and press it into the reader and open it. The CCC lifted the fingerprint of German Secretary of the Interior Wolfgang Schäuble from a glass he used at a panel discussion to prove how worthless fingerprints are for authentication.
A PIN is perfectly fine for locking as long as it has a strict-enough backoff. For encryption, then, you need tamper-proofing rather than any particular level of password complexity.
I think you missed the fairly huge disclaimer hidden away at the bottom of the page:
> iPhone 4S, iPhone 5, iPad 2+, iPad Mini and iPod Touch 5th gen support is limited to jailbroken devices only (iOS 5 and 6).
The chances of a target device being jailbroken are not particularly large. This should, of course, serve as a reminder that if you are running a jailbroken device you should probably have a passcode a little more complex than four digits!
There are many other forensic acquisition products for iOS[1] as well as a number available to law enforcement only; I think it's safe to say that relying on your iPhone's PIN code for protection is probably not a good idea.
"Using UFED Physical Analyzer, physical and file system extractions, decoding and analysis can be performed on locked iOS devices with a simple or complex passcode.
Simple passcodes will be recovered during the physical extraction process and enable access to emails and keychain passwords. If a complex password is set on the device, physical extraction can be performed without access to emails and keychain. However, if the complex password is known, emails and keychain passwords will be available."
I believe the idea is that if the encryption key is protected with only 4-digits, you could brute-force it offline (if you cracked open the phone and de-soldered stuff). If the encryption key is protected with a secure passphrase (as, for example, PGP private keys typically are) then that attack becomes a lot less feasible.
Yeah, the online attack defence like a short password is sufficient to defeat most attacks so long as root is not enabled, and Google/Apple don't comply to remotely unlock the device or reset the password (or you have all google framework apk's ripped out, or not built). The phone should reboot or wipe itself, or timeout or do something besides allowing unlimited attempts.
The offline attack you need a password suitable for protecting against police GPU cloud running john the ripper. Android you can set this up (2 different passwords), but should then make a script that deletes adb and su, add it to rc.local and reboot. Also helps to sabotage the recovery partition so it deletes user data should anybody try to flash something to system image
There's also mobiflauge, which is experimental deniable encryption and has 2 passwords, one to open a decoy install and one for your secret files full of stolen government intel you took pictures of to fool casual searches, and not ripped apart JTAG forensics.
True, but iOS does have an option to wipe the phone after 10 unsuccessful PIN attempts. Given that iCloud backup is pretty simple to setup, there's no reason not to configure this option, IMO.
Yeah, but the court can still get a warrant for the iCloud data, which I am almost certain isn't store in encrypted form or at least in an encrypted form for which Apple does not have the keys.
You really need to use iTunes and an app like PhoneView for backing up all your data locally and storing that data in encrypted form outside the jurisdiction of your country.
I worry that they could physically force people to put their fingers on the phone, though, which would be much easier than forcing them (physically) to input the passcode.
I'm quite sure they could get prints off the phone or something else you've touched and make an artificial gelatin "finger" with the print. Depending on the scanner,this can work and is a well known way to fool some consumer-grade fingerprint scanners.
A fingerprint is an identification, not a passphrase. On top of that a fingerprint is very easy to obtain (especially on an iPhone where it might even by ready available on the button that reads it). A PIN on the other hand is a passphrase. The fact that a fingerprint is very unique doesn't mean that it isn't easy to discover and replicate or that it's difficult to use a copy of it.
However, with a fingerprint ID, you can now use a cryptographically strong password to encrypt your phone (which you have to enter on device boot or after 48 hours of the device being idle [1]), while still having the convenience of actually being able to use your phone once it's on via the fingerprint scanner. So I see that as a security win.
Of course, Wired's premise isn't even valid in some countries, e.g. the UK, which have powers to legally compel you to hand over your passwords regardless. For all I know this is true in the US too.
[1] http://9to5mac.com/2013/09/11/apples-details-fingerprint-sen...