Slashdot Mirror
Apple: Terrorist's Apple ID Password Changed In Government Custody (buzzfeed.com)
An anonymous reader writes: The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
I understand that the government can issue a warrant, completely in the spirit of the 4th amendment. However, how can they "deputize" or force independent individuals/organizations to do their bidding?
This whole charade smells of the government abusing this one request to make precedent for future requests.
They have somebody on the inside to mess with it? Chain of custody for evidence in major federal incidents is usually watertight specifically to avoid this kind of thing.
or just a asshat nutcase? He targeted a place he worked. Back in my day we just called this "Going Postal" and acknowledged that whatever flimsy excuse the shooter used was largely irrelevant. I don't know, but I do hate seeing crap like this scaring the hell out of Americans and making them willing to chunk freedom and demands for better living/working conditions out the door if only someone will please protect us from these terrorists...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
A known way around the encryption, if you backup to iCloud, is to reset the password on the iCloud account and restore the iCloud backup to a new device.
Might I suggest Enhanced interrogation for the entire health department, I hear it is still legal.
So apple can show that the iPhone was tampered with after the government took possession. Well that makes the information on the phone totally suspect.
That to me shows there is no reason to decrypt the phone as nothing on it can be trusted to be authentic any more.
For example, highly paranoid version,
Did the CIA get someone to re-image the phone and plant false information.
The latest development is that the IP address used to change the Apple ID password was from within a US military network.
Trying to cover up a false flag, are we?
bring it back to its home or office.. it will backup on power and a know SSID wifi
Only if it's configured to do so. That's not configured by default.
"The Apple senior executives also pushed back on the government’s arguments that Apple’s actions were a marketing ploy, saying they were instead based on their love for the country and desire not to see civil liberties tossed aside."
Would you believe "love of their country" as a motivation for any large organization, including government agencies?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves. In this case, you can be sure the FBI and/or NSA will keep the code for next time they need it. The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
Achille Talon
Hop!
apple( and other big techs) was happy to comply with governments in earlier cases. what changed? falling sales? and stock price? conscience?
in any case, how to act on this issue should be based on well articulated principles, not ad hoc decisions by ceos and executives( which can change with the wind).
No, but I didn't know how to express sarcastic tears in writing.
Dead men don't get trials.
A known way around the encryption, if you backup to iCloud, is to reset the password on the iCloud account and restore the iCloud backup to a new device.
From what I read, the iCloud backup — which Apple provided to the FBI — was a month old prior to the attack.
This phone belonged to the place where this guy worked. So when he murdered a bunch of people, I am sure HR started a process to terminate his network access and revoke his use of things like this phone, in part by changing the passwords.
He may have died in a shower of bullets but god damn it Sally in HR was gonna cross every T and dot every i on that termination form!
Sig for hire.
The FBI arrested the guy that supplied the guns used in the shooting. He is currently charged with providing material support to terrorists, which means they need to find evidence that he provided the weapons with the intent to support this particular attack. Otherwise they probably only can push weapons-related charges.
As he was buddies with the owner of the iPhone, odds are all they evidence they want against this guy is on that phone.
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
That's all they are asking for.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it, but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
If it's that easy to modify the firmware, why in the hell can't the government do it themselves? Really?
Sorry... One Hundred BILLION DOLLARS!!!!
http://www.politico.com/f/?id=...
DOJ filing, page 18, footnote 7.
(credit: https://twitter.com/grimmelm/s... on twitter)
The article says that Apple sent engineers to get the iPhone to connect to a known Wi-Fi network "and triggering an iCloud backup." It doesn't say if they were hoping it would do it on its own or if they had a method to trigger the backup.
If the US govt can force them to do it, the Chinese govt can force them to do it. And so on.
Apple has over $200 Billion in cash. They problably made a million in the time it took you to write your post. Money is a meaningless incentive to them (as well as a meaningless impediment to doing what was asked).
No. The reason Apple makes so much money is because many believe the
set of devices and software services provided by Apple are sufficiently secure.
If Apple caves... entire markets will look for other options.
Sure, at one level this is about money.
The writ compels Apple to develop and provide a service and
business Apple does not want to be in. A service that risks their
cash generation services in fact.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
If protection of civil liberties is a marketing ploy, it's a damn good one. I'm all in.
You only get 5GB of free iCloud storage. Once you reach that limit, backups stop.
It's entirely possible that he reached the limit as he took more photos and video. It's for that very reason I needed to upgrade to the 50GB plan, or else I would have to reduce or turn off Photos from being backed up.
Life is not for the lazy.
