Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data

Techcrunch:

"The Apple executive also noted that no other government in the world — including China — has ever asked it to perform the kind of iPhone cracking that the FBI is asking it to do. But, if it were to comply, those requests would surely not be far behind."

yup...can't wait for China to have access to Trump's iPhone backups

.
 
  • Like
Reactions: vmistery
Rigby said:
My interpretation is that they would have changed the password back to Farook's original password, so the phone could authenticate and do the auto-backup. But since they never had the original password, that wasn't possible.
Click to expand...

That wouldn't have worked if they did know it. Changing the password signs him out. Changing it back does nothing.
 
nicho said:
Turning off iCloud backup doesn't delete the data backed up already. It should probably be thought of more as a permanent pause.
Click to expand...
but didnt apple already release all the old backups already? its about the last 15 minutes they want. does apple hve a way to get you to backup even if you disable?
 
2010mini said:
And all those companies with turn over that data when asked.
Click to expand...

Not all of them require identifying information to sign up. Without access to the phone you might not know account names etc.
[doublepost=1455932357][/doublepost]
metsjetsfan said:
but didnt apple already release all the old backups already? its about the last 15 minutes they want. does apple hve a way to get you to backup even if you disable?
Click to expand...

What are you talking about?
 
bradl said:
Oh bloody hell.

Let's think like a criminal hacker for a moment.

If it were plainly that simple, it all boils down to if the iPhone connects to iCloud over any SSL connection.

If it does, that's a bigger issue that they can't work themselves really out of.

If it does not, all the FBI would have needed to do was use a packet sniffer (like Wireshark), sniff the packets at the WiFi router (hint: if not over SSL, VPN, or some other secure connection, data contained in the packets could be in plain text format), grab the password in question, and they would be done.

Now they've shot themselves in the foot here and are going to the well to get help for something that can't be done.

BL.
Click to expand...

There is never any password is in the clear; that would be beyond stupid.

But, logging into a well known WIFI is to prevent spoofing of the Apple side so the device thinks it is communicating with Apple when it is not. That would be one hell of Man in the middle attack. But, I think it's really only practical if you already know the key and want to monitor traffic.
Don't think you could get the password that way; so, I don't believe you can really spoof Apple unless you have the resource of China or big government (in that case, they'll just bug your house and put cameras in there, simpler :).
 
The media is making this even more confusing by using the world passcode when they mean password. This isn't the passcode to unlock the device it's the password associated with the Apple ID.
 
nicho said:
That wouldn't have worked if they did know it. Changing the password signs him out. Changing it back does nothing.
Click to expand...
Perhaps they made sure the device wasn't connected (e.g. by putting it in an RF shielding pouch) before they reset the password. In that case it would never have "known" about the password change, and Apple could presumably have changed the account password back (if they had known the original one) before attempting the auto-backup. But I'm just speculating. Perhaps the person who wrote the filing didn't fully understand the reason.
 
Keirasplace said:
There is never any password is in the clear; that would be beyond stupid.

But, logging into a well known WIFI is to prevent spoofing of the Apple side so the device thinks it is communicating with Apple when it is not. That would be one hell of Man in the middle attack. But, I think it's really only practical if you already know the key and want to monitor traffic.
Don't think you could get the password that way; so, I don't believe you can really spoof Apple unless you have the resource of China or big government (in that case, they'll just bug your house and put cameras in there, simpler :).
Click to expand...

My point is that you don't have to spoof the Apple side of things. Simply observe and capture. Capture the packets and inspect them for the data you are looking for. the password would be encrypted with some hash; find the hashing method (SHA1, RC4, MD5, etc.) that it may potentially be using, match the password hash string to the hash that was used, and you'd have the plain text variant of that hash (the password). That's what most password crackers do.

Again, all assuming that the communication between the phone and Apple is NOT going over any secure method.

BL.
 
nicho said:
Not all of them require identifying information to sign up. Without access to the phone you might not know account names etc.
[doublepost=1455932357][/doublepost]

What are you talking about?
Click to expand...
apple said they already gave them the backups they had in the cloud. the last 15 minutes before the attack is what the govt is most interested in because they have no idea what happened and cant peice that part together
 
I don't get it how did they change the password without knowing the password? Isn't this whole ordeal to access the phone??
 
So now one would be even more prone to side with Apple on this one. They screwed up all the other opportunities and now the only way to do it is what they are asking for which is not going to happen.

-Mike
[doublepost=1455934004][/doublepost]
Rogifan said:
If iCloud backup was turned off in settings how does Apple get that data?

According to Guardian reporter Danny Yardon Apple says no other country has asked it to do what the DOJ/FBI is seeking.
Click to expand...

Apparently it seems they were aware that iCloud backup was active because that's how the FBI got a hold of the older backups. Then they decided to screwed it up...

-Mike
 
metsjetsfan said:
apple said they already gave them the backups they had in the cloud. the last 15 minutes before the attack is what the govt is most interested in because they have no idea what happened and cant peice that part together
Click to expand...

Well, that wouldn't exist in a backup made 6 weeks previously, obviously.

They needed to make a new backup, or access the device, neither of which they can do.
 
rmbpuser said:
I don't get it how did they change the password without knowing the password? Isn't this whole ordeal to access the phone??
Click to expand...

