Slashdot Mirror
Apple: Terrorist's Apple ID Password Changed In Government Custody (buzzfeed.com)
An anonymous reader writes: The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
I understand that the government can issue a warrant, completely in the spirit of the 4th amendment. However, how can they "deputize" or force independent individuals/organizations to do their bidding?
This whole charade smells of the government abusing this one request to make precedent for future requests.
They have somebody on the inside to mess with it? Chain of custody for evidence in major federal incidents is usually watertight specifically to avoid this kind of thing.
I mean really? this means "senior Apple exec" that the device encryption key is tied to your Apple ID instead of the phone...which is bullshit
or just a asshat nutcase? He targeted a place he worked. Back in my day we just called this "Going Postal" and acknowledged that whatever flimsy excuse the shooter used was largely irrelevant. I don't know, but I do hate seeing crap like this scaring the hell out of Americans and making them willing to chunk freedom and demands for better living/working conditions out the door if only someone will please protect us from these terrorists...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Somebody care to explain that?
So we want to let these government geniuses -- who changed the password -- have a means to change the basic programming of an iPhone. After all, they promise that they'll only use it in really bad cases and that they'll be sure to keep it safe from the bad guys getting it.
Right.
Might I suggest Enhanced interrogation for the entire health department, I hear it is still legal.
From TFA:
"The Apple senior executives also pushed back on the government’s arguments that Apple’s actions were a marketing ploy, saying they were instead based on their love for the country and desire not to see civil liberties tossed aside."
(sniff, sniff. wipes tears)
So apple can show that the iPhone was tampered with after the government took possession. Well that makes the information on the phone totally suspect.
That to me shows there is no reason to decrypt the phone as nothing on it can be trusted to be authentic any more.
For example, highly paranoid version,
Did the CIA get someone to re-image the phone and plant false information.
The latest development is that the IP address used to change the Apple ID password was from within a US military network.
Trying to cover up a false flag, are we?
no more. If they want more they have to give up something, like, say, ONE MILLLLION DOLLARS!
If someone had the Apple ID password and knew to go in and change the password, the phone has probably already been remotely wiped.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves. In this case, you can be sure the FBI and/or NSA will keep the code for next time they need it. The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
Achille Talon
Hop!
apple( and other big techs) was happy to comply with governments in earlier cases. what changed? falling sales? and stock price? conscience?
in any case, how to act on this issue should be based on well articulated principles, not ad hoc decisions by ceos and executives( which can change with the wind).
Dead men don't get trials.
If they ask for it once and get it, they'll come back for it again and again. Apple will be swamped with requests to unlock phones, and they'll earn a reputation for enabling Big Brother. Apple doesn't win by helping.
The NSA might not help the FBI. The NSA doesn't have to cooperate with them, and they do compete for federal dollars.
The FBI might be able to create custom firmware, but they can't sign it, and Apple hardware doesn't run unsigned firmware updates.
Apple has over $200 Billion in cash. They problably made a million in the time it took you to write your post. Money is a meaningless incentive to them (as well as a meaningless impediment to doing what was asked).
This phone belonged to the place where this guy worked. So when he murdered a bunch of people, I am sure HR started a process to terminate his network access and revoke his use of things like this phone, in part by changing the passwords.
He may have died in a shower of bullets but god damn it Sally in HR was gonna cross every T and dot every i on that termination form!
Sig for hire.
The FBI arrested the guy that supplied the guns used in the shooting. He is currently charged with providing material support to terrorists, which means they need to find evidence that he provided the weapons with the intent to support this particular attack. Otherwise they probably only can push weapons-related charges.
As he was buddies with the owner of the iPhone, odds are all they evidence they want against this guy is on that phone.
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
That's all they are asking for.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it, but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
If it's that easy to modify the firmware, why in the hell can't the government do it themselves? Really?
Sorry... One Hundred BILLION DOLLARS!!!!
So, which"government genius" changed the password and what did it get changed to?
http://www.politico.com/f/?id=...
DOJ filing, page 18, footnote 7.
(credit: https://twitter.com/grimmelm/s... on twitter)
...but Apple has a civic duty to fight the unlawful order,
They may have the moral duty, but the civic duty is to either comply with the order or simply explain why they can't. Instead, they are grandstanding in order to "wipe clean" their damaged reputation for playing ball with the NSA.
