Hacker News

A judge gave the FBI permission to attempt to bypass biometrics

2026-01-3019:38128100theintercept.com

The search warrant to raid a Washington Post reporter’s home shows how authorities can open your phone without your consent.

The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.

Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.

It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.

Natanson has not been charged with a crime. Investigators searched her home in connection with alleged communication between her and government contractor Aurelio Luis Perez-Lugones, who was initially charged with unlawfully retaining national defense information. Prosecutors recently added new charges including multiple counts of transmission of defense information to an unauthorized person. Attorneys for Perez-Lugones did not comment.

The warrant included a few stipulations limiting law enforcement personnel. Investigators were not authorized to ask Natanson details about what kind of biometric authentication she may have used on her devices. For instance, the warrant explicitly stated they could not ask Natanson which specific finger she uses for biometrics, if any. Although if Natanson were to voluntarily provide any such information, that would be allowed, according to the warrant.

The FBI’s search and seizure warrant for Washington Post reporter Hannah Natanson details how authorities could use her fingers or face to unlock her phone.  Screenshot: FBI

Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, told The Intercept that while the EFF has “seen warrants that authorize police to compel individuals to unlock their devices using biometrics in the past,” the caveat mandating that the subject of the search cannot be asked for specifics about their biometric setup is likely influenced by recent case law. “Last year the D.C. Circuit held that biometric unlocking can be a form of ‘testimony’ that is protected by the 5th Amendment,” Crocker said. This is especially the case when a person is “forced to demonstrate which finger unlocks the device.”

Crocker said that he “would like to see courts treat biometric locks as equivalent to password protection from a constitutional standpoint. Your constitutional right against self-incrimination should not be dependent on technical convenience or lack thereof.”

Activists and journalists have long been cautioned to disable biometrics in specific situations where they might face heightened risk of losing control of their phones, say when attending a protest or crossing a border. Martin Shelton, deputy director of digital security at Freedom of the Press Foundation, advised “journalists to disable biometrics when they expect to be in a situation where they expect a possible search.”

Instead of using biometrics, it’s safest to unlock your devices using an alphanumeric passphrase (a device protected solely by a passcode consisting of numbers is generally easier to access). There are numerous other safeguards to take if there’s a possibility your home may be raided, such as turning off your phone before going to bed, which puts it into an encrypted state until the next time it’s unlocked.

That said, there are a few specific circumstances when biometric-based authentication methods might make sense from a privacy perspective — such as in a public place where someone might spy on your passphrase over your shoulder.


Read the original article

qingcharles

Karma: 10514
...
 @Hacker__News
@hacker._news

Comments

  • By digiown 2026-01-3020:1111 reply

    GrapheneOS has a nice feature where you can use both the fingerprint and a short passcode to avoid having to type out your longer/more valuable password all the time. Seems like a good solution to the problem.

    Also, iirc iphones have this feature where if you appear to be under duress, it will refuse to unlock and disable face id. Is this true?

    • By 1shooner 2026-01-3020:214 reply

      Graphene also has a kind of workaround to add fingerprint duress:

      >GrapheneOS improves the security of the fingerprint unlock feature by only permitting 5 total attempts rather than implementing a 30 second delay between every 5 failed attempts with a total of 20 attempts. This doesn't just reduce the number of potential attempts but also makes it easy to disable fingerprint unlock by intentionally failing to unlock 5 times with a different finger.

      • By burningChrome 2026-01-3022:14

        The first phone I used with Graphene was a Pixel 4XL. It didn't come with a fingerprint sensor. If I remember correctly, the longest lockout period was still really short, like 5 mins or something. It was rather annoying to constantly have to put in your unlock code when you wanted to use or check something on the phone.

        Loved Graphene, and the Pixel worked flawlessly, but man, that unlock thing drove me nuts more than a few times.

      • By digiown 2026-01-3020:261 reply

        > a different finger

        Though with all the devices GrapheneOS supports, there are only two fingers you can plausibly use with the device: the thumb, usually on your dominant hand. It is quite awkward to be using anything else.

        • By j45 2026-01-3020:53

          There used to be an android app you to unlock the phone directly to a different app with different finger(print)s.

          All this biometric talk in the world and it’s rarely made convenient for the user like this.

          It was likely almost as fast as a physical keyboard smartphone for instant entry into an app.

      • By raverbashing 2026-01-3020:47

        Yes, very nice

        Cut to my phone failing to recognize the fingerprint whenever it feels like or maybe because the humidity is 0.5% from the ideal value

        sigh

      • By throw1771 2026-01-3020:27

        [dead]

    • By chasd00 2026-01-3020:492 reply

      > Also, iirc iphones have this feature where if you appear to be under duress, it will refuse to unlock and disable face id. Is this true?

      heh it would suck to be beaten with a wrench to unlock your phone and, finally, to make it stop you relent but then the phone is like "nope, sorry. if you're gonna be dumb you gotta be tough".

