Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data

[ani4ani]

You've seemingly been reading too many "news" articles and not doing enough factual research.

Reading your signature I could accuse you of much the same.

Tell me what is factually wrong. At the start of this saga, Apple said it was impossible and they don't have the means, now they say they won't do something that cannot be done?

 

[LizKat]

Don't do illegal things and you won't be in court. Simple.

Yah. You know what? This is us telling the government exactly that.

 

[Arndroid]

I was thinking the exact same thing. The phone hasn't backed up in 6 weeks, why should it back up now? I'm torn between the right for privacy and my love for justice, this country and what it stands for. From my short time on this planet I learned that there's rarely a black/white situation. I'm sure apple and the fbi could find a middle ground that would keep us safe and bring any accomplices to justice, while keeping the average Joe's privacy intact. Now it's a different story with the media on the case

There absolutely is not a middle ground here.

Here are your choices:

1) Ruin security for every mobile device in the world that uses encryption.

2) Get access to a device, that probably has no relevant information on it, for a crime that has already been solved and the FBI is just fishing for information.

Doesn't seem like much of a choice to me. The FBI has many legal ways to investigate crimes. As noted the killers are dead. If the only way they can find links to others is on an encrypted device they can't crack that sucks but it is no justification for essentially removing the security that allows encryption to actually protect data on devices. There is no crime being cared about here. The DOJ/FBI hand picked this case for maximum sympathy value in their battle to cripple the use of encryption by us normal people. The government has been openly hostile about us being able to have encrypted data and devices for years now. They really want to outlaw encryption for non authorized (read government) users.

So while you are getting all teary eyed about a solved terrorist attack, the government is abusing your emotions to do something sinister. So what is your choice?

 

[Mystic386]

as i understand, they actually are asking apple to get the data off the phone... and they have suggested what they think is a reasonable method to do it. apple can't access the data through any method available at present.

the problem doesn't seem to be that the fbi want apple to give them this tool, but rather that once there's the proof of concept, apple will no longer be able to say "sorry, not possible" and pandora's box will be opened. all the hard work that they've spent on encryption since ios 8, gone.

From Macrumors article

https://www.macrumors.com/2016/02/17/cook-open-letter-backdoor-fbi-san-bernardino/

Tim Cook says...
"They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

Cook says that while the government is suggesting that bypassing a feature that disables an iPhone after a certain number of failed password attempts could only be used once and on one device, that suggestion is "simply not true." He says that once created, such a key could be used over and over again. "In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks -- from restaurants and banks to stores and homes,"

​

 

[gnasher729]

How were they able to change the pw without access to the phone?

It's not a phone password. It is your iCloud account password. I can change my iCloud account password from my Mac, from my iPad, and from my other phone.

 

[Mac 128]

If they changed his Apple ID the FBI could access the iCloud data, no problem except that there was a week missing. Apple proposed to use the autobackup feature when connected to a trusted wifi network but that didn't work because the password was changed by the company when he left.

Yes that's correct, but Apple stated they were surprised when connecting the phone to a known network that it did not automatically back up. That's when they discobpvered someone reset the password. Which tells me, Apple has a way to look at the phones iCloud settings to know it would auto backup when connected to a known network. Apple EXPECTED the phone to auto backup, but it didn't. Why would they expect that if they couldn't look at the phones settings to know whether it was enabled or not?

Apple can get into your Apple ID and iCloud account anytime they want, and have done so many times to mine when I've called for support help. And they've been able to do some fancy things while they're in there.

That's all I'm saying.

Getting into the actual phone is a different matter. Makes me a little more concerned about what of my data is on Apple servers right now ...

 

[gnasher729]

One question I have is, how much valuable information is even on this device? The guy destroyed his personal phone, and computer hard drives can't be found. Why would he not have destroyed this work phone too if it contained information about the crime, connections with terrorist organizations, etc.

What I read was that he destroyed one computer hard drive, and totally destroyed two phones. And yes, if I plotted some crime, and had a computer and two personal mobile phones, it would be very unlikely that there is any evidence on my work phone. It's a work phone. I might be forced to hand it to a colleague, and that would be trouble if there was any evidence on it. "Hey Gnasher, congratulations, we got you an iPhone 6 for your old 5c, and Joe will be taking your old phone. Just hand it over, no need to erase it, just write down the passcode". It would be stupid to risk that kind of situation.