If the US govt can force them to do it, the Chinese govt can force them to do it. And so on.
Apple has over $200 Billion in cash. They problably made a million in the time it took you to write your post. Money is a meaningless incentive to them (as well as a meaningless impediment to doing what was asked).
No. The reason Apple makes so much money is because many believe the
set of devices and software services provided by Apple are sufficiently secure.
If Apple caves... entire markets will look for other options.
Sure, at one level this is about money.
The writ compels Apple to develop and provide a service and
business Apple does not want to be in. A service that risks their
cash generation services in fact.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
That's all they are asking for.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it,
but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
The court that issued the order doesn't think it's unlawful. And the final decision as to the lawfulness of the order will be reached by a court that thinks eminent domain can be used to profit private corporations.
Remember that in the voting booth - taxes are resources that will be used AGAINST you.
If you're the type that wants to give the government more power and more tax revenue - to "solve problems" - THIS is the kind of "problem" the government is going to use the resources you voted to provide to "solve".
FBI and dept of 'justice' are traitors to the constitution of the united states. They are oathbreakers, traitors, worse than terrorists.
It's only terror when muslims do it (TM).
On iOS your employer can put a certificate on your device that allows them to get into the device they loan you.
Too bad they didn't do it, HR could have gotten the FBI in.
http://lkml.org/lkml/2005/8/20/95
Maybe their associates (other terrorist) were given the passwords to change if something happened.
then why not just ask that employee what they changed it to? Or is it, since it's been changed but this phone hasn't been synced, the security chain is now broken? I've dealt with Airwatch MDM, pushing out updates to iPads, etc...but I don't know the intricacy of IOS security (and apparently, neither does the FBI). I'd hate to be the employee who did this; even if it is "standard protocol" they should have realized that this isn't a "standard employee firing" and should have asked their manager FIRST, who should have said "let me clear this with the FBI" or such.
Apple has previously stated that it has 800 engineers working on just the iphone camera. How many are involved in producing an entire ios version? The number involved in writing the security portion is likely only a small percentage but still substantial, but then this patched code must be merged into the entire codebase. Another new code section must be developed to enable communication with a locked phone for password entry and communicating the success of the unlock feature as well as allowing the entire contents of the phone to be transmitted remotely to the fbi (while not allowing transmission of the modified operating system, of course) this involves the networking team. They then need to figure out how to install onto a locked phone, when installing normally requires unlocking with the passcode involving the installer team. Lastly, they will need to do substantial testing on identical model phones to ensure that the modified version of code, installed on a locked phone does not cause damage to already stored and encrypted data (i.e.different code size, checksums to validate untampered data, etc.). Thus they can assure the fbi that no user data was altered. While I'm sure this is all doable, it would likely involve hundreds of engineers and cost millions and might take weeks to months, not to mention the impact of taking all tese people off of what they are currently working on.
I invite you to write your own "patch" since its not rocket science, im sure there are any number of people willing to pay you for it
All the "legal justification" any American needs is that government exists for the people and not the other way around.
So, your iPhone is apparently secure but if you back it up to iCloud you lose all that security? WHAAATTTT....good to know, just another reason to never get an iPhone....
You forget that the phone is locked and likely there are trip-wires resulting in key-deletion on at least some attacks. That alone makes any updates very much non-trivial.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is a democrat administration doing this. Please make a note of it.
Who you gonna run to in November, eh?
“He’s not deformed, he’s just drunk!”
Ok just so that I understand you can start a backup from device without unlock and Apple is incapable of restoring or otherwise extracting old version of password/key/whatever from log / backup? Okie dokie whatever. I'm done here everyone is spewing bullshit.
"Ownership" is the right to say "No." If Apple can't say no to writing a new way to access their own devices, then they don't own Apple. The FBI is not asking for access. They are asking for a service to be performed.... and not by any one individual... by a company. Last I heard, there is no enlistment right for corporations (yeah, yeah, despite corporate personhood). You can buy something, you can lend something. But if you can't tell someone "no" when they request your services, they own you. And FBI does not own Apple. They are not asking for something which already exists. They asking for work to be performed at their behest. This case is becoming about more than the right to privacy. It's becoming about the right to not be deputized at a judge's pen stroke. If Apple can be compelled to write code because FBI so chooses, then anyone can.
