iPhone + TSA security-fail combo

An argument for paper boarding passes:

The airlines will now email you your boarding pass, which is a nice time-saver. And if you're like everyone else I know, you have a passcode on your phone but with at least a 5 minute timeout on it, so that you don't have to type your code repeatedly while you're actively using the phone. (It's a tradeoff, and one that almost everyone chooses.)

So you get to the front of the security line, wave your phone in front of the barcode scanner, and then you are forced to toss your phone in the basket for the x-ray machine.

So now you're guaranteed that your phone is both unlocked and out of your possession. What would Michael Westen say!

Not to mention, if you are lucky enough to get some kind of "special treatment" from TSA, there's nothing technical that stops them from browsing through your email, as long as they do it quickly enough, or just tap the power button every few minutes to keep it from ever hitting the lock timeout.

There's no "lock immediately" command on the iPhone. Changing that setting is buried half a dozen levels deep in preferences and hard to find. Siri doesn't understand "lock my phone now" either. (And even if Siri did work, Siri doesn't work -- like you're gonna have functional data service in an airport!)

If you don't remember to change that setting before you get to the airport, I guess you could just power the phone fully off after waving it at the barcode scanner in the security line, but you'll need to power it on again to scan it at the boarding gate, and that burns battery like crazy during the 5 minutes it takes to boot up.

Jumping through those hoops is a level of paranoia that will make most people just say, "eh, fuck it, probably nothing will go wrong", and almost all the time they'll be right -- except when they're not, which is why security issues like this should fail safe.

Tags: , , ,

56 Responses:

  1. Slack says:

    ... but you can just press the sleep button after waving over the barcode reader.

    • jwz says:

      That doesn't lock the phone! It just turns off the screen.

      • Slack says:

        Really? I have a 3 minute time-out on my phone. Just did the following:

        1. unlocked phone
        2. performed a random phone-ish task
        3. pressed sleep button
        4. immediately pressed home button.
        5. slid to unlock
        6. was prompted to enter my passcode.

        That is the desired behavior, right?

        I was sure it'd always worked this way, but maybe it's the newest firmware…

        • Slack says:

          ok, now I'm on the trolly.

          The difference between the "require passcode" under settings->general->passcode as opposed to the "auto-lock" under settings->general.

        • jwz says:

          No, that's not how any of my iPhones have ever worked. I believe it is false that you have a 3 minute timeout set.

        • pavel_lishin says:

          My phone does not work this way. After step 5, the phone does not prompt me for my password. Autolock is set to 3 minutes, passcode lock is on. Keep in mind that under the "require passcode" setting, I have mine set to "After 15 minutes" instead of immediately - this is a convenience feature that I (and probably many others) have in case they lock their phone right before remembering that they still have another task they want to do.

      • Travis Roy says:

        Well that's just silly. On android forcing sleep re-locks. Perhaps there's an app that will sleep+lock the phone?

      • John Chu says:

        Just tried it again to double check I haven't been imagining this behavior for the past few years. Yup. For me, not only does pressing the sleep button turn off the screen, but it locks the phone.

        • jwz says:

          I will use small words:

          Your phone is set to lock immediately.

          Read the first paragraph again until you understand it.

          • John Chu says:

            Unfortunately, I (like apparently a few others) have inadvertently annoyed you by interpreting "timeout" as the time it takes to go to sleep rather than the time it takes to lock once the iPhone does go to sleep. The problem here, of course, is that those of us to did so thought we did understand it. Again, my apologies for what really was an honest mistake.

  2. Steve says:

    It locks my iPhone. Unlock, press top sleepy button, press home button, prompted for passcode.

    • jwz says:

      Will you please read what I fucking wrote? In the first paragraph?

      • Dorian says:

        The "auto-lock" can go from 1min to never. That's just for the phone to go to the "lock screen".

        The passlock can be set to timeout as soon as your is goes to the lock screen or make it wait.

        They're two different settings for two different time outs that people are confusing.

  3. Ed says:

    HEY EVERYONE, LET'S NOT WASTE HIS FUCKING TIME TELLING HIM ABOUT HOW YOU CAN MAKE IT LOCK IMMEDIATELY. THAT SUCKS FOR EVERYDAY USE AND HE KNOWS ABOUT IT :-(

    • Preed says:

      But if you ignore that detail, isn't the point of this "story" effectively "BREAKING: people have stupid settings on their cellphone, because they're lazy and don't give a shit about security, and here is just one of the gazillion ways that you can be fucked over by your own not-caring."

      Or maybe "Example 32,853,193 where users chose usability over security on the usability vs. security spectrum, and will be screwed by that choice."

      Neither seem particularly "OMG wow revelation" to me.

      Though, it does raise an interesting question: what's the iPhone's default setting for "require passcode"? If it's not "immediate," then yah, this becomes interesting again, but... again, not solely because of this specific use case.

      • jwz says:

        Hello, that's how security works. You can slavishly adhere to strict protocols, which in this case would probably be something like, "don't even bring your phone to the airport", or you can make what appear to be sane trade-offs between "secure" and "still able to actually get shit done".