PS. Someone posted the computer hard drive was removed and disappeared, not destroyed or at least not known to be destroyed.

 

[MacAddict1978]

Hold up! So there is a way access data in the iPhone? **** that ****. Fix that bug Apple. I pay a lot of money for these reasons. Steve Jobs would never allow this to happen.

Um, yes.... for you to access your OWN data as the device does back up to iCloud or a mac. You would still need your password to retrieve said data as it is ENCRYPTED. Say you replace your iPhone, where do you think that backup come from? The psychic friends network?

The issue is because they changed the password and the data they wanted was never backed up, the phone will no longer connect to old networks automatically again unless the phone is unlocked.

This doesn't mean that if they could recover that backup they could decrypt it. That would be a whole new can of worms.

This is also a bit different because the owner of the device isn't the user of the device. The owner is giving permission. Not that it helps because of the idiotic way they deployed the iPhones in the first place.
[doublepost=1455990224][/doublepost]

Yes that's correct, but Apple stated they were surprised when connecting the phone to a known network that it did not automatically back up. That's when they discobpvered someone reset the password. Which tells me, Apple has a way to look at the phones iCloud settings to know it would auto backup when connected to a known network. Apple EXPECTED the phone to auto backup, but it didn't. Why would they expect that if they couldn't look at the phones settings to know whether it was enabled or not?

Apple can get into your Apple ID and iCloud account anytime they want, and have done so many times to mine when I've called for support help. And they've been able to do some fancy things while they're in there.

That's all I'm saying.

Getting into the actual phone is a different matter. Makes me a little more concerned about what of my data is on Apple servers right now ...

Because it's set to do this by default. 98% of user NEVER change their default settings. Tech savvy nerds like myself and the bulk of people on these forums would also most likely want to back up our device because we know better. Do you know how many complaints there were when people lost data in the past when it had to be manually synced via cable to iTunes?

And.... accessing your Apple/iCloud account isn't the same as accessing your phone's data. Of course Apple can unlock and reset your user account. Once you verify your identity with them. This does not mean they can decrypt your stuff for you. That is all driven by software and hardware (as there is matching between the two also required).

EXPECTING doesn't mean they KNEW. IMHO, only a moron turns off backups of any device.

Except now, if you are criminal, only a moron doing illegal activity on the device wouldn't turn it off.

 

[Mac 128]

Because it's set to do this by default. 98% of user NEVER change their default settings. Tech savvy nerds like myself and the bulk of people on these forums would also most likely want to back up our device because we know better. Do you know how many complaints there were when people lost data in the past when it had to be manually synced via cable to iTunes?

And.... accessing your Apple/iCloud account isn't the same as accessing your phone's data. Of course Apple can unlock and reset your user account. Once you verify your identity with them. This does not mean they can decrypt your stuff for you. That is all driven by software and hardware (as there is matching between the two also required).

EXPECTING doesn't mean they KNEW. IMHO, only a moron turns off backups of any device.

Except now, if you are criminal, only a moron doing illegal activity on the device wouldn't turn it off.

Except you seem to be completely ignoring the fact that the phone STOPPED backing up the iCloud. Which means the automatic backup was turned off, or the wifi was turned off since the guy was obviously reporting to work which was a known wifi network. If wifi was turned on, then Apple shouldn't have been surprised that the phone didn't automatically back up, since it's likely that function was turned off, given the time span since its last backup. But in fact they stated they were surprised and went looking for the reason elsewhere.

And you're calling me a moron. I don't use iCloud to back up my device, I manually back it up to my iMac so it will be encrypted, so I turned it off. The data on iCloud is not encrypted in the same way. Apple has access to at least some of it, and the terms and conditions even require the user to acknowledge that Apple can remove anything they want from your iCloud account that violates their terms. Moreover, how was Apple going to give this "encrypted" backup to the FBI to view if they couldn't unlock it? And why would they say they routinely honor warrants for iCloud data if it's all encrypted?

 

[Arndroid]

How did you get the impression that any of this has anything to do with the President of the United States?

To be fair the DOJ and FBI are part of the executive branch.

What is clear to me is the FBI/DOJ doesn't care about Obama since he is a lame duck and clearly they are not the least bit concerned their power structure might be disrupted by the next president. I find this fact pretty scary.
[doublepost=1455991402][/doublepost]

Apple wanted the hovt to file its suit under seal so none of this would become public.