Any guest worker system is indistinguishable from indentured servitude.
But if Apple gives them a program which would allow it, they can use it in the future on ANY phone. In fact, anyone who gets hold of the program would be able to use it in the future on any phone.
Any guest worker system is indistinguishable from indentured servitude.
Serious question: if the iPhones and their components are actually manufactured in China, wouldn't that suggest that if the Chinese government wants the info (hardware and firmware) on the inner workings of the iPhone then they probably already have it? Wouldn't it be likely that at least some of the folks working in these factories may have provided the PRC with that info, perhaps under threat? And given the known vulnerabilities of digital certificates vis-a-vis the ability of any given CA to issue bogus certs, might not they already have the means to load modified firmware onto an iPhone?
If Apple caves... entire markets will look for other options.
I don't think that's quite true. If Apple caves, most people won't care, since most people think the government has a right to search an ex-terrorist's cell phone, and most people won't consider the implications.
The scenario where the shit hits the fan for Apple is some months or years later, when the technique Apple provided the government to unlock the phone somehow escapes into the wild, and suddenly every iPhone is easy game for hackers and identify thieves.
That's when Apple's ability to sell cell phones goes away, and probably they get hit with a number of expensive lawsuits as well.
I don't care if it's 90,000 hectares. That lake was not my doing.
Help the FBI out. Write them their little app and let them crack the iPhone. Even though it appears that this is just an exercise in making you jump when the Justice Department whistles.
Then, go back to the drawing board and, between an OS patch and maybe some more secure hardware, fix it so that your back door program never works on a new phone.
Have gnu, will travel.
Forgot the stupid iphone! Let responsible adults in California carry a gun while going about their daily life. Go do a google news search for the phrsae "concealed carrier stops." Somehow that never makes it into the news. There was a mass shooting about 2 miles away from my house and unfortunately my state has very recently allowed concealed carry permits to get issued so almost nobody has one. If I was there though, he'd have gotten a couple of shots off and then had to deal with an awful lot of trained, accurate return fire.
4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- Cornell Legal Information Institute
If the search is reasonable, I'm not seeing the hangup.
It's nice to have an unbreakable lockbox against anyone, even the NSA, but once the search is reasonable, ought not the device be decrypted?
PKCS #5 v2 (RFC 2898) is the solution to the delay issue. The "delay" will not be a timer, but forced iterations which can't be bypassed.
Microsoft and Google also have the resources to reverse engineer any protections in place, write a version of Windows/Android for iDevices, and help the FBI out. Why not serve them with a writ to provide the same information?
Oh, right, because slavery is fucking illegal in the US. Of course, that applies just as well to Apple.
"Slavery", you say? Tell me, how do you define "forced to work against your will for no pay?"
Apple has a public relations duty to milk as much attention and publicity out of this case as they can.
They're doing real good so far.
Unsolder the nand storage chip or cut the iPhone from around it. Then use or make a nand flash reader to read the encrypted info from the storage chip which is probably an off the shelf nand chip. That why you have engineers at the national security agency for. No need for a iPhone hack when you can read the nand drives contents directly and copy the encrypted data onto a regular computer as a file which you can decrypt.
was that he dragged his wife along and she was too beat down to say no. There was just an article here talking about how you could be made to hurt folks when ordered to (the Nazi's came up, and I just godwin'd this thread...)
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
And just adding fuel to the fire. Real terrorist have an agenda. They're trying to accomplish something. Asshat nutcases are either mentally ill or financially desperate.
There's two distinct classes there. You can't do much about the mentally ill except watch out for them and give them what help our science has. For the destitute you can stop oppressing them. We do horrible, horrible things to people in the middle east. We do worse to folks in South America. These people don't hate our freedom, they hate what we've done to them. Isis aren't terrorists. They're a bunch of men with no jobs and no wives. I suspect the shooter in San Bernadino was severely mentally ill.