        I noticed a fucked up interaction between the pretty-sane settings that I and a lot of other people use; and the goofball hoops TSA makes you go through.

        If you want to characterize that as "lazy and not giving a shit about security", well, ok, eat a dick.

        • Preed says:

          I agree with you that it is a fucked up interaction, and I agree with you that there's a lot of hoops/process the TSA makes you go through that don't make logical sense when scrutinized.

          My point was merely: when I first read your post, my initial thought was "My iPhone doesn't work like that; I don't know what he's talking about." I glossed right past your initial paragraph. Then I saw the first few responses (wherein you so-kindly clarified what your "require passcode" settings are), and finally understood what you were complaining about.

          It's a totally valid complaint.

          BUT, not having your phone lock itself when you put it to sleep can fuck you over in myriad ways, so I was just pointing out: doesn't seem all that interesting/unique. (Among others, my mind immediately went to "What fun can we conjure up during a police traffic stop?")

          But yes, you make an extremely good point that the iPhone should have a "lock now" feature; I never actually realized that it doesn't, because in my case, it seemingly does have that feature.

          My question about "What is the iPhone's default 'require passcode' setting?" would still be interesting to know; maybe in the default setting it does, as you suggest, fail safe. If that's the case, then it's hard to argue that they didn't at least try...

          • jwz says:

            I think the out-of-box default is to not have a passcode at all, isn't it?

            Apparently more people than I thought have their phone lock with a passcode as soon as the screen goes dark. I find the phone unusable that way, because I habitually power off the screen before I put it in my pocket so that I don't ghost-type at it, which means that if I get an SMS; reply; pocket the phone; get another SMS 30 seconds later; reply; repeat -- I have to type my passcode the first time, but not the subsequent times unless 5 minutes passed. Yes, if someone snatches my phone in those 5 minutes, they get an unlocked phone, but that's a small window in most situations.

  4. John Chu says:

    Oh, oops. I didn't realize there was a "require passcode" setting under Passcode Lock. I think I will leave mine set at "Immediately" though. Auto-lock is already set at 5 minutes. That's plenty for me.

    Making it lock immediately does not suck for me. I'm sorry though that it does for you.

    • agamemnon says:

      Congratulations, John Chu! In your three brief entries on this page, you have scored the Lame-Ass Sysadmin Trifecta! Beginning with "It Works For Me" followed with "I Didn't Read the Bug Report" and a stylish if snarky "Well Don't Do That Then". A remarkable performance and accomplishment, John Chu! Thank you so much for playing!

      • John Chu says:

        Actually, it was the other way around. The comment you responded to last was my second comment. I am sincere about acknowledging how badly I screwed up, but I understand if you don't believe me.

  5. nandhp says:

    Disclaimer: I've never used a mobile boarding pass myself, but in the past week I've stood in two lines with people who were using them.

    The other difference is that they seem to have started making customers with mobile boarding passes scan their boarding pass; whereas if you have a paper boarding pass they just scribble on it.

    • nandhp says:

      Right. I forgot to adjust my comment to take into account what you already wrote. So let's try this instead:

      The other argument for paper boarding passes is that the TSA doesn't (yet) seem to insist on scanning them; they just scribble on them.

      • jwz says:

        Who cares if they scan them? It's not like they don't know I'm there already.

        • 205guy says:

          Yeah, I thought the scanning was the key point as well. Because now they know exactly where you are that moment, and that you will soon step away from your unlocked phone. It's all very plausible, but if you're paranoid like that, you gotta believe "they" can get around passcodes anyway.

        • Sean says:

          BTW, TSA does plan to start scanning the paper passes as well - this is an element of TSA Precheck. Your eligibility to use the 'fast' lane will be encoded in the barcode.

      • Sean says:

        The argument for not using your phone as a boarding pass is this: the barcode scanners are NOT OWNED BY TSA, but BY THE AIRLINES. This means: if they are broken, borked, or otherwise out of service, and you have just stood in line for 15 minutes to clear security, TSA will shrug their shoulders, turn you around, and send you back to get a printed pass. There is no fail-safe, no contingency. Just "sorry". My co-worker has had this happen twice; as a result I will be sticking with paper. It's not THAT much of a timesaver.

  6. Kevin says:

    Would putting the phone into your carry-on luggage help? Every time I've received the grope treatment, they've kept my bags near me where I could keep an eye on them. It doesn't solve the problem entirely, but it makes it much easier to detect. I also don't think I've ever made it from "scanning my boarding pass" to "hands on crotch" in under five minutes.

  7. Buz Deadwax says:

    A BETTER argument for paper boarding passes:

    ...My phone just bricked
    ...My email is down
    ...My battery is dying
    ...I can't get online

    Oh look... Here's my printout!
    http://www.dubfire.net/boarding_pass/
    http://bbryson.com/bill/2007/10/12/have-you-ever-printed-a-boarding-pass/
    http://nathanbarry.com/no-fly-list/

  8. DFB says:

    iPhones take 5 minutes to boot?

