Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
We always hear Android market share is higher than Apple's - yet they are completely absent from this discussion. The only conclusion can be: ANDROID already HAS A BACKDOOR !
It does. Android is a security nightmare. As with Windows, I would never put anything on Android that I didn't want to be public.
 
  • Like
Reactions: satcomer
If you knew the old password, you could. But obviously they didn't know the old password. If they had known the old password, there would have been no need to change it.

Basically all sites where you have a password allow you to do a password reset, where you can enter a new password. The site doesn't know your password. iCloud doesn't know your password. Actually, any site that _knows_ your password is considered criminally insecure.

Usually you click on a button somewhere, and the server sends an email to your email address, and you click on a link on that email and change your password. They had access to the guys email, so they were able to change the password without knowing it. That's the most common reason why people change their passwords, because they forgot the old one.

You explained a perfectly valid standard process. But if Apple really want to help there are workarounds to let their credential management/sign-on system to allow this one account.

Helping government at this point will not help already slumped iPhone (or) tanked iPad sales, so it is trying to be torch bearer of privacy. As soon as sales picks up ie., fans buy millions more of iPhone 7 (which will be advertised as even more secure) phones, older devices will become less secure.

Apple always been poor in credential management. iOS implementation of id management is a joke.

Just try to restrict a toddler from playing "Iris (Hold Me Close)" with inappropriate banner art or any R rated FREE music, you would know.
 
The more I read, the more I'm concerned. I will use myself as an example. I use 1Password, and use 32 character passwords, random, alpha-numeric, special characters, etc. The whole nine. I have a 32 character passphrase to open 1Password, as well as for my Mac. So my Mac and 1Password are locked down, and those are the only two passwords I have in my head. They are written down nowhere else.

Now, let's say the FBI knows my Apple ID (email), which would be probably not to hard to find out. If the FBI can get a court order to make Apple give up my account, essentially reset the password to allow FBI into my iCloud account and see my email, they can essentially request a password change on any of my online accounts, and change the password to whatever they want, and simply get in that way. This renders 1Password useless as a password manager to deal with the government.

Is our Apple ID data (iCloud/email/etc.) encrypted WHILE Apple doesn't have any keys (like they don't save for the iPhone)??? If our Apple ID data is encrypted and Apple doesn't save any keys to decrypt that data without our password, the above doesn't mean a thing. But if Apple can simply "reset" our Apple ID password for the FBI, and the FBI can log in and simply go to every website they want to and request a password change, that would be bad.

Apple's systems are designed to keep your data safe from hackers. They are not intended to protect you from legal search warrants. If the FBI has a search warrant, and Apple can access the data, the FBI will get the data. And Apple _can_ access your iCloud data (but they don't, and it would be probably illegal if they did, except when they have a search warrant). Apple _cannot_ access your iPhone.

You are worried that the FBI could, with a legal search warrant, access your data. But that's the idea. They are supposed to access your data if they have a legal search warrant, and everyone is supposed to help them if they have access to that data.

Now if they don't have a legal search warrant... They might have an illegal search warrant. If they can make a judge sign a search warrant against you illegally, they can also come to your home and beat you up until you give up your passwords. In the case of a man killing 14 people, they surely can get a legal search warrant.
 
Made me wonder what if Tim was not the CEO, since a lot of people asking him to step down.

Okey, what if Steve was here, what Steve could do?

Pretty sure Steve's stance on customer privacy was similar to Tim's. So he'd do the same thing, except he'd call the FBI guys "a bunch of bozos." :D
 
Now, let's say the FBI knows my Apple ID (email), which would be probably not to hard to find out. If the FBI can get a court order to make Apple give up my account, essentially reset the password to allow FBI into my iCloud account and see my email, they can essentially request a password change on any of my online accounts, and change the password to whatever they want, and simply get in that way.
They can also simply go to the providers of these online accounts with warrant and demand access to your data.
This renders 1Password useless as a password manager to deal with the government.
If you think you need to protect against government access, you need to use only services that encrypt the data in a way that they themselves don't have access (e.g. like Spideroak or Sync.com), or encrypt everything yourself before uploading it anywhere. However, in practice this is difficult to do for most types of services and also limits many features.
Is our Apple ID data (iCloud/email/etc.) encrypted WHILE Apple doesn't have any keys (like they don't save for the iPhone)??? If our Apple ID data is encrypted and Apple doesn't save any keys to decrypt that data without our password, the above doesn't mean a thing.
Apple does have the keys for most data on iCloud (with the exception of iCloud Keychain). Also, email is currently designed in a way that the provider has to have the ability to read incoming and outgoing email (i.e. there is no true end-to-end encryption unless you yourself encrypt the email before sending it). Secure email services such as ProtonMail and Tutanota are trying to change that, but even they have an encryption gap when receiving/sending mail from/to standard mail accounts.
 