Given a chance most people will choose honesty if their brain chemistry allows it. That's why the Mob eventually got busted. Rather than rail on against them as criminals start asking why they turned to crime in the first place. Start getting at root causes and the real social distortions that take what started out as a young boy and turn him into a killer ready to throw it all away.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
But if you can't tell someone "no" when they request your services, they own you.
--
Your ideas intrigued me, and I tried subscribing to your newsletter.
[At airport] "Step back in line sir.
"Do you own me?
[In airplane] "Sir, your boarding pass says seat 21D. Can you sit there instead?
"Do you own me?
[At home] "Darling, take out the garbage?
"Do you own me?
[Finally, my dog learnt this new trick]
Me:"Get off the sofa dog
"BowWowGrBoww Bo EeWwof Gruff Woff" ("Do you own me?)
... at least for the crucial systems, like the one holding the name, emails, hashed passwords, etc of the accounts?!
Ok, maybe they just have some redundant storage for the bulk backups/media (possibly with some backups, with limited history) but the system that keeps customer's metadata should have a backup history going back for years, if not a full journal-ed implementation.
They could use the data from those backups to just reset back the password on the server to whatever it was earlier.
Why isn't open carry enough Rambo?
If Apple wants to do business in China, Apple has to follow the laws and possible court orders in China.
I don't think you've got the issue here quite right. There's a couple reasons to believe that the 4th Amendment is not applicable in this case. The user of the phone is dead, so a lot of his privacy and autonomy interests are nullified now. He has no papers or effects that belong to him because he's a legal non-person. At best you could argue a chilling effect for other iPhone users -- and that's a pretty good argument. But thing this wasn't even his phone, it belonged to his employer. So while I think the 4th should be applied to phones owned or leased by living users, if the employer has no objection to the government searching the phone I don't see how the 4th applies in this case.
I've heard two serious issues actually raised, namely (1) that what the government is asking Apple to do is bad for the privacy of Apple's customers and (2) that the government has overstepped its authority in what it can compel Apple to do. This isn't a case of Apple sharing documents it has access to with the government, in fact Apple has already done that; the government is in effect asking Apple to develop a new tool that will give it easy access to any iPhone, any time, not just this one.
Aside from the fact that if Apple did it's job well (what are the chances?) developing this tool should be non-trivial, in absence of some kind of established oversight mechanism for using such toolsk the public shouldn't be too keen on letting the government have them.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
As a practical joke, it seems rather easy for someone to enter in the wrong PIN (say) 9 times and when the owner picks it up and first time gets it wrong, bricks their phone.
The 10 guess thing also seems like an easy way for someone you don't like to acquire your phone and make life difficult for you, without actually stealing your phone (permanently) or being discoverable as the cause ..
They do not ask Apple to modify the firmware on all iPhones they are selling.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves.
Why would the FBI and/or NSA need the DoJ's permission to do this? Why do they not already have it? If they could do it, they would have done it, and wouldn't have to deal with Apple at all. This would be a non-story, there would be no writ.
It needs to be signed by Apple. If Apple creates new, legitimate firmware which bypasses these security precautions, what do you think happens after? The answers should be obvious:
(1) the FBI is going to come back again and again, except with precedent,
or,
(2) the FBI is now going to be able to use this firmware on iphones other than the San Bernardino shooter's iphone.
The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
Your thinking on this is completely backwards. If you believe that these safeguards can be circumvented, then this is pure bullshit from the FBI. Given that anyone can modify the firmware, then they do not need Apple's help.
iPhones will only execute signed Apple code. You'd have to be really good at modifying firmware without breaking it's signature; basically only Apple can do it.
Well SOB apple, now I have to support you and your overpriced products.
Cabelo made the mistake on purpose.
Simple, F*ck the FBI and bullshit like this.
This is the sad part: Apple has no morals. It's a fucking company, shareholder value is God, all else be damned.
Which one I side with on this? Apple, of course. They're morally right in this one, and the govt dogs are wrong (they often are, alas).
But implying some moral stance of that is plain projection. You could as well assume a quartz crystal feels ashamed.
So there are 4 security flaws in the "encrypted" iCloud backups?
https://support.apple.com/kb/PH12519?locale=en_US
If I'm reading that right, SMS is backed up.
Is there any reason why Apple can't at least change the guys password? Then restore the backup to a new iPhone using the same account?