    • jwz says:

      They take fucking forever to boot - but you only have to do it like every six months, e.g. When as OS upgrade is available.

      • DFB says:

        Have you accumulated any Apple insider contacts yet? It didn't take long to determine that Apple does not reduce the SQLlite busy_timeout from it's default value of 1000 ms. When Android tuned that, years ago, because of a request on your old livejournal blog, it reduced Android boot time by more than half.

        smh

        • Jeffrey Paul says:

          While I know our overlord here is a fairly notorious and expert curmudgeon, surely out of the millions of Android users and thousands of that set that are technically inclined, nobody thought to do this until jwz pointed it out? Is the pocket-protector-plex REALLY that short on cranky old unix haters?

          If this anecdote is true, I honestly fear for us all.

          • DFB says:

            Apple has had years more and hasn't figured it out yet. And it wasn't jwz's request, it was a commenter's.

  9. Sean Graham says:

    I've set my iPhone lock screen background to the barcode in the past, so it shows up on the lock screen without me having to unlock it.

  10. nooj says:

    > there's nothing technical that stops TSA from browsing through your email

    Kind of a wild-ass guess, here, but doesn't the Fourth Amendment stop them?

    Bwahahahaa, Fourth Amendment. I crack myself up!

    • Wil says:

      No, the 4th amendment does not stop them. There are differing interpretations on this, but either you're no longer on U.S. soil (you're in international no-man's-land once you cross the retry point) and/or TSA regulations and the PATRIOT ACT have been setup to allow electronic devices to be searched when crossing that invisible barrier. You are not, however, currently required to disclose your passcode.

      • Martin says:

        You are still in the US and you are still protected against UNREASONABLE searches by the 4th amendment.
        Problem is, the courts have decided (for now) that searching you (and your phone) at the border IS reasonable...

  11. Otto says:

    And if you're like everyone else I know, you have a passcode on your phone but with at least a 5 minute timeout on it, so that you don't have to type your code repeatedly while you're actively using the phone. (It's a tradeoff, and one that almost everyone chooses.)

    I agree in terms of the iPhone.

    On my Android, unlocking it is a much faster operation since it uses the touch-the-dots pattern method, so I've set it to lock immediately when turning off the screen. It works much better than having to type in some number, although it may be less secure.

    Oddly enough, my friends who lock their phones all have it set to lock immediately, but with some large-ish turn-off-screen timeout. I encounter this every time they try to show me something on their phone at the bar.

  12. it took me a while staring at my phone's config page, and re-reading this to figure out how my settings and experiences (and that of a few others) were so at odds with your experience.

    Settings > General
    Auto-lock: 5 minutes
    Passcode lock: on

    From this, I copuldn't figure out WTF you were going on about, but then I looked at
    Settings> general > Passcode lock
    Requre Password: immediately

    So this means unattended, my phone will lock itself after 5 minutes and require password, but if I press the lock button, it locks instantly and requires password.

    I gather that your phone blanks when you press the lock button, and then 5 minutes later, locks itself. superficially similar behavior, but with vastly different repercussions in this scenario.

  13. phuzz says:

    I'd never looked in the passcode settings before as I think our hosted exchange server forces a set of passcode settings when you attach the email account, which is handy as it saves me setting it on each user's phone individually.

    I was trying a flaky version of CyanogenMod 9 on my personal phone, and that allows you to access notifications (eg new SMS) from the lock screen without unlocking, which is both useful and insecure.
    Damn rom wasn't stable though so I'm back to CM7 and having the massive burden of swiping to unlock first.

  14. Lloyd says:

    This is an opportunity for the voice command feature. Just hold down the home button (as you do when you say 'phone ' or 'play ') and say 'lock'.

    • gryazi says:

      Or if I'm understanding this right (Android owner), you just need a "slide this way to really really lock" gesture on the "slide to unlock" screen.

      (And now I've just realized the 'slide to unlock' is completely gratuitous on my phone in its hard case, where the power/sleep button is impossible to hit accidentally, I have to keep the screen off whenever possible to eke out a day of battery life, and I've been hesitating to set a lock pattern because the "slide to unlock" itself is dangerous enough when, y'know, trying to let someone know I can't talk because I'm busy piloting a motor vehicle. Is there a way to get Android to knock that shit off but demand the slideypin after a long timeout like y'all are talking about here?)

      • Wow what a great point. A checkbox besides the slidelock would do.

        • gryazi says:

          Or just slide the lock the opposite way, or up, or... don't both OSes have a lot of dead space at the top for extra slide-widgets except that it would busy up the "simple" display?

          Somehow I suspect the 'up' gesture would make the graphic designers most happy, since there's room (on Android, anyway) to tuck a widget at the bottom of the screen, and that could literally "pull up" the PIN-entry variant of the screen.

  15. Somebody should make an app that calls GSEventLockDevice(), and then distribute it ad hoc to everyone who cares. If I had this, I would probably stick it into the quick launch bar and then remove the auto-lock from my phone. Due to a corporate policy I no longer live under, I got into the habit of continuously unlocking while having SMS conversations.