San Bernardino Shooter's iCloud Password Changed While iPhone was in Government Possession
Source: ABC News
The password for the San Bernardino shooter's iCloud account associated with his iPhone was reset hours after authorities took possession of the device.
The Justice Department acknowledged in its court filing that the password of Syed Farook's iCloud account had been reset. The filing states, "the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup."
Apple could have recovered information from the iPhone had the iCloud password not been reset, the company said. If the phone was taken to a location where it recognized the Wi-Fi network, such as the San Bernardino shooters' home, it could have been backed up to the cloud, Apple suggested.
The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.
Read more: http://abcnews.go.com/US/san-bernardino-shooters-apple-id-passcode-changed-government/story?id=37066070
I don't have enough understanding of the technology to make too much of this. From what I understand, some or all of an iPhone's data is backed up to iCloud, and this may be decoded? That's news to me. Anyway, when some Govt IT dweb changed the iCloud password, the iPhone was no longer able to logon to the iCloud account and update the backup. Therefore, the most recent data was (only) on the phone. 1. This looks like one royal SNAFU 2. Disable iCloud if you truly want to secure your iPhone.
BTW how do we know the phone even had a passcode in the first place. Some IT guy just happened to make the data unrecoverable?
Apple: Terrorists Apple ID Password Changed In Government Custody, Blocking Access
The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadnt happened, Apple said, a backup of the information the government was seeking may have been accessible.
...
(Apple) executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.
Apple sent trusted engineers to try that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed. (The FBI claimed earlier Friday that this was done by someone at the San Bernardino Health Department.)
Had that password not been changed, the executives said, the government would not need to demand the company create a backdoor to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust#.rbajYpQPJx
Ilsa
(61,709 posts)Force Apple to develop the code they need to disable security for all iphones? Is it possible they gave up further immediate research on the perps' connection to get the jackpot?
I'm not buying the idea that whoever changed the password then promptly forgot about it.
Bangbangdem
(140 posts)Already decrypted iPhones 70 times to aid law enforcement. This one concerns national security. Trying to figure out the disconnect.
TipTok
(2,474 posts)Not all iphones are created equally...
Ilsa
(61,709 posts)Apple would decrypt this one if the risk didn't apply to every other newer iPhone? Why would Apple stop this time, unless there was a different risk?
It may not have planned, but my guess is that they want access to all phones whenever they want, for whatever reason. And no, I don't trust them to always have a good reason. I believe that some people in the fbi abuse their access to personal data.
jeff47
(26,549 posts)randome
(34,845 posts)[hr][font color="blue"][center]I'm always right. When I'm wrong I admit it.
So then I'm right about being wrong.[/center][/font][hr]
jeff47
(26,549 posts)2naSalit
(86,863 posts)thought on that. Everyone knows how badly the feds want to have access to everything. I'm not buying their claims either.
starroute
(12,977 posts)The short version is that Apple can't just create a tool and hand it over to the FBI to be used once and then forgotten. If anything on the phone leads to arrests, the defense will be able to demand that Apple provide testimony about the nature of the tool, demonstrate its accuracy, prove that not a single bit of information on the phone was altered in the course of cracking it -- and allow experts hired by the defense to validate it. And at that point, the secret can't be kept and anybody knowledgeable can reverse-engineer the techniques.
http://www.zdziarski.com/blog/?p=5645
For years, the government could come to Apple with a subpoena and a phone, and have the manufacturer provide a disk image of the device. This largely worked because Apple didnt have to hack into their phones to do this. Up until iOS 8, the encryption Apple chose to use in their design was easily reversible when you had code execution on the phone (which Apple does). So all through iOS 7, Apple only needed to insert the key into the safe and provide FBI with a copy of the data.
This service worked like a black box, and while Apple may have needed to explain their methods in court at some point, they were more likely considered a neutral third party lab as most forensics companies would be if you sent them a DNA sample. The level of validation and accountability here is relatively low, and methods can often be opaque; that is, Apple could simply claim that the tech involved was a trade secret, and gotten off without much more than an explanation. An engineer at Apple could hack up a quick and dirty tool to dump disk, and nobody would need to ever see it because they were providing a lab service and were considered more or less trade secrets. . . .
What many havent considered is the significant difference in the legal world between providing lab services and developing what the courts will consider an instrument.
An instrument is the term used in the courts to describe anything from a breathalyzer device to a forensics tool, and in order to get judicial notice of a new instrument, it must be established that it is validated, peer reviewed, and accepted in the scientific community. It is also held to strict requirements of reproducibility and predictability, requiring third parties (such as defense experts) to have access to it.
