Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data

[BruceEBonus]

UK also wants to spy on the people. Essentially same thing.

http://uk.businessinsider.com/uk-go...-bill-how-it-wants-to-spy-on-citizens-2015-11

Thankfully never on the gun front. That's a US thing. But you're right on the surveillance point. Mile for square mile, the UK has the highest count of CCTV camera coverage in the world. And ironically proportionally a less visible Police presence on the streets because of that. Which isn't a good thing.

 

[gnasher729]

Agreed and the recent error 53 issue shows they even figured on someone trying to switch out components like fingerprint reader. Since all password fingerprint and encryption stays within the phone, their is nothing to intercept as was the case before the secure enclave. The main chip won't power on, no apps communicate to enclave nor does the main chip. It receives the turn on instructions via a secure command from the enclave that changes each time. It's why so many people have bricked phones if they forget their passcode. You can't get it from outside.

Just saying: Your phone isn't _bricked_ if you forget your passcode; you can just reset it, as long as you have the AppleID and password. If you forgot that as well, yes, then it is bricked. If you stole it, then yes, it is bricked. Of course after resetting, all the data is gone.

 

[Rocketman]

I find it interesting and amusing Apple has to resort to disclosing methods and sources and telling the truth to combat not only overreach, but misdirection by the Federal Bureau of Investigation and the Department of Justice (Executive branch agencies). The sheer incompetence of the government from the response to the original incident with literally thousands of officers to the perps getting away entirely, to the way these phones were handled only shows the sheer incompetence of every police agency involved.

BTW I was at the site of the incident the very day before it happened. There is a golf course right across the street as well.

http://www.npr.org/2015/12/04/45842...isit-militarized-mindset-after-mass-shootings

http://www.sbsun.com/general-news/2...police-during-san-bernardino-terrorist-attack

 

[scaramoosh]

It doesn't? The world with Prism, NSA and what not... In the world in which allies spy on each other mass targeting ordinary citizens without forgetting heads of state, CEO's and the regular military and corporate espionage stuff. In this world back doors are very bad idea indeed.

Let them spy who cares? I have nothing to hide.

 

[gnasher729]

the fbi did not change the password. San Bernardino county officials did, while it was in the custody of the FBI.

a San Bernardino county official has now claimed the fbi asked them to; whether or not this is true, we don't know.

Wow. I wouldn't want to be the San Bernardino county official who changed the AppleID password of a man who killed (was it 14? ) people. That could be a charge for destruction of evidence. And it would be common sense that you don't touch anything. Did that official also clean the perpetrators desk and throw away anything inside?

IF THE GUYS PASSWORD WAS "GARY" then they only needed to enter the password "GARY" .

it's been shown to you that the premise of your "if" is wrong.

If the guys password was "GARY" then they only needed to unlock the iPhone and enter the password "GARY". See the problem? They can't unlock the iPhone, so they can't enter the password.

 

[satcomer]

Let them spy who cares? I have nothing to hide.

So you want a back door to the goverment and then everyone else to your cell phone ( listen to microphone anytime, etc)? Man talk about ignorant!

 

[gnasher729]

by the way… Does iPhone 5se mean "Security enclave" ?
I hope so….

The security enclave is present and used on the iPhone 5s. Not on the iPhone 5c of this case.
[doublepost=1455969711][/doublepost]

Let them spy who cares? I have nothing to hide.

Here's an example what you have to hide, as an absolutely law abiding and totally innocent person: You want to buy a new car. The car dealer sells cars for a major car company who has employed let's call them data specialists who have searched your phone and found out when you told your wife or husband how much you would be willing to pay for that car. With that information, the car dealer manages to extract the maximum amount of money from your wallet. My phone on the other hand was secured which allowed me to buy the same car for $2,000 less.

 

[nicho]

Wow. I wouldn't want to be the San Bernardino county official who changed the AppleID password of a man who killed (was it 14? ) people. That could be a charge for destruction of evidence. And it would be common sense that you don't touch anything. Did that official also clean the perpetrators desk and throw away anything inside?

We don't know the full facts but this *could*, I suppose, be how the FBI accessed the existing backups in iCloud before consulting Apple over the device - for all the people bashing Apple over unlocking iCloud backups, which they have done in the past in response to court orders, we don't even know (unless I missed something) that this was the case here. To an FBI agent who hadn't thought it through fully, it may have seemed like the owner changing the password and granting access to the iCloud account was an easy ride compared to going through the full legal process of getting court orders etc compelling apple to assist.