Last edited:
This is the people/Tech Companies/Tim Cook vs the goons who call themselves our government. Stand fast on the tiller Mr. Cook, treacherous seas ahead!!!

Actually this whole thing is a good "shill test" of our congress and senate. Note carefully who votes for Big Brother and VOTE THEM OUT!!!

So on one hand we have Trump who is claiming to boycott Apple and on the other we have Hillary who says she'll force back doors into everything.

Choice. It's a good thing? o_O
 
FBI should give it up to some 14 year old genius hackers and they will break in to the 5C iPhone within a weeks time! Remember they have to do school work too! Why fight with Apple when you can just have it broken into by expert hackers that do it for the sake of fun and at no cost to the government? FBI needs to think outside of the box here!
 
"The Federal Bureau of Investigation has significant autonomy in carrying out intelligence and law enforcement activities. The FBI is part of the U.S. Department of Justice, which is under the authority of the federal Executive Branch. Agents that work in the FBI report directly to the agency's director. The director is appointed by the president and confirmed by the U.S. Senate."

http://work.chron.com/branch-fbi-agents-part-of-27312.html

and who is the US Attorney who printed the writ for the FBI and what was her previous position?
Lots and lots of tentacles in this pond....
[doublepost=1456076594][/doublepost]
Yeah, heck of a thing to hang some precedent-seeking court case on if you ask me (which of course the FBI did not).

Who thinks it will be the only one? If the FBI wins this I am waiting the second writ with an "oh... by the way on that device we need ..." ;)
[doublepost=1456076791][/doublepost]
Just read that. So it was done at the request of the FBI. Now that we have a real name and such I think we can believe it. Kind of wondered if someone had spoofed the twitter post.
[doublepost=1456039026][/doublepost]OK now this LA Times report just published a few minutes ago after the Washington Post story of the resetting of the iCloud password seems to provide even more conflicting info like the timeframe involved. Very hard to follow the events. So Apple actually sent some one down there help out too.

http://www.latimes.com/local/lanow/la-me-ln-fbi--terror-suspect-s-iphone-20160220-story.html

One of the biggest problems you run into with these types of agencies is the "one up". I could really see Apple offering and the FBI (or others) in an attempt to do it quicker - faster doesn't wait and just jumps in. Then again maybe they were afraid that someone else had the iCloud password and wanted to preclude access. It's a clusterf*** anyway you look at it.
[doublepost=1456077083][/doublepost]
FBI should give it up to some 14 year old genius hackers and they will break in to the 5C iPhone within a weeks time! Remember they have to do school work too! Why fight with Apple when you can just have it broken into by expert hackers that do it for the sake of fun and at no cost to the government? FBI needs to think outside of the box here!

Because then the FBI, if it wins can come back with Writ Part Deux.
 
So on one hand we have Trump who is claiming to boycott Apple and on the other we have Hillary who says she'll force back doors into everything.

Choice. It's a good thing? o_O


I'm neither a fan of Trump nor organized boycotts but if I had my druthers I prefer a candidate with a market based approach vs. a dystopian World State rules mindset. The irony with Hillary is that many of the people supporting her also loved to scream that G.W. Bush's used terrorism as pretext for increased government surveillance and weakening of U.S. citizen's autonomy. Somehow it's different when the person advocating for increased government ability to pry into personal secured information has a D by their name?

(BTW Bill Clinton was the first U.S. president to advocate for a backdoor when he promoted the Clipper chip be installed in every electronic device. Of course device makers, EPP, and EPIC, objected strenuously and the project died on its own merit. But you don't hear about his involvement in that.)
 
So on one hand we have Trump who is claiming to boycott Apple and on the other we have Hillary who says she'll force back doors into everything.

Choice. It's a good thing? o_O

There's always "vote with your feet"... if one can first identify a country apparently more to one's liking, and then qualify for legal residence there. Unfortunately both those hurdles are not insubstantial.

Lucky for us the primaries aren't over yet. We can still imagine more palatable choices in the general election? (revolutions on convention floors as establishments in both parties attempt brokered solutions... get the popcorn) :D
 
  • Like
Reactions: dk001
FBI should give it up to some 14 year old genius hackers and they will break in to the 5C iPhone within a weeks time! Remember they have to do school work too! Why fight with Apple when you can just have it broken into by expert hackers that do it for the sake of fun and at no cost to the government? FBI needs to think outside of the box here!
Occasionally a 14-year-old genius hacker manages to break through some sophisticated security system. But there are thousands of hackers (some 14, some not) who are trying. Most of them will not be successful. Without a time machine to tell the FBI which 14-year-old hacker to employ, how will they know which one to choose?

