Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
The USA authoritarian dictators, FBI, CIA, Industrial Complex et al, should be making radical efforts to limit the access of lethal weapons in the hands of citizens.
More than 1 million American public citizens have been killed by guns since John Lennon was murdered in 1980' that's huge number, which is more than the amount of USA millitary personel killed in all the wars in American history.
How about the think tanks learn to develop passive societies so that laws such as "the right to protect ones self" isn't required. That law makes as much sense as the law, "right to poison myself with tobacco" or "the right to be poisoned by greedy corporations and governments by fossil fuels". After all economy, and profit are supposed to come after the health of humans and the planet so they tell us.
Tim Cook is probably taking advantage of this situation to try and repair the damage done after the acusations made in the past where Apple was said to have been helping FBI, CIA when Snowden mentioned Prism spying.
More than 1 million American public citizens have been killed by guns since John Lennon was murdered in 1980' that's huge number, which is more than the amount of USA millitary personel killed in all the wars in American history.
How about the think tanks learn to develop passive societies so that laws such as "the right to protect ones self" isn't required. That law makes as much sense as the law, "right to poison myself with tobacco" or "the right to be poisoned by greedy corporations and governments by fossil fuels". After all economy, and profit are supposed to come after the health of humans and the planet so they tell us.
Tim Cook is probably taking advantage of this situation to try and repair the damage done after the acusations made in the past where Apple was said to have been helping FBI, CIA when Snowden mentioned Prism spying.
So the govt who had the phone in its possession when the passcode was changed had the county employee change said passcode knowing that it would lock out the phone from downloading the last month in a halfs unsaved data to the cloud. SO that excuse compels them to go to the judge and force apple to build a backdoor. How convenient. IF they didnt change the passcode that data would have been uploaded to the cloud and the govt could have retrieved it from the cloud. They did not want the information that way because it wouldnt have compelled the judge to give it a court order forcing apple to open up a backdoor for the govt, hackers and thieves. Unbelievable
No.
Even if the password is not changed, iCloud backup can ask for verification of the password at random times and will not resume until it is done on the device.
But they have no access to the device.
Sniffing Wi-Fi is essentially useless in 2016. Nobody sends data over the wire unencrypted beyond simple web browsing, and even a lot of ordinary websites have moved to HTTPS. Nothing related to iCloud is ever sent without encryption. Even the iCloud.com website uses HTTPS.
And the transport layer's encryption or lack thereof is irrelevant if the data is being sent in encrypted form over that transport layer. Encrypted is encrypted is encrypted. The only meaningful difference is that a different layer of software does the encryption on one side and the decryption on the other side.
The only thing you get from a typical iPhone when sniffing Wi-Fi is:
- Ad traffic (often telling you what apps are running)
- Basic web browsing of HTTP-based sites
- App downloads (not the authentication, just the transfer of the actual app binary, and not for all apps)
- Software update downloads
Wouldn't he be prompted to pay for more space or *turn it off* - the latter of which would stop the annoying notifications and therefore mean an increase in space wouldn't resume the backups.
so they can already get everything from the cloud thru backups? so what is the point? what do they expect to really find everything these days passes thru the cloud unless you manually disable. maybe imessage? is that end-to-end secure?
No, there is likely nothing of value on this phone. And the FBI hasn't even suggested that there is. They've only left it to the imagination of the public that there must be highly-critical data here and Apple's putting us all at risk by not granting them access. Given that these suspects acted alone and with no actual ties to a terrorist organization, it's not like they're going to find the master plans of ISIS for the next 10 years, along with all of their secret base locations in Syria, but the FBI would love for us to believe that. They're making a big stink about this phone specifically because it's a high-profile case and they realize it's the best chance at getting the public, the politicians and the courts on their side.
As I've said before - there is certainly nothing so valuble on this phone that it's worth putting hundreds of millions of other user's identities and personal data at risk. We're talking about compromising a billion devices, should the tools exist in the world to do what the FBI has asked.
Folks, just read the FBI filing. It is explained in footnote 7 on page 18. The FBI discussed several options with Apple how to access the information on the device. One of them was to connect the phone to a known Wifi network in an attempt to let it run an automatic backup (which would obviously only have worked if iCloud backup was activated on the device). Quote:
"The four suggestions that Apple and the FBI discussed (and their deficiencies) were:
[...]
(3) to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup);
[...]"
The owner is Farook's employer.
Just set the date to January 1, 1970 and call it a day. Case Closed.
confused how would apple get it if icloud backup is manually disabled on the phone?
Agreed. IMO, Apple should provide enough backup storage with iCloud to back up a user's entire device. Given that Apple charges $100 for what amounts to about ten dollars worth of additional flash storage, they can afford it. And it might save them from silliness like this in the future....
How is Obama going to escape from this mess? Is someone going to accidentally destroy the phone?
Turning off iCloud backup doesn't delete the data backed up already. It should probably be thought of more as a permanent pause.
I don’t know how iOS would respond. However, Apple is reasonably competent about basic security measures and I am pretty sure that Apple has not saved the password in a retrievable state. Passwords are nowadays stored as ‘salted’ hashes, if not better, and the verification happens by comparing those hashes. Even if they are lucky and found the old password somewhere, e.g. personal files, then there is still no guarantee that the Apple ID would create the exact same hash again (e.g. if the Apple ID generates new ‘salt’ as well when the password is changed) or that the iPhone would ignore the password change notice.
I've personally seen people ignore those warnings about iCloud storage being full and backups haven't happened in X number of days for literally months. The reason I'm lead to believe this is the most likely cause of the backups stopping is because apple suggested connecting to a known network to activiate an icloud backup. The only reason they would have thought that to work is if they checked the account, saw that the storage was full, then upped the available storage.
More info from Apple. This is an all out PR war now.
http://techcrunch.com/2016/02/19/ap...lso-vulnerable-to-back-door-requested-by-fbi/
http://techcrunch.com/2016/02/19/ap...lso-vulnerable-to-back-door-requested-by-fbi/
They wouldn't. But it is unknown if backup is disabled or not. It was just one of several things Apple suggested to try.
The FBI should employ some more technically minded people. Don't they contradict themselves in point 3? They say the auto backup wouldn't work because they didn't know the iCloud account password but the point is thy didn't need to. Only what you put in bold is relevant.
Hence, why I said if the connection to iCloud goes over plain text (read: protocol like HTTP). If it doesn't, then obviously that isn't going to work. But my point is that sniffing the hotspot would have been the best place for the FBI to find the data they're looking for, because it is the router that they are wanting to look at, not the WiFi connection. Sniff the routing layer, and they could have what they were looking for.
Too late for that, as they changed the password (allegedly).
BL.
Apple can't see our passwords but they must know that they have been changed. By the time Apple and the fbi were discussing it they'd have known it wouldn't work anyway for this reason.
Of course the iCloud password is not sent in plain text. The Apple engineers aren't completely stupid.
My interpretation is that they would have changed the password back to Farook's original password, so the phone could authenticate and do the auto-backup. But since they never had the original password, that wasn't possible.