Of course, in hindsight that was a ridiculous decision and the best they could have hoped for was a backup from that morning, ie not the current contents of the device.

 

[Shanghaichica]

Not in the UK they don't. Yet.

Not gun related crime but a lot of people die from cancer and alcohol related conditions

 

[gnasher729]

Indeed, and if true I am disappointed in Apple.

And this must surely harm Apple's case: they're happy to decrypt a user's backup for the government, but not to facilitate the bypassing of a passcode? While these are technically very different, the principle is the same.

The difference is that your iCloud backup is under Apple's control, and Apple can make sure that no hackers can access it. Whereas your phone is in your hands, and once it is stolen it is completely under the control of the thief. So there is more security needed to protect data that isn't in Apple's hands, but in the hands of the attacker.

The point isn't whether Apple can read the data or not. The point is that iCloud data is safe enough even though Apple can read it. But data on your phone is only safe enough if nobody can read it. If Apple could read it there would be the danger that this method spreads to criminals.

 

[macfacts]

You're quite simple minded here.
If someone have that hack/backdoor, who knows that they'll do. Think along the lines of: how they can inject data to your phone, and those data contains some criminal activity evidence that the hackers commit, but using you as a scapegoat.
Many possibilities here if you think about it. So YES, you would want your privacy and phone secured.

The backdoor that the FBI wants will be digitally signed by Apple to only work on the one specific iphone5c. The same kind of digital signiture that happens when you buy an app and only works for your account.

I haven't seen hackers break the digital signiture in apps so they can be installed on non jailbroken iphones.

Everyone worrying about the sky falling has not shown how having one iPhone backdoored will lead to all iphones being an open book. How exactly do you hack the digital signiture so the FBiOS works on all iphones.

Digital signatures have been in use on computers by many normal people since 1991 with PGP. How is it now people are scared the FBI can get the FBiOS and modify it so it works on all iphones and some how digitally sign it with Apple's key.

 

[nicho]

The backdoor that the FBI wants will be digitally signed by Apple to only work on the one specific iphone5c. The same kind of digital signiture that happens when you buy an app and only works for your account.

I haven't seen hackers break the digital signiture in apps so they can be installed on non jailbroken iphones.

Everyone worrying about the sky falling has not shown how having one iPhone backdoored will lead to all iphones being an open book. How exactly do you hack the digital signiture so the FBiOS works on all iphones.

Digital signatures have been in use on computers by many normal people since 1991 with PGP. How is it now people are scared the FBI can get the FBiOS and modify it so it works on all iphones and some how digitally sign it with Apple's key.

How do you not see if a court order forces Apple to break into this iPhone 5C, it also provides both a precedent and a proof of concept that could be applied to any phone Apple has ever sold or currently sells...

 

[gnasher729]

But, logging into a well known WIFI is to prevent spoofing of the Apple side so the device thinks it is communicating with Apple when it is not. That would be one hell of Man in the middle attack. But, I think it's really only practical if you already know the key and want to monitor traffic.
Don't think you could get the password that way; so, I don't believe you can really spoof Apple unless you have the resource of China or big government (in that case, they'll just bug your house and put cameras in there, simpler .

Let's say I take my iPhone to the nearest shopping centre with lots of WiFi networks everywhere. There are protected networks and unprotected networks. Protected networks need a passcode (you ask the shop owner or they might even have a sign up), which doesn't work with a locked phone because you can't enter the passcode. Unprotected networks are unsafe, so even though a locked iPhone _could_ connect to that network and backup, it won't because the network is unprotected. With a known network the iPhone knows the network password.

 

[samcraig]

Are you seriously missing the point of the whole argument?????????
The difference is how you get that info, the first method is a backup that anyone could do, the second undermines the security of every iPhone on the planet with a backdoor. Not helping is not what it's about.

I fully understand the long term ask. My questions refer only to this one specific case

 

[gnasher729]

Ok if the county changed the Apple ID password (I'm assuming via appleid.apple.com) doesn't the password still have to be changed on the device in settings > iCloud?

In the normal use case: I have a Mac and an iPad and an iPhone. I use the Mac to change my AppleID password. Yes, in that case I can't use iCloud on the iPad or iPhone until I change it in "Settings" on that device. So if you have stolen my iPhone and it is locked, that iPhone won't be able to access iCloud anymore.