I assume it is because it did not want customers to know it could hand over iCloud backup data to the govt pursuant to a court order.

I bet many folks were under the impression that all info stored in iCloud was encrypted; I too thought that this was effected going on 2 years ago.

Apple better get cracking on encrypting the whole iCloud shebang before customers start to worry.

Lol no just no. Apple has openly disclaimed they provide iCloud data when served with legal warrants.
[doublepost=1455991758][/doublepost]

Here's one answer to my own question.

The Intercept claim that Apple decrypts iCloud backup data when ordered to:


That really sucks. I was under the impression the iCloud backups were useless even to Apple.

Not possible. It's the trade off for the convenience of iCloud. You could not restore your backup to a new device, for example, if Apple did not encrypt and decrypt it because device encryption is hardware based. It has to be done this way or one of the most useful parts of iCloud backups would be impossible.

I know the keychain is not stored openly in iCloud and I don't believe iMessages are either but I am not positive on the later.

 

[iOSFangirl6001]

So the FBI screwed up and Apple has to pay the price... Sigh.

There's many things in this case with regard to the iPhone/Apple portion messed up. I suspected the Feds were scapegoating and this pretty well confirms that.

Basically they'll throw anyone
( Apple, phone user, phone owner aka the county, phone manufacturer )

Or anything under the bus
( privacy, civil liberties, security)

Hold up! So there is a way access data in the iPhone? **** that ****. Fix that bug Apple. I pay a lot of money for these reasons. Steve Jobs would never allow this to happen.

It is in NO WAY A bug a proper password would STILL BE NEEDED in other words 2 things for the Feds to crack. Also it depends on the iTunes/iCloud settings one has ( a fact I'm astounded was NOT Mentioned in the article or page 1 comments )

A basic iPhone/iCloud iBackup would have minimal info now if the shooter full on had "advanced full encryption complete backup" enabled now that while requiring a potentially equally complex password as the phone itself would be the Feds wet-dream Coke true. A complete 100% copy of everything
the phone had on it.


Judging by the oversight on the Feds part I have to wonder if that was even considered and all the computers the shooter had access to were confiscated and thoroughly looked at by their tech team

Anyway I'm kind of going off on a tangent. Point is MacRumers your device/info is still pretty reasonably safe for now so calm your titties or direct that anger at the Feds whom would likely rather see less security vs more

Hold up!

No offense to you being new but I'm mods is the website failing? This thread is supposed to be limited to members with 100 or more posts? This guy "MacRumer" according to info gleaned from clicking on his bio is new with only 4 posts

 

[ctdonath]

The fbi blames the owner of the phone (the San Bernardino department of health) in the source article.

Then the FBI can ask the SB DoH what they changed the password to.
Problem solved.

 

[Matthew.H]

Then the FBI can ask the SB DoH what they changed the password to.
Problem solved.

That won't work because the fbi don't know the passcode for the phone itself. The password that was changed was for the iCloud account. If the iCloud password hadn't been changed the fbi may have been able to connect the phone to wi-fi to make an up to date backup. After the employer changed the password it has to be re-entered in iCloud settings on the phone for new backups to be performed.

 

[Arndroid]

actually Steve Jobs did allow it. All versions of iOS prior to iOS 8 had a coding in the system that would allow a computer to create a kind of permanent trusted connection. So long as the passcode hadn't reached the disabled/connect to iTunes screen, you could still do backups to that trusted computer even without inputing your passcode. That was created under Steve's watch. It was Tim Cook's regime that discovered that said coding created a potential hackable security risk and removed it. Which is why you have to manually trust the same computers over and over and unlock your passcode to do anything

Whether it is optional or not, the fact is both the iCloud backup and the iPhone are inaccessible to the FBI, but Apple was happy to bypass the backup but not the phone.

Apple has no ability to unlock the phone. They can unlock the iCloud backups because they have the key. These are fundamentally different.

 

[Rigby]

Not possible. It's the trade off for the convenience of iCloud. You could not restore your backup to a new device, for example, if Apple did not encrypt and decrypt it because device encryption is hardware based. It has to be done this way or one of the most useful parts of iCloud backups would be impossible.

