Again, Note that I said IF it went on a non-secure channel.
BTW: I've been a UNIX systems admin for the past 24 years. I've managed data from DoD servers to databases holding credit card data, conforming to PCI and ISO 27002 standards.
BL.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Again, Note that I said IF it went on a non-secure channel.
BTW: I've been a UNIX systems admin for the past 24 years. I've managed data from DoD servers to databases holding credit card data, conforming to PCI and ISO 27002 standards.
BL.
Provoked the attack? No I'm not at that point yet. But they did pick this particular case for political reasons. They can push the terrorist card. And we all know we will give up all our liberties to fight terror.
Oh wait......isn't that what terrorists hate about us and want to end, our hard fought for freedoms. Once our own government lies to us, and removes all our freedoms, terrorists can sit back, as they have won. But we will be safe.
Conclusion: Don't use Apple's iCloud backups! Backup only locally to an encrypted Mac
Conclusion: don't commit crimes that will get the US Government to send subpoena's out looking for information for you.
Or at least don't store the data on your phone!
Gary
As I wrote in my previous comment, I wonder the same thing as I thought all data to/from/residing in iCloud was encrypted and useless to Apple and anybody else.
[doublepost=1455936903][/doublepost]
As we have seen, the US was performing bulk surveillance and data collection on all US citizens, the bulk of which were innocent.
And NASA faked the moon landings, right?
There is a bad reputation being built for Apple too. Just saying. Not assisting in the investigation of a terrorist attack when asked to do so isn't exactly good publicity.
I never used iCloud or other Cloud Services.
And I surely will never ever do….
I never wanted to upgrade from IOS7 to later IOS…. but now I am thinking about….
And I surely will never ever do….
I never wanted to upgrade from IOS7 to later IOS…. but now I am thinking about….
FFTY I hope. I can't imagine Apple allowing an unencrypted backup over the wire.
I need to read up on this because the FBI was able to get data from the iCloud backup.
By the erosion of God-given and fought-for liberties as we have seen in the days following 9/11, the government is becoming that it's agents were sworn to defend against.
Isn't that title incorrect?
They changed the Apple ID, but the problem is they did NOT change it ON THE iPhone and now it won't connect...
BUT if they hadn't changed the ID and someone sent a remote wipe, then there would be that problem.
Gary
IF THE GUYS PASSWORD WAS "GARY" then they only needed to enter the password "GARY" .
it's been shown to you that the premise of your "if" is wrong.
Here's one answer to my own question.
The Intercept claim that Apple decrypts iCloud backup data when ordered to:
https://theintercept.com/2014/09/22/apple-data/ said:
That really sucks. I was under the impression the iCloud backups were useless even to Apple.
This is US government, transparency ended decades ago. Now you will know what they want you to know, until it is leaked. Then red faced they will retrench and go off on some tangent to deflect criticism. This is all obvious to open mind looking at history since WWII?
The thing is that there are two logging codes, the Apple ID password and the passcode for the phone.
The Apple ID password I believe encrypts the Icloud data and yes Apple has that info because you're they need to log you in, change it, and decrypt your data to send it to you.
There are a lot of different kind of Icloud data, it is possible that some of them needs on device keys too to decrypt, I haven't looked into that.
https://support.apple.com/en-ca/HT202303
The Icloud backups stop on the 19th of October, because of a screwup by the FBI and the county where they guy worked at (it was a work phone), they somehow are no longer able to force a backup of subsequent data (if there are any).
Now, they need to get into the phone itself with a passcode. In that case, Apple would have to make a custom software/firmware to bypass the phone's key wipe security after X log in so the FBI can do a brute force attack on the passcode. This is not a trivial thing to do for Apple technically and most of all ethically.
The only reason it's even possible to create this software is that this phone is a 5c and not a 5s and more recent. In more recent phones the delays between attempts are enforced in hardware (and they key wipes too), so there is no way around unless Apple changes not only the software/firmware but also the hardware. Apple doesn't want to have access to the on phone data.
would a remote wipe show up explicitly on the phone, or would it still be on the passcode entry screen until the passcode was entered and then "BOOOM THIS PHONE WAS WIPED SUCKERSSS"? i've never used it.
actually Steve Jobs did allow it. All versions of iOS prior to iOS 8 had a coding in the system that would allow a computer to create a kind of permanent trusted connection. So long as the passcode hadn't reached the disabled/connect to iTunes screen, you could still do backups to that trusted computer even without inputing your passcode. That was created under Steve's watch. It was Tim Cook's regime that discovered that said coding created a potential hackable security risk and removed it. Which is why you have to manually trust the same computers over and over and unlock your passcode to do anything
Most of the user data in iCloud is encrypted at rest (in part because they use 3rd party cloud providers like Amazon AWS and MS Azure to store them), but with the current design Apple has the keys for most of them (exception: iCloud Keychain).
It would theoretically be possible to encrypt iCloud backups with a key derived from the user's iCloud password (in this case Apple wouldn't be able to decrypt them), but currently they don't do this according to the iOS Security Guide ("The user’s iCloud password is not utilized for encryption so that changing the iCloud password won’t invalidate existing backups").
If you're suggesting that the President is calling the shots in regards to the minutia of individual FBI investigations, well that's coo-coo; the man's got enough on his plate without demanding to know what's on some nobody's iPhone. The director of the FBI is appointed by the President, but after that he doesn't even report directly to the President. Hell, the FBI can even investigate the President if need-be.
nope. its not spin. if you change your password it disconnects your phone from iCloud until you put in the new password.
also, as my Genius BF reminded me, automatic backups only attempt once every 24 hours (something he wishes they would change).so lets say you hit back up now on your phone at noon on Saturday when you are home watching sports. it will attempt to automatically backup every day at noon after that. but only if you are on wifi, plugged in and the phone is sleeping. How often are we in such a position every day at noon. That's why Tommy recommends to folks that they manually trigger a backup really late at night like right before they go to bed. more likely to met the proper conditions. It's also possible, Tommy reminded me, that said party might not have had enough iCloud storage space and the backups keep failing. but apple might have offered to max out the space to make sure that wasn't a problem. then the feds would need to go to the house or the man's office (if it has accessible wifi) to try to the attempt, perhaps having to leave the phone for 24 hours to hit the end of the daily countdown
Conclusion: Don't use Apple's iCloud backups! Backup only locally to an encrypted Mac
if you are going to do that then you have to remember that log in passwords can be changed so you need to encrypt the backup in iTunes and make sure that 'save password' is off
apple claims it will affect ALL iphones, past and present. see the techcrunch article.
Or never back up your phone.Conclusion: Don't use Apple's iCloud backups! Backup only locally to an encrypted Mac
you clearly misunderstood. the "spin" was suggesting that this was even a possibility.
also, that it tries once at a set time every 24 hours is simply not true... if it fails it will try the next time it is plugged in, locked and on wifi, whatever time of that that is. i've had automatic backups complete morning noon and night.
Apple has until February 26 to respond. The Government set the hearing for March 22. That's plenty of time for those here who are enjoying speculating on what happened, to compose several posts. Not to mention the duplicate threads that are bound to be created.
This will be quite an entertaining chapter in Apple's history.
This will be quite an entertaining chapter in Apple's history.