 

[scapegoat81]

Is Tim warning us that we should change our Apple passwords if our phones get into the police's hands? Seems like a warning to me.

Good luck Feds...

 

[ToroidalZeus]

when Steve Jobs was alive this wasn't an issue. Not if the guy in question had a laptop that he had ever done a backup or a sync to. Because prior to iOS 8 which released in 2014, almost 3 full years after Steve died, any iPhone that had connected to a computer would reconnect automatically to that same computer and do a backup without having to unlock the passcode. That was a feature that was changed under Tim's regime. We have no way of knowing, since Steve was very very dead by the time of that change, if he would have mandated it or left that item as it was.

Apple only joined the NSA PRISM program after Steve Jobs died. You can take what you want from that but I believe it was because of SJ. I also think part of the reason Apple has added more security to the iPhone is because of govt spying so I think SJ would approve.

 

[Chupa Chupa]

Made me wonder what if Tim was not the CEO, since a lot of people asking him to step down.

Okey, what if Steve was here, what Steve could do?

Impossible to say what an unknown CEO would do. I appreciate what TC is doing in this situation, but it has zero bearing on my impression of his job performance as CEO. He has not really moved Apple forward. And I don't think a car is the answer.

I'm pretty sure Jobs would have told the gov't to take a trip to Mars same as he told music executives when they wanted Apple s/w to inhibit customers from ripping CDs on Macs.

And Trump would have lost all credibility with his wanting everyone to boycott Apple because they aren't complying with the FBI.

Nonsense. Trump supporters are visceral, not intellectual. It's why they support him regardless of his many inconsistent positions and vague ideas. OTOH those opposed to Trump have never found him to be a credible candidate precisely because the only thing he does is tell tall tales and fantasies.

 

[whsbuss]

Instead of Apple giving the FBI new backdoor code why doesn't the FBI give the phone to Apple and let Apple do what it can to get the data, if they can. This way, whatever is created is done by Apple and can be destroyed. The only issue I see with any compliance from Apple is that as soon as they submit, they will be served with thousands of court orders to do the same to other devices.

Because the chain of custody would be lost and any evidence found would be nullified in court.

 

[cwt1nospam]

If you'd like to stand with Apple's stance on privacy, there is a White House petition at https://petitions.whitehouse.gov/petition/apple-privacy-petition

Quoted for emphasis.

I'd sign it, but I'm afraid they'd violate my privacy.

Sign it. Your email is insecure anyway, since it's sent in clear text. That's why Google is able to read it and send you ads based on what it thinks you might be interested in. They're also able to report information on you to whomever will pay for it. No wonder their "support" for Apple on this is so tepid.

 

[gnasher729]

Sure. So the difference is in one case, what the FBI is proposing is to force Apple to make iOS less secure than what they feel they've worked very hard on vs handing over data that is in iCloud that isn't encrypted and does not require Apple to weaken its encryption methods. I suppose after this, at WWDC, Apple will announce that iOS 10 will create encrypted backups on iCloud.

There is a lot of confusion here what is protected and what is supposed to be protected.

If the police has a valid search warrant to search your phone then they have the right to search your phone. If they have a valid search warrant to read your iCloud data then they have the right to read your iCloud data. In this case, they have a warrant; nobody would expect they might have not got a warrant because this is a multiple murder case, and on top of that the actual owner of the phone gave permission to the search.

Now Apple is an unrelated third party. If they have information in their possession then they have to deliver that. That's the case with the iCloud information. Apple has the information, they can deliver it, there is a search warrant, so they deliver the data. But with the iPhone, Apple hasn't any of that information in its possession. Apple says "we sold this phone, it has nothing to do with us".

Apple isn't trying to keep data away from the government. Apple is trying to keep it's customers' data safe. There's customer data in your iCloud backup. Apple says this customer is safe enough because Apple keeps it's servers safe from access by hackers, and because all the data on these servers is encrypted while stored. With a key known to Apple. Because Apple isn't going to steal your data. It's not safe from a search warrant, but it's not a requirement that it is safe against a search warrant.

There is data on your phone, protected by your passcode. Here, Apple says that the passcode is only safe enough if _nobody_ including Apple can get past it. That's because Apple can keep it's servers safe from access by hackers, but they can't keep your phone safe. Any pickpocket can get your phone. Apple can't prevent that. And Apple says if a hacker has your phone in his hands, and if there _is a way_ to get in, even if it is a way that should be open and known only to Apple, then that kind of information tends to get out. If today only Apple can get in, then eventually some hacker will be able to get in. That's why Apple absolutely refuses to create a way to get in. It's too risky. If Apple can break into your phone today, then Apple is afraid that hackers might be able to do so tomorrow.