      • By iamnothere 2026-01-3021:14

        If you’re worried about wrench attacks then you’re already in a situation where encryption won’t help you. They may beat you anyway if they don’t find what they’re looking for on the phone, or they may just kill you for being a nuisance to power.

      • By dylan604 2026-01-3021:281 reply

        What if they only did body blows so there was no bloody nose or black eyes? Does FaceID notice if your eyelids have been taped open?

        • By koolba 2026-01-3021:461 reply

          Or they beat your loved ones in front of you. No physical damage or misremembering passwords due to blunt force trauma to the noggin.

          • By dylan604 2026-01-310:41

            That's a lot of witnesses though

    • By mikestew 2026-01-3021:271 reply

      Also, iirc iphones have this feature where if you appear to be under duress, it will refuse to unlock and disable face id. Is this true?

      Sort of: if you hold the buttons on both sides of the phone for about three seconds, it will bring up the Power Off/SOS screen. You do not need to interact with that screen, just display it. Easy-peasy, you can do it with the phone in your pocket. Once that screen is displayed, it requires a passcode to unlock the phone. The courts have determined that the passcode is protected by the 5th Amendment, but biometrics are not.

      https://arstechnica.com/tech-policy/2023/12/suspects-can-ref...

      • By toomuchtodo 2026-01-3021:342 reply

        It would be useful imho if an option was available for the phone to automatically enter this mode if separated for more than X seconds from a paired watch or airtag, or with sufficient vibration/acceleration (throw or stomp it). Similar adversarial defense as the phone rebooting after three days [1]. Perhaps part of Advanced Data Protection.

        Not legal advice. Having a trusted contact remotely wipe the device is also a potential option with appropriate iCloud creds and a message passed [2], assuming the device is not powered down or kept in a physical location blocking internet/cellular channels.

        [1] New Apple security feature reboots iPhones after 3 days, researchers confirm - https://news.ycombinator.com/item?id=42143265 - November 2024 (215 comments)

        [2] Erase a device in Find Devices on iCloud.com - https://support.apple.com/guide/icloud/erase-a-device-mmfc0e...

        • By mikestew 2026-01-3021:47

          Given that my Apple Watch throws alerts when I leave a device behind (“mikestew’s iPhone was left behind at $PLACE”), it would be just one more step to flip that “no biometrics” bit. I’m assuming that those APIs are not available to 3rd party devs, so I can’t write my own.

        • By digiown 2026-01-311:36

          GrapheneOS by default autoreboots after 18 hours. You can reduce it much further, to as little as 10 minutes. This deletes the keys from memory and prevents a whole range of AFU attacks that sometimes happens.

    • By TheNewsIsHere 2026-01-3116:11

      The iPhone has never had such a feature _exactly_.

      However on iPhones that have the Emergency SOS feature biometry is disabled until you enter your passphrase/code when that feature is invoked.

      Biometry is also disabled until re-authentication if you invoke the shutdown menu by holding the power/power+volume up button.

      Neither of those will get you to the Before First Unlock state, however. That is the ideal if you are attempting to protect access to your phone’s data in any adversarial scenario. You must restart/shut down the phone to get back to that.

      Same applies to iPads.

      There may be vulnerabilities, of course. In Before First Unlock there is not enough cryptographic material available in memory to decrypt application data. The full set of keying material is both user and device specific.

    • By mcherm 2026-01-3020:192 reply

      Nice solution! Google, can we get that on Android by default to reach the masses? Apple... you too: you built a reputation for protecting privacy.

      • By drnick1 2026-01-3020:222 reply

        If you want privacy, Google and Apple are not the answer. And Apple's claims about privacy are mostly unverifiable and should not be trusted.

        • By ranger_danger 2026-01-3021:30

          I don't think any rational discussion about privacy can be had without first describing exactly what your definition of "privacy" is in this specific context, AND you must define a threat model. Otherwise we can't know if the vendor is even relevant to what they care about.

        • By EA-3167 2026-01-3020:252 reply

          Privacy from what? From a determined government and court system? Nothing is going to keep you private from that. From your peers and family? Apple and Google keep you private in that regard. As for the world of privacy in between those extremes: it depends.

          • By bornfreddy 2026-01-3020:42

            From advertizers? From power-grabbing BigTech?

          • By fragmede 2026-01-3020:343 reply

            > From a determined government and court system? Nothing is going to keep you private from that

            While there's always https://xkcd.com/538/ there are not currently quantum computers that can factor 4k RSA keys, so the court can order whatever it wants, unless they have a way past that (which may involve variations of xkcd 538), they ain't getting shit out of a properly configured digital safe. (construction of said safe is left as an exercise to the reader.)

