Law enforcement and Apple have become locked in an increasingly bitter dispute over the technology company’s heightened encryption—with one senior police officer claiming that the iPhone will “become the phone of choice for the pedophile.”
But where the FBI has failed, others have succeeded in gaining unauthorised access to the handsets, one Harrison Green succeeded. Who is Harrison Green, you ask? A 7-year-old boy.
It’s a perfect example of the dangers that accompany using biometrics to secure data: Cryptographic expert Matthew Green has found his son Harrison bypassing the security measures, CNN Money reports, by swiping the phone with his thumb while he slept.
I woke this morning to find my 7 y/o levering my finger onto the TouchID sensor of my phone. Maybe time to go back to passwords.— Matthew Green (@matthew_d_green) November 25, 2014
Dear FBI: next time you say 'think of the children' I implore you to note how easily mine can bypass Apple encryption using physical attacks— Matthew Green (@matthew_d_green) November 25, 2014
While you can in certain circumstances refuse to divulge your password to law enforcement under the Fifth Amendment (although this isn’t as cut-and-dry as some claim; always consult with a lawyer), no such protections exist for biometric data. The most recent ruling on the matter—from a Virginia Circuit Court judge—says that (with a warrant) police can use your finger to unlock your device without your consent, as no “knowledge” is divulged in the process.
But the case of intrepid Harrison shows that—even if it’s not law enforcement after you—it’s easy to undo the most sophisticated cryptography in the world if you’re relying solely on biometric protections.