The fact that this makes a search warrant useless is an unwanted and unfortunate side effect. In this case, the perpetrator has physically destroyed a hard drive and two phones. That's three search warrants that are useless. The perpetrator could have destroyed the iPhone as well. Just because the FBI has a search warrant doesn't mean they get results.

Hold up! So there is a way access data in the iPhone? **** that ****. Fix that bug Apple. I pay a lot of money for these reasons. Steve Jobs would never allow this to happen.

See, that's where you are wrong. Apple works very, very hard to protect you from hackers and criminals. Including from hackers working for governments. Apple doesn't intentionally try to protect you from legal search warrants. It's just an unintended side effect that making your passcode safe enough to protect you from hackers makes it safe against search warrants as well. Your iCloud backup is absolutely safe from any hackers (as long as your password is safe enough) and that is all that Apple tries to achieve. It's not safe from a search warrant. That's not a bug. Being safe from search warrants is just not a requirement.

[doublepost=1455974664][/doublepost]

Maybe I'm confused - and I probably am having read it quickly. But if Apple could have helped them before the password change but won't after - really - what's the difference. Not that I'm saying that Apple should help the FBI. But how genuine is their statement? You're either going to break into someone's phone or not. What difference does it make if the password has been changed?

You have your iPhone at home. It is locked. Even though it is locked, it detects your WiFi network at home and it knows the password for the network. It connects to iCloud, which it can do because it knows your iCloud password. And then it backs up to iCloud even though your iPhone is locked. If you change your iCloud password that doesn't work automatically anymore, because your phone doesn't know the correct password anymore. Of course you can and will unlock your phone, change the iCloud password on the phone, and backups work again. But the FBI cannot unlock the iPhone.

So Apple can read your backups (when the FBI shows them a search warrant) without any need to break into your phone. And they told the FBI a way to get the data from the iPhone without breaking into the phone. And because some idiot changed the iCloud password, that method doesn't work anymore.

 

[cwt1nospam]

They only want that phones info, get it for them. what is more important privacy or life ?

That's not possible. If they develop a way to get that data, then China and Russia (for starters) will demand they do the same for them. It will only be a matter of time before dictators throughout the world demand the same, and from there it's a small step to criminal organizations get a hold of the hack.

The worst part is the precedent this would set. It would mean that NO encryption could ever be secure. How would you like to do you banking in clear text?

 

[whsbuss]

Quoted for emphasis.

Sign it. Your email is insecure anyway, since it's sent in clear text. That's why Google is able to read it and send you ads based on what it thinks you might be interested in. They're also able to report information on you to whomever will pay for it. No wonder their "support" for Apple on this is so tepid.

Which is why I have an email cert and use s/mime

 

[MrAverigeUser]

One important thing to add to my previous comment:

If you plan on voting for ANY of the Republican clowns, you are signing the death warrant to your ability to keep your personal data secured, your ability to access unaltered factual information on the Internet, any chance for financial or global stability, and any chance for future for continued US superiority. Right-wing lunacy must end before the USA can begin to recover to it's pre-Bush greatness. A few of the most absurd "conservative" beliefs that must be corrected are:

* that blind faith in an imaginary God is acceptable an not treated as a mental disease
* that religion or conservatism is in any way correlated with "morality"
* that current Republican candidates in any way represent typical conservative voters needs in life
* that current Republican candidates in any way represent anyone that isn't making a 7-figure salary
* that war or walls are the answer to any anyone not like us
* that caring for our less fortunate citizens is a bad thing
* that educating our citizens is not important to our future
* that corporations are people and should be able to buy our political system and votes
* that modern, global, Capitalism in any way benefits consumers or US interests
* that raping our Constitutional privacy protections will protect us from terrorism

If you believe in these things, then you are ignorant.

This posting is just excellent.

 

[jimbobb24]

And Trump would have lost all credibility with his wanting everyone to boycott Apple because they aren't complying with the FBI.



And the Rent is still Too Damn High.

BL.

The funniest part is Trump would have lost credibility. You can not lose something you don't have. Both sides have the absolutely worst candidates. The worst.