Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Naturally most people would read the article, discover that the password was, according to the FBI, changed by the department of health he worked for and, knowing they also issued him the phone, assume he didn't have a personal iCloud ID but a corporate one controlled by his employer?
Your information is otherwise good though.
The backup being encrypted has nothing to do with the connection to iCloud. If that transmission isn't encrypted, it is going over the wire in plain text format.
Prime example: Wireshark your own interface, and visit a site over HTTP, then again over HTTPS. You will see the difference with encryption being enabled, as well as the output of the packets being transmitted.
BL.
Apple seems to believe that iCloud backups are still turned on. If true, then the user had iCloud backup enabled and apparently made their last backup on 19 October. That does not mean that the function is disabled, it is possible that they were never in a trusted Wi-Fi network to make such a backup. After all, it only happens on Wi-Fi and while the device is not actively used. By changing the password, the device will now refuse to back up as it is notified of an account change. If the password were still the same, the iPhone might have started backing up again so that the FBI could retrieve that backup with the iCloud credentials.
Apple says that the iPhone would have started making another iCloud backup if connected to a known Wi-Fi network. When the password changes, all account access is denied until the user updates the password in the settings app.
Yes it does. It would be like writing the safe combination on the wall by the safe. That would be idiotic.
Yes, but as the phone is locked it would make that difficult. Hence the stalemate.
I find it strange that the FBI had access to the iCloud info. Access to all numbers called and received. All websites visited....Any non-iMessage texts sent and received. Access to the MDM info (work phone)
But still need apple to build a new OS to defeat security against brickforcing?!???
But still need apple to build a new OS to defeat security against brickforcing?!???
Look at the timeline. Last backup October 19. So all the data from then onwards. Does that make sense now?
Yes.
To say the coverage this is getting I am shocked that the petition is getting little support.
Come on America get signing!
Globally other customers have no say so we rely on you!
If all your states make there own little laws this will not matter as sooner or later a new iOS will be made without encryption.
Well yes, If this guy turned off iCloud backups then you would need access to the device. I'm confused as to why changing the password matters. What other reason would there be for not having backups after Oct 19 other than he turned it off in settings? And if it's turned off how do you turn it back on outside of the settings app on the device? is there a way to turn on device specific iCloud backups via the web?
You can send an encrypted file over HTTP. Just because the file is encrypted, doesn't mean that the transport layer is also encrypted. That's the point you are missing.
The attack vector in this case would not be the backup; it would be the transmission to the WiFi hotspot that the phone would connect to, and monitoring that hotspot for when it connects to iCloud. If that connection to iCloud is not over any secure channel, that transmission layer is in a clear text format, including the password being supplied. That could be sniffed at that hotspot.
BL.
I thought this was a good read, it provides another angle on this issue which is interesting.
They don't have access to the 6 weeks prior to the shooting.
Depending on how long it was being planned, what they have so far might be the equivalent of discovering how many poos bin laden had in the 70s.
Maybe the FBI changed the iCloud password to prevent any accomplishes to log in and erase those backups???
There are also ways to hack those backups ... We used to said that; If some one has access to your computer, in order to get the backup I guess you are done. But this case prove us wrongConclusion: Don't use Apple's iCloud backups! Backup only locally to an encrypted Mac
The point you are missing is that they already have the password.
And I've never heard of this type of attack being successful. How many iCloud users again? Pretty sure apples already thought of this and made sure it's more secure.
Ok but if he turned off iCloud backup in settings than what can be done outside of getting access to the device itself? What other reason would there be no backups after Oct 19?
They will have any phone numbers dialed and received up to the perp being killed via his cellular company. Ditto for any websites visited on cellular data.
Theyd already physically downloaded those backups with apples assistance.
They didn't change the password.
So, no.
I don't think you can "remotely" turn on iCloud backups. I thought if you changed the password on your iCloud then you had to input it again on your device. If the device wasn't on a known wifi network then it would not have prompted for the new password.
I don't know. There are holes here that I think my mind is trying to fill, unsuccessfully at that.
Ah I get it now. But how would Apple know what's a trusted wifi network? Via iCloud Keychain?
Skype, WeChat, line, whatsapp, viber etc can be used as a substitute for cellular calls. VPN might have prevented the other also.
Again, you miss the point. The point is that you don't go to the destination to get what you are looking for. You go to the intermediary: The WiFi hotspot. Sniff there to get what they were looking for, not the destination (iCloud).
Good tip for you. run a traceroute(1) from your machine to any destination. Note how many hops you go through to get to that destination. I'll bet you anything that the first hop is a router. That is where the attack vector would be. Sniff there for that packet, and unless it is going over VPN or any secure socket layer, the data contained within the packet would be in plain text format, or a hash that could be compared to to get the plain text variant of that hash (read: password).
That is all that the FBI would have needed to do without changing any password.
BL.