It could be done if they wanted to. They could encrypt the encryption keys for the data with a key derived from a password provided by the user (either an extra backup password like the one that is used for encrypted iTunes backups, or simply the iCloud password which Apple doesn't know either) before uploading them to the cloud. It wouldn't surprise me if they were already working on implementing this.

 

[tkatz]

Except you seem to be completely ignoring the fact that the phone STOPPED backing up the iCloud. Which means the automatic backup was turned off, or the wifi was turned off since the guy was obviously reporting to work which was a known wifi network. If wifi was turned on, then Apple shouldn't have been surprised that the phone didn't automatically back up, since it's likely that function was turned off, given the time span since its last backup. But in fact they stated they were surprised and went looking for the reason elsewhere.

We don't actually know why it stopped backing up. Maybe the account ran out of space. It's possible that Apple knows if the phone would/should back up or not. Most likely when you toggle the icloud backup feature on and off it sets a flag on the account. They could see that the phone is configured to backup but just hasn't, due to any number of reasons. If the account ran out of space, Apple could simple add more then plug the phone in and let it back up.

He could have also removed his home network from the phone, and then maybe just plugged it in at night. If he didn't plug it in while at work, then it would never back up.

There's still a lot of information we don't have.

 

[Arndroid]

Well really that just furthers my point. Apple are happy to decrypt encrypted data, but not to facilitate a brute force attack.

I don't think they should be doing either. The iCloud backup is protected by encryption and the phone is protected by a password. If you are happy to decrypt someone's data without their consent, you should be happy to allow a brute force attack on their passcode, too.

Lol they comply with legal search warrants when it comes to iCloud data, nothing more nothing less. They are holding that data and case law is well established.

Apple doesn't own the phone in question nor do they have the ability to unlock it nor is there a law where the government gets to require a third party to open / unlock / lessen security on something owned by someone else.

This is why the FBI is trying to abuse the AWA here because there is no law or legal authority for what they are asking Apple to do. Apple is legally required to provide the iCloud data when served with a legal warrant.

If and when Apple is able to make iCloud encryption independent of Apple then they will no longer be capable of providing the iCloud data and that will end. Right now they are capable and legally required. If they can no longer access the data they will not be forced to provide it.

In this case Apple is not legally required to, nor are they capable of, providing the information on the device in question. You are comparing kiwi and watermelon.

 

[iOSFangirl6001]

They only want that phones info, get it for them. what is more important privacy or life ?

1: Another person with under 100 posts in a Political did MR Forget the so called "limited posting in Political/Social issues" threads?

That being said Phill ( and anyone like Phill ) see brad's on point post

Those who sacrifice Freedoms/liberties for safety/security deserve neither.

Of course, I paraphrase our 1st US Postmaster General and author of the Declaration of Independence.

BL.

 

[Arndroid]

It could be done if they wanted to. They could encrypt the encryption keys for the data with a key derived from a password provided by the user (either an extra backup password like the one that is used for encrypted iTunes backups, or simply the iCloud password which Apple doesn't know either) before uploading them to the cloud. It wouldn't surprise me if they were already working on implementing this.

Hopefully they are. It is just not possible with the current design of iCloud. I think functionality came first.

I would be very happy if Apple could do this. Although I think the management of a separate iCloud password for encryption might be a user interface issue in terms of feasibility.

 

[Mac 128]

We don't actually know why it stopped backing up. Maybe the account ran out of space. It's possible that Apple knows if the phone would/should back up or not. Most likely when you toggle the icloud backup feature on and off it sets a flag on the account. They could see that the phone is configured to backup but just hasn't, due to any number of reasons. If the account ran out of space, Apple could simple add more then plug the phone in and let it back up.

He could have also removed his home network from the phone, and then maybe just plugged it in at night. If he didn't plug it in while at work, then it would never back up.

There's still a lot of information we don't have.

Agreed. But, for all those points you make, my contention is Apple should not have been surprised the backup didn't work because of them. And that's what led them to investigate the only other possibility -- the password had been changed.

 

[tkatz]

Agreed. But, for all those points you make, my contention is Apple should not have been surprised the backup didn't work because of them. And that's what led them to investigate the only other possibility -- the password had been changed.

True. Though in both causes (out of icloud space, haven't plugged in at work) they could be surprised after resolving them (ie adding icloud storage to the account and bringing it to where he worked and plugging it in). If the account is flagged for icloud backups, he has enough space now, and its plugged in on his work network and its still not backing up, they could be surprised.

