Slashdot Mirror
Apple: Terrorist's Apple ID Password Changed In Government Custody (buzzfeed.com)
An anonymous reader writes: The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
There were two shooters, and they had documented terrorism involvement prior to this, once the investigation traced back far enough.
Most people don't bring their wives with them to help with "random and impulsive" workplace shootings, or set up a bomb factory in their garage weeks / months ahead of time.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves. In this case, you can be sure the FBI and/or NSA will keep the code for next time they need it. The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
Achille Talon
Hop!
Asked why the company is pushing back so hard against this particular FBI request when it has assisted the agency in the past, Apple executives noted that the San Bernadino case is fundamentally different from others in which it was involved. Apple has never before been asked to build an entirely new version of its iOS operating system designed to disable iPhone security measures.
I suppose this is a futile effort here on Slashdot, but maybe perhaps reading the FBI's court brief might answer/allay some of the "smell" of the charade (way to murder a metaphor, m8)
https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.txt
https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.pdf
Moreover, contrary to Apple's recent public statement that the
assistance ordered by the Court “could be used over and over again,
on any number of devices” and that “[t]he government is asking Apple
to hack our own users," the Order is tailored for and limited to this
particular phone. And the Order will facilitate only the FBI's efforts to search the phone; it does not require Apple to conduct the search or access any content on the phone. Nor is compliance with
the Order a threat to other users of Apple products. Apple may
maintain custody of the software, destroy it after its purpose under
the Order has been served, refuse to disseminate it outside of Apple,
and make clear to the world that it does not apply to other devices
or users without lawful court orders. As such, compliance with the
Order presents no danger for any other phone and is not “the
equivalent of a master key, capable of opening hundreds of millions
of locks.”
The FBI arrested the guy that supplied the guns used in the shooting. He is currently charged with providing material support to terrorists, which means they need to find evidence that he provided the weapons with the intent to support this particular attack. Otherwise they probably only can push weapons-related charges.
As he was buddies with the owner of the iPhone, odds are all they evidence they want against this guy is on that phone.
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
The owner of the phone was the County of San Bernardino and it was them that changed the iCloud password as part of their IT security procedures. All of Farook's work accounts were secured by password resets.
I thought that was obvious. But this little detail would present the government in a VERY bad light. To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
It will be interesting to see how the judge reacts to Apple's revelation that the only reason the government is locked out of the phone is because the government changed the password.
The health department might have changed the password as part of their security protocol when an employer-issued smartphone has been lost, stolen, or the employee no longer works for the organisation. Maybe the FBI changed the password. Apple should be able to retrieve the IP address from their log files unless they use SystemD.
http://www.politico.com/f/?id=...
DOJ filing, page 18, footnote 7.
(credit: https://twitter.com/grimmelm/s... on twitter)
There's plenty of legal justification (and more importantly, case law) that the All Writs Act doesn't extend as far as the FBI is trying to push it. And it really doesn't matter what the SCOTUS might think because that would be years off. Far more relevant is the 9th circuit court of appeals. (With a 4-4 SCOTUS, it would remain as they left it).
Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
On iOS your employer can put a certificate on your device that allows them to get into the device they loan you.
Too bad they didn't do it, HR could have gotten the FBI in.
http://lkml.org/lkml/2005/8/20/95
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
And you would fail the bar exam. The password change would allow the opposing side (presumably defense) to challenge the validity and source of whatever information was obtained, but it would still be admitted so that the court (judge and/or jury) can decide how much it should be trusted. Think about a person running from the cops who throws a bag during the chase, and after catching him, go back and find the bag. What they find in the bag is still admissible even though it was out of the suspect's and the police's custody for a period of time. Even if a passerby picked it up and took it, then the police later came and asked if he had it, and he gave it to them, it would still be admissible. The defense would try to argue it could have been tampered with, but would likely lose (barring some evidence of tampering or that the second person had a known grudge against the suspect).