            • By raw_anon_1111 2026-01-3023:42

              Or they can just let you rot in jail for contempt charges

            • By EA-3167 2026-01-3020:46

              Most of us (reporters included) aren't protecting anything with their life, not just because of a survival instinct, but because what we're protecting isn't actually worth that much.

              For the relative handful who are custodians of that sort of data, history suggests a smaller minority than they'd like to admit have a readily achievable breaking point. The true believers who are left then are a minority that's hardly impossible to track and subvert through attacks that don't involve decryption on a device.

              The point of that XKCD wasn't to be THE SINGULAR EXAMPLE, it's sort of a Zen Koan for people who only think in terms of technical risks and solutions.

            • By digiown 2026-01-3020:39

              xkcd 538 can be defeated by a duress wipe feature like the one GrapheneOS has. Your life might be in jeopardy, but the data will be safe.

      • By digiown 2026-01-3020:221 reply

        It's not quite settled whether the FBI is able to demand you to decrypt data for now. If this becomes widespread enough, they might try to get SCOTUS to decide this, which may or may not end privacy once and for all.

        • By fragmede 2026-01-3020:28

          I thought it was. I thought passcodes can't be demanded but biometrics could.

    • By dgellow 2026-01-3112:541 reply

      Cannot you then be charged for interfering with the investigation or deleting evidences? It’s not like law enforcement will be “damn, we’ve been outsmarted, let’s move on”

      (To be clear I’m not in support of anything close to the current state of affairs and wish we had way stronger privacy rights even in the case of police investigations)

      • By yencabulator 2026-02-0122:131 reply

        My fingerprints regularly fail to get recognized, across multiple scanners. If you can be charged for doing it "accidentally on purpose", then I can be charged for doing it even if I were innocent.

        • By dgellow 2026-02-0310:10

          Not a lawyer, but I wouldn’t be surprised if that’s actually the case :(

    • By j45 2026-01-3020:51

      Biometrics should never ever be a username+password. At most a username.

    • By drnick1 2026-01-3020:201 reply

      This. Reporters should NOT be using a phone that isn't running GrapheneOS.

      The duress password feature is also useful. Entering it will completely wipe the phone and reset it to factory.

      • By digiown 2026-01-3020:232 reply

        Obviously it will work. But it's fairly likely this will get you arrested for destroying evidence.

        • By __MatrixMan__ 2026-01-3020:351 reply

          A better strategy would be to configure multiple profiles and when they ask you to unlock your phone you use the pin that unlocks the boring one.

          We just need a UX which makes it impossible to know how many profiles a phone has configured. Not some kind of sneaky hidden mode that you can be labeled a terrorist for having enabled, just that's how it works--you have to know a profile exists in order to log into it.

          Of course it's not going to stand up to forensic scrutiny, but that's not what the feature is about anyhow.

          • By digiown 2026-01-3020:42

            For an organization, a better strategy is to never store anything of value on the phone, and have a remote server in a safe place. The phone acts as a thin client to access server. The key in turn is easy to hide in a plausibly-deniable way or simply memorized. The server can also revoke the key, rendering it useless even if it is revealed at a later date.

            This is famously used by Uber to protect their systems from the French police, for instance.

            https://en.wikipedia.org/wiki/Uber_Files#Kill_switch

        • By yencabulator 2026-02-0122:16

          Erase keys and start overwriting storage with random data while always keeping the "please enter your PIN" screen visible?

    • By raw_anon_1111 2026-01-3023:38

      How does that protect you from rubber hose decryption like in this case? You get beat enough, you’ll unlock your phone

    • By dostick 2026-02-0122:53

      The iPhone Lockdown feature- press power button 5 time to activate.

    • By kgwxd 2026-01-3021:51

      without exception, bio metrics should be in-addition-to a password, never the only method. just because it's constantly sold as a convenience alternative, doesn't make it right.

  • By jp191919 2026-01-3020:151 reply

    Anyone in journalism should know not to be using biometrics. I use it, but know how to quickly disable it. If using fingerprint, you can always offer up the wrong digit, a few fails should make it fallback to pin.

    • By craftkiller 2026-01-3022:27

      So all an adversary/the police need to do is watch you unlock your phone once to know which finger to use? Trivial considering how often we unlock our phones and how many cameras exist.

  • By wbshaw 2026-01-3114:05

    I have heard for years that this is a common tactic used by TSA when you get selected for special screening. Basically, they couldn't force you to divulge your unlock code. However, if you left your phone in a vulnerable state w/r/t biometrics, they could unlock your phone on your behalf without permission.

    Mine gets a quick reboot for going into a checkpoint. This disables biometrics until I enter a passcode.

HackerNews

About