So he had an accomplice of some type?
Yes, his employer's IT department.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
On iOS your employer can put a certificate on your device that allows them to get into the device they loan you.
Too bad they didn't do it, HR could have gotten the FBI in.
http://lkml.org/lkml/2005/8/20/95
And only if it's been unlocked since the last reboot. (it's been powered down since then, so there's no way to touch the data on it.)
then why not just ask that employee what they changed it to? Or is it, since it's been changed but this phone hasn't been synced, the security chain is now broken? I've dealt with Airwatch MDM, pushing out updates to iPads, etc...but I don't know the intricacy of IOS security (and apparently, neither does the FBI). I'd hate to be the employee who did this; even if it is "standard protocol" they should have realized that this isn't a "standard employee firing" and should have asked their manager FIRST, who should have said "let me clear this with the FBI" or such.
All the "legal justification" any American needs is that government exists for the people and not the other way around.
So, your iPhone is apparently secure but if you back it up to iCloud you lose all that security? WHAAATTTT....good to know, just another reason to never get an iPhone....
You forget that the phone is locked and likely there are trip-wires resulting in key-deletion on at least some attacks. That alone makes any updates very much non-trivial.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Only if the phone was on the air. That is the first thing any halfway competent forensics person stops. You can too, a tin-can is enough. Of course, in the future, we will see phones that wipe themselves after a while in that state. It is really pathetic that ordinary citizens need to think about protecting themselves from the government again. Have they learned absolutely nothing from history?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Ownership" is the right to say "No." If Apple can't say no to writing a new way to access their own devices, then they don't own Apple. The FBI is not asking for access. They are asking for a service to be performed.... and not by any one individual... by a company. Last I heard, there is no enlistment right for corporations (yeah, yeah, despite corporate personhood). You can buy something, you can lend something. But if you can't tell someone "no" when they request your services, they own you. And FBI does not own Apple. They are not asking for something which already exists. They asking for work to be performed at their behest. This case is becoming about more than the right to privacy. It's becoming about the right to not be deputized at a judge's pen stroke. If Apple can be compelled to write code because FBI so chooses, then anyone can.
Any guest worker system is indistinguishable from indentured servitude.
But if Apple gives them a program which would allow it, they can use it in the future on ANY phone. In fact, anyone who gets hold of the program would be able to use it in the future on any phone.
Any guest worker system is indistinguishable from indentured servitude.
Serious question: if the iPhones and their components are actually manufactured in China, wouldn't that suggest that if the Chinese government wants the info (hardware and firmware) on the inner workings of the iPhone then they probably already have it? Wouldn't it be likely that at least some of the folks working in these factories may have provided the PRC with that info, perhaps under threat? And given the known vulnerabilities of digital certificates vis-a-vis the ability of any given CA to issue bogus certs, might not they already have the means to load modified firmware onto an iPhone?
If Apple caves... entire markets will look for other options.
I don't think that's quite true. If Apple caves, most people won't care, since most people think the government has a right to search an ex-terrorist's cell phone, and most people won't consider the implications.
The scenario where the shit hits the fan for Apple is some months or years later, when the technique Apple provided the government to unlock the phone somehow escapes into the wild, and suddenly every iPhone is easy game for hackers and identify thieves.
That's when Apple's ability to sell cell phones goes away, and probably they get hit with a number of expensive lawsuits as well.
I don't care if it's 90,000 hectares. That lake was not my doing.
Help the FBI out. Write them their little app and let them crack the iPhone. Even though it appears that this is just an exercise in making you jump when the Justice Department whistles.
Then, go back to the drawing board and, between an OS patch and maybe some more secure hardware, fix it so that your back door program never works on a new phone.
Have gnu, will travel.
4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- Cornell Legal Information Institute
If the search is reasonable, I'm not seeing the hangup.
It's nice to have an unbreakable lockbox against anyone, even the NSA, but once the search is reasonable, ought not the device be decrypted?
Microsoft and Google also have the resources to reverse engineer any protections in place, write a version of Windows/Android for iDevices, and help the FBI out. Why not serve them with a writ to provide the same information?
Oh, right, because slavery is fucking illegal in the US. Of course, that applies just as well to Apple.
"Slavery", you say? Tell me, how do you define "forced to work against your will for no pay?"
Apple has a public relations duty to milk as much attention and publicity out of this case as they can.
They're doing real good so far.
was that he dragged his wife along and she was too beat down to say no. There was just an article here talking about how you could be made to hurt folks when ordered to (the Nazi's came up, and I just godwin'd this thread...)
