Give Police Your Passcode or be Jailed | Myki Security Report

A lot has been going on under the theme of data privacy and security this week! Here are the stories you need to know about:

  • Can you be jailed for refusing to give police your smartphone passcode?
  • US approves social media background checks for visa applicants
  • Can Pacemakers be hacked?

Can you be jailed for refusing to give police your smartphone passcode?

If a police officer wants to search the contents of your home, the officer would need to provide a Search Warrant to do so. But what if law enforcement needs to search the contents of your phone? What's the law on that?

In 2014 a US Virginia judge ruled that police can force users to unlock their smartphones with their fingerprints. Law-enforcement agencies however, didn’t use that power until this February, when a federal judge in LA signed a 'digital search warrant' that required a woman to use her fingerprint to unlock her iPhone.

The Fifth Amendment gives defendants in the united states rights to not to say anything that could be used against them legally and a PIN or passcode is personal information protected by this amendment, so it prevents the government from compelling someone to turn over a memorized PIN or passcode.

“Forgetting” the passwords of your electronic devices could be a smart move to avoid complying with a court order - But not every time, as US judges have different opinions on how to punish those who do not unlock their phones.

“Forgetting” the passwords of your electronic devices could be a move to avoid complying with a court order

Last week, in a Florida court one defendant got six months in jail for allegedly refusing to reveal his iPhone passcode. And in a different court in Florida a judge let off a defendant, even though he also claimed to have forgotten the passcode for his phone.

The fifth amendment does not protect your fingerprint!
Wait, is a passcode safer than a fingerprint? A fingerprint and a long passcode provides a good balance between convenience and security—it did, until courts began forcing fingerprint unlocks.

It has become clear that police are willing to ask for warrants for phone-unlocking fingerprints and that judges are willing to sign them—The federal judge in LA moved quickly to sign and execute the warrant because there’s only a 48-hour window during which an iPhone will accept its user’s fingerprints. After that window—or after a restart—the phone will require a PIN or passcode to unlock.

The only way to turn off an iPhone’s fingerprint-reader on the fly—without waiting for the 48-hour window to expire—is to turn it off. When it’s powered back on, it will ask for the device’s PIN or passcode, and won’t accept fingerprints.

The only way to turn off an iPhone’s fingerprint-reader on the fly — is to turn it off.

A dilemma is now faced by law enforcement officials in dealing with the password and encryption issue. It seems like the final word on passwords and encryption will likely come from the United States Supreme Court. Similar hacks and more warrants for fingerprints—may become commonplace as the government confronts increasingly secure devices.

US approves social media background checks for visa applicants:

The Trump administration has approved a new requirement for US visa applicants: social media background checks! - Thanks Trump!

The government will now ask applicants for their social media handles like Twitter/Facebook/Instagram/LinkedIn..

The new questionnaire will ask for social media handles of the last five years

As Reported by Reuters the decision came from the government’s Office of Management and Budget and the new questionnaire will ask for social media handles of the last five years as well biographical information dating back 15 years.

For critics, the new questionnaire represents yet another obstacle that the government is putting in the path of potential immigrants, would-be students and qualified researchers and teachers that may want to go to the United States.

A State Department official claimed that the additional information would only be requested when the department determines that “such information is required to confirm identity or conduct more rigorous national security vetting.”

The State Department expects that about 0.5% of visa applicants will be given the questionnaire. The State Department also stated that providing the information is voluntary, though the questionnaire informs applicants that "individuals who [...] do not provide all the requested information may be denied a US visa”.

Can Pacemakers Be Hacked?

Researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit.

"If you want to keep living, Pay a ransom, or die."

A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Researchers claimed that a hacker could take over the pacemaker and manipulate it from a distance of around 3 meters. The “crash” attack can broadcast a combination of signals that place cardiac devices in a state of malfunction. It can remotely disable a device and possibly cause an implant to “pace at a dangerous rate.”

Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives.

In some cases, researchers discovered unencrypted patients' data stored in the pacemaker programmers, including names, phone numbers, medical information and Social Security numbers,
leaving them wide open for hackers to steal.

In a recent study, researchers analyzed seven different pacemaker products which are known to have over 8,600 vulnerabilities that hackers could exploit

Manufacturers need to address the flaws, and until then It is important now to immediately disable the ability of a pacemaker to communicate with another device wirelessly.

Catch our previous episode here Was British Airways Hacked? and subscribe to our YouTube Channel for more videos!

Download the Myki Password Manager & Authenticator on Android and iPhone

The Myki Security Report is brought to you by the Myki Password Manager Team.