Ilsa
(61,709 posts)than imagined for law enforcement to use anything they get off the phone due to legal problems of verification of the new instrument, tampering risks, etc, which almost no one has discussed before. Of course, maybe they don't care about prosecuting at this time, just figuring out who they need to be chasing down. But still, there are all of those issues you mention.
This is a bigger deal than the media is able to understand and convey to the general public. Thank you so much for your post. This is a much bigger mountain to climb than I imagined. Wow.
tomm2thumbs
(13,297 posts)"Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said."
denem
(11,045 posts)The FBI have the data, but want to force in a backdoor? For all we know there may never have been a passcode. A 5c is a pretty old phone, launched when iOS didn't nag so much for a passcode.
tomm2thumbs
(13,297 posts)Probably more skilled at it than Apple folks in many ways
Fast Walker 52
(7,723 posts)stinky.
brush
(53,925 posts)What was his/her motive?
JustABozoOnThisBus
(23,375 posts)When someone leaves the company, disable their online accounts, reset passwords, etc, etc. Changing the iCloud password may just be a normal thing to do.
Maybe Law Enforcement should have told the county office to not touch anything.
GreydeeThos
(958 posts)The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.
If this information is valuable enough to risk the security of every iPhone in the world, the County Employee should first be subjected to the ' bright lights and rubber hose ' treatment.
truebluegreen
(9,033 posts)But of course that won't get them their backdoor to all iPhones, will it?
LiberalLovinLug
(14,178 posts)Where is this employee that changed the password? And with such an important national security investigation, I find it impossible to believe that this "employee" did not record SOMEWHERE the changed password. In fact, it should have been imperative that this information be kept. Something fishy going on here.
William Seger
(10,786 posts)The password that was changed was the phone's login to the Apple iCloud, not the passcode to open the phone. What Apple is saying is that if that login hadn't been changed, the phone could connect to the iCloud and upload a backup of texts and emails, so Apple could give that data to the FBI without hacking the phone.
JustABozoOnThisBus
(23,375 posts)If there was a way to unlock the phone.
Apparently, there is not.
As William Seger pointed out in post 38, the iCloud password and the iPhone 4-digit key are two different things. The iPhone key is what the FBI wants.
ManiacJoe
(10,136 posts)Knowing one does not help with the other.
muriel_volestrangler
(101,391 posts)it takes me to their main page, but this, with a few extra digits, seems to work: http://abcnews.go.com/US/san-bernardino-shooters-apple-id-passcode-changed-government/story?id=37066070
denem
(11,045 posts)mhatrw
(10,786 posts)There was nothing incriminating on the phone, so the FBI simply pretended to lock themselves out of it.
If not, what they fuck were they thinking?
Bangbangdem
(140 posts)The simple truth is that these guys were on their own. No wonder this entire story dropped off the radar.
geek tragedy
(68,868 posts)Bernardo de La Paz
(49,052 posts)1) They were not framed. They killed 14 people.
2) It wasn't the FBI that locked themselves out, it was a county employee, and it wasn't pretending. They unlocked the other phone.
There are plenty of credible links online for the above. You, however, haven't posted any credible link for your fabricated fantasy.
denem
(11,045 posts)To change the password a county employee had to know the iCloud address and the backup email address, or security answers. Now yes, the FBI would know that, but a county employee? An official iCloud address. Except the iCloud account can be switched back and forth on the same phone. Does. Not. Compute.
jeff47
(26,549 posts)The county bought the phone and gave it to him for his job. When a business does this, there are ways for the business to retain some control over the phone.
Bernardo de La Paz
(49,052 posts)Fast Walker 52
(7,723 posts)and why on earth would the county employee change the passcode?
Bernardo de La Paz
(49,052 posts)As to the county employee, I have not much idea. It seems it was the phone identity, not the password.
But I'm sure you will get into a big waste of your time (and of others) if you go all "Area 52" / conspiracy theory on the San Bernardino shootings.
TipTok
(2,474 posts)NickB79
(19,276 posts)A family friend admitting to arranging a straw purchase for the very guns (matched by serial number) later recovered from the Farook's dead bodies, and video of the shoot-out between them and the police later that day, where hundreds of rounds were fired back and forth
But yeah, they were framed.
SoapBox
(18,791 posts)Oh shit! We screwed it up!
JCMach1
(27,581 posts)#classic
christx30
(6,241 posts)William Seger
(10,786 posts)It was someone in the San Bernardino County Department of Public Health office where he worked who reset it remotely.
kas125
(2,472 posts)Last edited Sat Feb 20, 2016, 04:11 PM - Edit history (1)
hours after the attacks and when it was in the possession of the FBI? Wasn't he lying dead on the street? How does a dead guy change a password? Or am I missing something?
MADem
(135,425 posts)William Seger
(10,786 posts)This is not the passcode to open the phone.