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
And just adding fuel to the fire. Real terrorist have an agenda. They're trying to accomplish something. Asshat nutcases are either mentally ill or financially desperate.
There's two distinct classes there. You can't do much about the mentally ill except watch out for them and give them what help our science has. For the destitute you can stop oppressing them. We do horrible, horrible things to people in the middle east. We do worse to folks in South America. These people don't hate our freedom, they hate what we've done to them. Isis aren't terrorists. They're a bunch of men with no jobs and no wives. I suspect the shooter in San Bernadino was severely mentally ill.
Given a chance most people will choose honesty if their brain chemistry allows it. That's why the Mob eventually got busted. Rather than rail on against them as criminals start asking why they turned to crime in the first place. Start getting at root causes and the real social distortions that take what started out as a young boy and turn him into a killer ready to throw it all away.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
But if you can't tell someone "no" when they request your services, they own you.
--
Your ideas intrigued me, and I tried subscribing to your newsletter.
[At airport] "Step back in line sir.
"Do you own me?
[In airplane] "Sir, your boarding pass says seat 21D. Can you sit there instead?
"Do you own me?
[At home] "Darling, take out the garbage?
"Do you own me?
[Finally, my dog learnt this new trick]
Me:"Get off the sofa dog
"BowWowGrBoww Bo EeWwof Gruff Woff" ("Do you own me?)
I forgot to login earlier I am the anonymous coward
To err is to be human, to really screw up takes a computer and a human.
... at least for the crucial systems, like the one holding the name, emails, hashed passwords, etc of the accounts?!
Ok, maybe they just have some redundant storage for the bulk backups/media (possibly with some backups, with limited history) but the system that keeps customer's metadata should have a backup history going back for years, if not a full journal-ed implementation.
They could use the data from those backups to just reset back the password on the server to whatever it was earlier.
Why isn't open carry enough Rambo?
I don't think you've got the issue here quite right. There's a couple reasons to believe that the 4th Amendment is not applicable in this case. The user of the phone is dead, so a lot of his privacy and autonomy interests are nullified now. He has no papers or effects that belong to him because he's a legal non-person. At best you could argue a chilling effect for other iPhone users -- and that's a pretty good argument. But thing this wasn't even his phone, it belonged to his employer. So while I think the 4th should be applied to phones owned or leased by living users, if the employer has no objection to the government searching the phone I don't see how the 4th applies in this case.
I've heard two serious issues actually raised, namely (1) that what the government is asking Apple to do is bad for the privacy of Apple's customers and (2) that the government has overstepped its authority in what it can compel Apple to do. This isn't a case of Apple sharing documents it has access to with the government, in fact Apple has already done that; the government is in effect asking Apple to develop a new tool that will give it easy access to any iPhone, any time, not just this one.
Aside from the fact that if Apple did it's job well (what are the chances?) developing this tool should be non-trivial, in absence of some kind of established oversight mechanism for using such toolsk the public shouldn't be too keen on letting the government have them.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
No, what they were saying was that if the password hadn't been changed, the phone might have initiated an auto-backup to iCloud that wasn't encrypted in a way that's inaccessible to Apple. The phone would do its own decrypting. But because the password was changed, the phone can't initiate an automatic backup.
They do not ask Apple to modify the firmware on all iPhones they are selling.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves.
Why would the FBI and/or NSA need the DoJ's permission to do this? Why do they not already have it? If they could do it, they would have done it, and wouldn't have to deal with Apple at all. This would be a non-story, there would be no writ.
It needs to be signed by Apple. If Apple creates new, legitimate firmware which bypasses these security precautions, what do you think happens after? The answers should be obvious:
(1) the FBI is going to come back again and again, except with precedent,
or,
(2) the FBI is now going to be able to use this firmware on iphones other than the San Bernardino shooter's iphone.
The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
Your thinking on this is completely backwards. If you believe that these safeguards can be circumvented, then this is pure bullshit from the FBI. Given that anyone can modify the firmware, then they do not need Apple's help.
iPhones will only execute signed Apple code. You'd have to be really good at modifying firmware without breaking it's signature; basically only Apple can do it.
If the backups were disabled by the user at that point, then that would be a show-stopper. If it simply stopped backing up, Apple could always bump up the quota on that account, and the device would automatically detect that it had space, and then it would back itself up.
Unfortunately, somebody changed the password on the iCloud account, making that approach impossible.
Check out my sci-fi/humor trilogy at PatriotsBooks.