I don't think they had to change any passwords. Likely the iCloud backups were occurring to a computer via WIFI and those backups were not encrypted.

-Mike
[doublepost=1455934162][/doublepost]
metsjetsfan said:
apple said they already gave them the backups they had in the cloud. the last 15 minutes before the attack is what the govt is most interested in because they have no idea what happened and cant peice that part together
Click to expand...

They picked their weapons and supplies and headed to the site that's what happened what more do they need to know....

-Mike
 
bradl said:
My point is that you don't have to spoof the Apple side of things. Simply observe and capture. Capture the packets and inspect them for the data you are looking for. the password would be encrypted with some hash; find the hashing method (SHA1, RC4, MD5, etc.) that it may potentially be using, match the password hash string to the hash that was used, and you'd have the plain text variant of that hash (the password). That's what most password crackers do.

Again, all assuming that the communication between the phone and Apple is NOT going over any secure method.

BL.
Click to expand...

https://support.apple.com/en-us/HT202303
[doublepost=1455934240][/doublepost]
mikefla said:
I don't think they had to change any passwords. Likely the iCloud backups were occurring to a computer via WIFI and those backups were not encrypted.

-Mike
Click to expand...

That's not an iCloud backup.
 
rmbpuser said:
I don't get it how did they change the password without knowing the password? Isn't this whole ordeal to access the phone??
Click to expand...

The Password Recovery System. Same one you'd use if you totally forgot your own password. The one that an Apple employee in their services department can activate even without answering the "special questions" correctly. Which they probably did for law enforcement.

mikefla said:
I don't think they had to change any passwords. Likely the iCloud backups were occurring to a computer via WIFI and those backups were not encrypted.

-Mike
Click to expand...

The problem is someone in the chain of custody goofed and change the iCloud/AppleID password. So the one stored in the inaccessible phone is no longer valid. Even if the phone wasn't "logged out" of the system now, if it tried to ping the Backup Service it would send the wrong password and the backup wouldn't even start.
 
  • Like
Reactions: gigi1701
Rigby said:
Perhaps they made sure the device wasn't connected (e.g. by putting it in an RF shielding pouch) before they reset the password. In that case it would never have "known" about the password change, and Apple could presumably have changed the account password back (if they had known the original one) before attempting the auto-backup. But I'm just speculating. Perhaps the person who wrote the filing didn't fully understand the reason.
Click to expand...

That wouldn't work, it would have to connect to the server to do the backup and when it did it would know it should be signed out and kick it off.
 
bradl said:
My point is that you don't have to spoof the Apple side of things. Simply observe and capture. Capture the packets and inspect them for the data you are looking for. the password would be encrypted with some hash; find the hashing method (SHA1, RC4, MD5, etc.) that it may potentially be using, match the password hash string to the hash that was used, and you'd have the plain text variant of that hash (the password). That's what most password crackers do.

Again, all assuming that the communication between the phone and Apple is NOT going over any secure method.

BL.
Click to expand...

I'm sure from the phone to the cloud the data is encrypted via SSL and as far as i'm aware strong SSL encryption has not been cracked yet.

-Mike
 
  • Like
Reactions: spinnyd
SeattleMoose said:
This is the people/Tech Companies/Tim Cook vs the goons who call themselves our government. Stand fast on the tiller Mr. Cook, treacherous seas ahead!!!

Actually this whole thing is a good "shill test" of our congress and senate. Note carefully who votes for Big Brother and VOTE THEM OUT!!!
Click to expand...

Congress denotes The House of Representatives and The US Senate. To say Congress and the Senate is to not understand the very meaning of the term, US Congress.
 
bradl said:
My point is that you don't have to spoof the Apple side of things. Simply observe and capture. Capture the packets and inspect them for the data you are looking for. the password would be encrypted with some hash; find the hashing method (SHA1, RC4, MD5, etc.) that it may potentially be using, match the password hash string to the hash that was used, and you'd have the plain text variant of that hash (the password). That's what most password crackers do.

Again, all assuming that the communication between the phone and Apple is NOT going over any secure method.

BL.
Click to expand...

But, you're already going over a secure channel before you even logged in! You're inspecting something that's already encrypted. You'd need to attack this encryption first which probably uses Apple's PKI info, not an easy task in itself since you don't have access to either endpoints (Apple or user device) and would have to spoof Apple to try to get it!

Getting the end device to log into the fake one (that intercepts traffic) is the way it's usually done; but that usually only works well when it's a human doing it. We're easily fooled and will forge on even if the browser or app says the certificate at the other end has changed!
 
  • Like
Reactions: vmistery
nicho said:
https://support.apple.com/en-us/HT202303
[doublepost=1455934240][/doublepost]

That's not an iCloud backup.
Click to expand...

Sorry you are right I meant a phone backup (not an icloud backup). A phone backup though would have been even better than an icloud backup because the phone is only backing up what you have selected to the cloud and likely the user was not backing up everything and was just using the limited free storage. So the backup from the phone using WIFI to the computer if it wasn't encrypted (likely not most people don't enable the option) then that backup could just be restored to any phone perhaps one with some sort of back door (i.e. jail broken). Then the FBI could use whatever tools they had at their disposal to try to crack the phone password (and not mess with the original phone until they had the actual password). But it sounds like the FBI didn't know or have squat so they were really counting on Apple to help further.

-Mike
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back