Of course, I find iCloud backups sometimes flakey. It will start asking for my password to do the backup and even though I enter it, it will ask again the next time. Eventually it just starts working again. So I'm not really surprised the backups stopped and didn't start back up ;-).

 

[Swift]

This whole thing is so odd. And man, the comments section on the other article went to the wackos quickly. What I don't understand is Apple tired to help them, which I am certain any company would do in a situation like this. You'd do your best, right? And do it quietly. Then some folks drag the whole thing into court, and I can only think of one reason to do this and it has nothing to do with this phone and THIS case. It's a chance for the goons whether in the Govt or working for one of the many industrial sized military companies that farm out intelligence to the highest bidder. to try and make a case that none of us deserve to ever have any secrets from anyone anytime. But I would think with just one minute of thought a rational person would realize that if you build in a backdoor - everyone who wants access will have access. So security is gone, done. What the hell digital equipment would a Govt. employee even use? Ugh. This entire conversation drained down to the lowest common denominator quickly.

Corporate or government phones are governed by the provisioning software. If they changed the passcode then, then what does that say? Do all of its users have the same passcode? Why not? It's not Inspector A's phone. But if that's true, then the passcode belongs to the San Bernadino Agency. Now, why would a terrorist keep any private information on the agency phone? He seems to have known what he was doing about the computer-- no hard drive, perhaps at the bottom of that reservoir, and lots of evidence that other things were deliberately destroyed as his certain death approached. Apple was complying with court orders involving data through the front door, and were on good legal grounds for doing so. They had access to the iCloud backups UP TO October 19. What changed was the FBI's passcode change. It's almost like they created the perfect case to take with a phone that looked more and more like a throwaway, because of the emotional appeal of the "child molesting terrorist white slaver's" phone.
[doublepost=1455994854][/doublepost]

Conclusion: Don't use Apple's iCloud backups! Backup only locally to an encrypted Mac

This was, in fact, a government phone. It should have been set up with provisioning software, similar to all the others, and not a place for private data. It would be updated when the county wanted it, and backed up on schedule to an iCloud account they wanted.

 

[Etan1000]

So the FBI screwed up and Apple has to pay the price... Sigh.

No the FBI did NOT change the password!
Someone at the County IT dept REMOTELY changed the password after the phone was already in possession of the FBI.
What we don't know is whether it was done maliciously or out of stupidity!

Etan

 

[MrXiro]

This reason alone is enough for Apple to say no. This is either gross incompetence on the FBI's part or a shady play.

I haven't read through these posts but any of you that think that Apple should allow this. Would you be OK if the company that makes the locks on the doors of your house/apt had a master key to open EVERY lock they made? If Apple allows this they set a precedence for the FBI and all other government agencies to "ask for" this back door access in the future. That includes China, Russia and any other country that iPhones are sold in. Are you OK with this?

In addition to this... this was Farook's work phone that was government issued (he was a government employee if you didn't know). He physically BURNED all his other phones... why would he leave this one intact? Cause he didn't have any terrorist plans on it. There is nothing of use on it and the FBI knows this. They only want it unlocked as a sly way to get into everyone else's phone.

 

[Mac2me]

Let them spy who cares? I have nothing to hide.

While the initial thought for most everyone would be I'm not doing anything illegal or illicit so who cares, if someone hacks your equipment, do you mind being watched through your device cameras, listened to through the speakers, look through your photos and maybe take a liking to your wife or kids and decide to stalk them or bully your kids online (remember they have access to your home computers and phones) and probably have already figured out where you live and have seen your calendar to know what your schedule is and where you will be, have your files and emails scoured for info to maybe impersonate you to steal money from others or commit other crimes that will seemingly point to you and you get to try to fix? From a work standpoint, maybe you work in a sensitive area and have had your personal information stolen. You find yourself or your family being blackmailed to obtain information or access. Maybe you've been hacked with ransomware. Happening more often and starting to hear about it in the news although people are reluctant to come forward. A hospital in California just came forward and admitted that after being shut down for like 10 days they ended up paying out to gain access to their computers again.

These are all kinds of things that have already been perpetrated on people. There's way more things to your online presence than what you like to buy or sites you visit. You definitely want to keep the doors closed and you should care.