They've already done that. The remaining problem is that the user's passcode is entangled with a hardware key that can only be obtained by either using a custom OS (which Apple would have to agree to produce) or by destroying evidence—specifically, uncapping the CPU and then using an electron microscope on its guts, if memory serves.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Simple, F*ck the FBI and bullshit like this.
So there are 4 security flaws in the "encrypted" iCloud backups?
https://support.apple.com/kb/PH12519?locale=en_US
If I'm reading that right, SMS is backed up.
Is there any reason why Apple can't at least change the guys password? Then restore the backup to a new iPhone using the same account?
Like what else is on an iPhone that ISN'T backed up nowadays? Presumably the FBI have got his Gmail account compromised, I'd assume they've got his Apple account?
Heck even the photos are backed up.
In these instances, with a death certificate and FBI Warrant info, surely resetting a password is ok, or no? I'm all for privacy and glad Apple encrypt things but I'm curious why a restoration won't provide them with a heap of information they are already after?
Surely you do this the other way round and have Apple create a fake icloud site that accepts any username & password? You set the trusted network to have the icloud dns for that network point to fedcloud.com instead instead of icloud.com and slurp away? If Apple can provide an older backup then surely the backups cannot be encrypted at apples end and if you have legally compelled Apple to help, it's not like you would have issues with keys for the site? Any idea why the feds wouldn't ask Apple to do this instead? What am I missing?
Attorney: Unlikely Malik could 'carry a weapon or wear some type of a vest or do any of this' ref
...this is what more government looks like.
I am totally in agreement with Apple and their arguments are sound, the "can't compel" and "free speech" arguments of many Apple supporters however, are full of shit. EVERY SINGLE BUSINESS in the country is "compelled" by the feds to conduct their business in a certain way. It's called regulation.
Seems to me that the DOJ is going about this the wrong way. As the Affordable Care act has shown the government can't compel a private actor to do something. But it can tax the hell out of their refusal to do so.
I'm rather surprised they haven't schemed to let Apple continue to refuse but impose a tax of a billion dollars a day for doing so.
I have a gun on my hip right now, idiot. I own a computer shop. There's actually a shotgun under the counter too. I'm very accurate with this S&W MP Shield 9mm at the range by the way. I also have hours of gun safety and proper tactical use and I've been in some very extreme situations before and always keep completely cool and level headed in them. Go back to trolling someone else you weak-minded pathetic anti-gun lunatic.
Well now there's an interesting thought. I wonder if Apple could just reconfigure his iCloud account to accept whatever password the phone provides as valid and accept the backup from there...? It would be like a man-in-the-middle attack except Apple is itself a trusted endpoint so maybe they could futz with the iCloud security to allow this phone to backup to it. Could Apple spoof an endpoint that way?
Whoever last worked on my current project is guilty of hate code.
Intron: the portion of DNA which expresses nothing useful.
It wasn't a bribe. He was just invited over for drinks. And free room and board. And free hunting and fishing. But definitely not a bribe. You can read Scalia's own explanation of why these things aren't a cause for concern when he took a trip with Cheney WHILE CHENEY HAD A CASE BEFORE THE COURT.
Intron: the portion of DNA which expresses nothing useful.
Um, no. The phone has a different password than the cloud. The phone is not going to update its password to the cloud. The phone's password must be updated separately.
Well, there's spam egg sausage and spam, that's not got much spam in it.
The court that issued the order doesn't think it's unlawful.
The order is unconstitutional, for the same reason they cannot order Linus Torvalds or other experts in the industry with unique talent to appear in court and provide a special version of the open source LUKS which allows unlimited password attempts to explain Android encryption, Because Apple is not a party to the case, and the order is not to produce some form of evidence in their possession.
If they want to modify it to an order that might be lawful, then they should order Apple to deliver the complete iOS source code, so they can engineer the modification themselves, then order Apple to produce all the cryptographic signing keys in their possession.
Yes, changing that iCloud password screwed the pooch. Also, backups don't occur unless the iPhone has a WiFi connection. Obviously you need to get into that phone to have it connect to a new network. But, if the FBI had access to the original home router or cable modem that provided WiFi, then it will start backing up on it's own once a day assuming the iCloud quota was increased.
Life is not for the lazy.
I'm really interested in your statement that "code is speech" and therefore protected by the First Amendment. Are you able to cite any supporting materials on that please? The reason being that if, in the eyes of the law, software really is equivalent to speech, then I doubt that it can be patented. Successfully proving your claim could have massive impact, for example, for all those who have signed patent licensing deals with Microsoft...
..... get over it. No more prying required. Guilty person found and removed.
www.iphoneasyunlock.com
Casteism