Neither of the bar exams I took had much in the way of evidence questions, and the few that existed tended to be criminal procedure-related (exclusionary rule and so on), not foundation and authenticity. Even if there were some questions about foundation and authenticity, there certainly weren't enough to cause you to fail the bar exam if you got them wrong. I'm also not convinced you're substantively right. Perhaps your particular jurisdiction allows you to enter prosecution exhibits into evidence without affirmatively establishing a prima facie case that the evidence has not been altered. Mine does not.
which again leaves me wondering about the relevance of not being able to back it up to the cloud.
The idea was that they could bring the iPhone back into range of a WiFi network it already knows (e.g. the WiFi network at the terrorists' condo) and within a day or two it would do another automatic cloud backup.
Once that completed, Apple (and therefore the government) would have access to that backup, and therefore could try to break the backup's encryption via brute force without triggering the 10-attempt-failure auto-erase that is present on the phone.
However, since the password was changed, it seems that now the phone will be unable to initiate a backup without someone logging in to the phone first.
I don't care if it's 90,000 hectares. That lake was not my doing.
Please just stop. You're coming off like a 7th grader trying to fake an understanding of neurosurgery after spending 5 minutes googling stuff.
FDE encryption takes place beneath the file layer, at the block level (it's far more effective and secure than file level encryption could ever be.)
XTS doesn't split anything. XTS is essentially an improved version CBC (which is to say block chaining) made necessary by modern large storage devices.
I hope you didn't stumble across one of those anti XTS articles that are still floating around and take it at its word because it sounded technical. Those have been soundly and repeatedly refuted and trashed by those who actually know what they're talking about.
A little googling, in the wrong hands, can be a dangerous thing. OTOH this is slashdot, so you're right at home.
The parent poster didn't say anything about whether it's per-file or block level encryption.
And he's right about XTS keys, to get 128 bit AES, you need a 256 bit XTS key:
https://en.wikipedia.org/wiki/...
XTS makes use of two different keys, usually generated by splitting the supplied block cipher's key in half, without adding any additional security, but complicating the process.[13] According to this source, the reason for this seems to be rooted in a misinterpretation of the original XEX-paper.[7] Because of the splitting, users wanting AES 256 and AES 128 encryption will need to choose key sizes of 512 bits and 256 bits respectively.
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
No, it was the iCloud password that was changed, not the password for the phone. Had that not been changed, the Apple engineers who were assisting the FBI would likely have been able to get the phone to sync to iCloud, which may or may not have provided evidence, depending on the phone settings.
Details matter, even when talking about evidence custody chains. ;)
Also, real world evidence handling is not as strict as represented by the CSI shows, and in this case whatever mishandling was done was not done by the prosecutors. When the prosecutors mishandle evidence, it gets thrown out as a punishment to the prosecutors and a brake on abuse. That is what the "fruit of the poison tree" is all about; punishing prosecutors for ignoring processes and procedures that were put in place to prevent legal abuses that were common in the pre-Constitution period. It is not done out of a broad belief that any evidence that went out of sight after a crime is inadmissible. That would be silly; a murder weapon might change hands numerous times on the black market before being recovered by law enforcement. It is still evidence. In this case some moron from IT at the County level did something bad, not the prosecutors. The person doesn't even work in law enforcement, they work in the health department. The Court isn't going to punish the prosecutors for the mistake of the health worker, so instead the Court would look at if the evidence has a real flaw; is there a reasonable accusation that it was altered, either by the health worker or by Apple? The Court would not worry about a chain of evidence here; that would cover the handling of the evidence after it was collected by law enforcement or prosecutors. This would be before that, so they would look at the material details of any accusation of tampering.
Also, the user of the phone is dead, and so not a suspect. This would be used against other speculative suspects, and so those people wouldn't be able to ask the court to throw it out based on prosecutorial misconduct that happened before they were a suspect. There wouldn't be anybody with standing to make that complaint. They could only challenge it by a material claim that there was a real problem, not just that the procedure hadn't been followed, unless the failure to follow procedure happened later in the process. This is similar to the situation where the police do a warrantless search of your friend, find evidence against you, but your "friend" refuses to challenge the search. Oops, too bad, you can't challenge it for him, and the evidence will be admitted. That happens a lot in drug cases, actually.