Remember that the iPhone's security is booby-trapped. If the 14-year-old genius hacker metaphorically cuts the blue wire when she should be cutting the red wire, the phone's internal key self-destructs, making it orders of magnitude more difficult to get at the data.
 
You are worried that the FBI could, with a legal search warrant, access your data. But that's the idea. They are supposed to access your data if they have a legal search warrant, and everyone is supposed to help them if they have access to that data.

Even with a search warrant, they can have my data, but it will be encrypted. I was just wondering if Apple *can* remove their own encryption for email, or any files I host with them on iCloud (which I don't). I use Dropbox but don't encrypt normal stuff, but I have encrypted folders on my computer with personal information, which I upload as encrypted to Dropbox. So even if the FBI got a warrant for that stuff, it would be useless to them, as I would never give up my passphrase, and it's used only in one place, for my encrypted files. I've never used that password online, etc.

I'm more concerned about Apple and other companies basically turning off privacy "features" for anyone, not just when it involves the feds or authorities.

Not only do I use FileVault 2 encryption for my computer, but I have a single folder where my private/sensitive files go. Not that the FBI or anyone else probably wants that data, I feel better knowing nobody can ever get it. 95% of my computer I could care less about, but that 5%, I use encryption.
 
Even with a search warrant, they can have my data, but it will be encrypted. I was just wondering if Apple *can* remove their own encryption for email
Of course they can. Think about it: The only way to do what you want (i.e. transport and store emails encrypted so that even the email providers can't read them) would be to use true end-to-end encryption (i.e. the sending and receiving users encrypt/decrypt the mails themselves before entrusting them to the email provider). Otherwise the email providers have to be able to decrypt the mails in order to deliver the clear text to the receiver.

The problem with today's email is that there is currently no universally accepted infrastructure to exchange encryption keys between end users (public key infrastructure). While such systems do exist and are in limited use (S/MIME, PGP), the vast majority of email users are not participating.
 
How would the Apple ID password be changed without knowing the original password? I'm very confused.
 
How would the Apple ID password be changed without knowing the original password? I'm very confused.

The usual "Forgot My Password" triggers an email to your account containing a link which allows you to create a new password.

Etan
 
The usual "Forgot My Password" triggers an email to your account containing a link which allows you to create a new password.

Etan

Well, they couldn't use that method via the iPhone, as they can't get in the iPhone to see the email anyway. The only other way they "forget my password" would be if they had a computer the guy used and his email client had his email (that he uses to receive apple emails) setup. Then they could send/receive emails from that account. But this requires a computer logged into an account. If he was using FileVault and logged out, forget it.

But why did the FBI change the Apple ID password? That alone won't get them in the phone. Did they think that by changing the apple id password that would change the phone password? Being apple to login to iCloud.com will not let you see anything on your phone that is only on your phone.

Confused...
 
I wonder if they are looking for Hillary's emails this hard?
[doublepost=1456084128][/doublepost]Oh, and folks, ALWAYS LIE for your security questions. My first pet has been named Spot, Doug, Mikey, Parker, and many I forgot. (note: none of those names I'm currently using as a security answer). Telling the truth for your security questions is like giving the FBI your login credentials.
 
This is indeed a possible positive effect that the DOJ didn't take into account. After this case, everyday users will now better understand the protections that encryption provides to everyone, everyday. As a result, those intelligent American public and industry will demand that data is encrypted in transit and at rest in the cloud as well. Just like good cloud backup services allow the addition of a client-side key, Apple (and all providers) should do this for all Cloud data that is not already protected in this way.
I spoke too soon. The backups on iCloud ARE but Apple does have the key to decrypt them which is what they have done already to give the FBI some data so far. I think the fundamental difference is that with iCloud backups, Apple controls physical access to them whereas the actual device is held by the owner.
 
If you knew the old password, you could. But obviously they didn't know the old password. If they had known the old password, there would have been no need to change it.

Basically all sites where you have a password allow you to do a password reset, where you can enter a new password. The site doesn't know your password. iCloud doesn't know your password. Actually, any site that _knows_ your password is considered criminally insecure.

Usually you click on a button somewhere, and the server sends an email to your email address, and you click on a link on that email and change your password. They had access to the guys email, so they were able to change the password without knowing it. That's the most common reason why people change their passwords, because they forgot the old one.
Yes but even if they knew the old password it would still count as changing the password to the phone and that password would need to be entered on the phone which of course can't be done because they don't knew the pin.
 
I haven't kept up with this and confused (no surprise). If the county is the owner and changed the pw after the incident, why don't they have the pw now to grant the FBI access?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.