Like what else is on an iPhone that ISN'T backed up nowadays? Presumably the FBI have got his Gmail account compromised, I'd assume they've got his Apple account?
Heck even the photos are backed up.
In these instances, with a death certificate and FBI Warrant info, surely resetting a password is ok, or no? I'm all for privacy and glad Apple encrypt things but I'm curious why a restoration won't provide them with a heap of information they are already after?
Surely you do this the other way round and have Apple create a fake icloud site that accepts any username & password? You set the trusted network to have the icloud dns for that network point to fedcloud.com instead instead of icloud.com and slurp away? If Apple can provide an older backup then surely the backups cannot be encrypted at apples end and if you have legally compelled Apple to help, it's not like you would have issues with keys for the site? Any idea why the feds wouldn't ask Apple to do this instead? What am I missing?
The other implication is that any safe or lock manufacturer can be rounded up and forced to become a safe cracker.
Attorney: Unlikely Malik could 'carry a weapon or wear some type of a vest or do any of this' ref
Yes, his doctor, psychiatrist or a lawyer might still know the password, but can't be compelled to reveal it.
...this is what more government looks like.
Not true, you can't code software in a crowed theater.
I am totally in agreement with Apple and their arguments are sound, the "can't compel" and "free speech" arguments of many Apple supporters however, are full of shit. EVERY SINGLE BUSINESS in the country is "compelled" by the feds to conduct their business in a certain way. It's called regulation.
Seems to me that the DOJ is going about this the wrong way. As the Affordable Care act has shown the government can't compel a private actor to do something. But it can tax the hell out of their refusal to do so.
I'm rather surprised they haven't schemed to let Apple continue to refuse but impose a tax of a billion dollars a day for doing so.
Can somebody explain me how changing firmware can decrypt encrypted data?
Recording the traffic to and from the phone?
Lazy.
Password was in the apartment they did not secure.
The court that issued the order doesn't think it's unlawful.
The order is unconstitutional, for the same reason they cannot order Linus Torvalds or other experts in the industry with unique talent to appear in court and provide a special version of the open source LUKS which allows unlimited password attempts to explain Android encryption, Because Apple is not a party to the case, and the order is not to produce some form of evidence in their possession.
If they want to modify it to an order that might be lawful, then they should order Apple to deliver the complete iOS source code, so they can engineer the modification themselves, then order Apple to produce all the cryptographic signing keys in their possession.
I'm really interested in your statement that "code is speech" and therefore protected by the First Amendment. Are you able to cite any supporting materials on that please? The reason being that if, in the eyes of the law, software really is equivalent to speech, then I doubt that it can be patented. Successfully proving your claim could have massive impact, for example, for all those who have signed patent licensing deals with Microsoft...
..... get over it. No more prying required. Guilty person found and removed.
This whole charade smells of the government abusing this one request to make precedent for future requests.
No, there will be no need for any future requests. The government is demanding that Apple produce for them a hacking tool (for free) that the government can use against ANY iPhone. The real twist is that there is evidence that the phone's password was changed while in government custody. On most electronic devices you must know the old password in order to change it. Therefore we can logically assume that the government ALREADY KNOWS THE PHONE'S PASSWORD SINCE THEY CHANGED IT! Even if this was a "password reset" (the actual article uses both terms) it could be argued in court that the FBI deliberately reset the password in order to give it the excuse to force Apple to build them their hacking tool as the change made all other forms of data recovery impossible.
www.iphoneasyunlock.com
Casteism
I've read a lot of posts saying the government shouldn't be able order them to produce or create something they don't want to do. How is this any different from the crazy bakery owners that get successfully sued for refusing to make "gay" wedding cakes? Or having to install the weird sinks for midgets and ramps for people in wheel chairs. The government makes businesses do shit they don't want to do all the time. All that being said, I hope Apple sticks to their guns on this one. This case smells of good intentions and paving.
Clinton is a square shooter. Clinton 2016!
Ate too much cheese. Trying to read all this jibber-jabber about Apple and the FBI... But I just can't poop.
The G'vmt already has a way to get the information they want, but do not want to admit they have that program.
It would be easier to get Apple to present it to them and take the heat for giving that information away.
And Apple knows this.