How did they change the Apple ID associated with the phone if the phone was locked?
Most likely through Apple's Mobile Device Management. It was his employer's phone and assigned to him.
No, most likely they logged into the AppleID.apple.com (probably reset the password by having AppleID send them an e-mail to Farook's San Bernardino County's account, which they would have control over and access to).
If San Bernardino County would actually be running an MDM like any other business to setup, restrict, track and control their devices, they simply would have had the MDM system reset the PIN number so the FBI could access the device. Every MDM system I have ever reviewed and used gives the company the capability to reset the PIN, lock the device or wipe the device.
In the end it looks like San Bernardino County is the negligent one in this case on two accounts (1) did not use a proper MDM solution to manage the device to begin with and (2) then screwed up any attempt at data recovery by changing the AppleID password prevent any cloud based backups from the device.
It appears Apple has already bent over backwards to assist the FBI in how the are able with this device. This court action thus, is not about getting into this particular phone, but creating a backdoor giving the government access to all future devices. Beyond U.S. citizen's civil liberties and constitutional protections, one last thing to ponder -- if the Justice Department succeeds in this, what kind of defense will Apple and other U.S. companies have when the likes of Russia and China begin to demand back doors in every encrypted product, and how will that leave any user (including U.S. gov't agencies) exposed for foreign espionage?
Now according to USA Today the feds admitted in today's filing San Bernardino changed the ID.
"In the government’s Friday filing, the Justice Department acknowledged that the password was re-set in the hours after the attack by authorities with San Bernardino County. The county owned the phone and provided it to Farook for work."
So now, with what seems like amateur prroduction and almost klownish incompetence, the USGovr has been exposed - AGAIN, as trying to bigfoot tech companies simply by intimidation. Apple should not have to say another word or take another action. The Guv'mt just cleared them of any harm... Morons...
ALSO - They destroyed everything else (personal phones, computers, etc) so it seems dubious that anything useful is going to be on his work phone ... unless they switched devices willy nilly like Clinton. But seriously doncha think they would've shredded that one too? Wonder what model their personal phone was, and where its data was stored... (seriously, anyone know?)
I find this confusing. They changed the passcode but they hey don't know what they changed it to or are they choosing to not give it to the Feds?
They changed the Apple ID password, not the passcode, The passcode is on the device itself.
OK, that's better, but if they have access to the iCloud account, and there is a backup to iCloud (which seems to be implied) for that device, can't they just restore from backup from any ol' iOS device?
Apple was asked to stop
the password’s counter to make it easier for the FBI to crack the iPhone with brute force attack, but once this
knowledge is out…
It gets even more
complicated. Apple provides the iOS programmers with an encryption algorithm
that is used by most of the banks. Now the question is: OK we have an
access to the phone, BUT what if the messages/data on the phone are
encrypted?
Apple CAN NOT
decrypt this algorithm otherwise your banks’ data is not safe.
Programmers all over
the world use this algorithm. We are using this algorithm in a product called
ContactShield which enables you to encrypt specific contacts in your address
book or send encrypted messages. You can try this product for free. Access to your phone is only half of the
story. You can still protect your data with encryption that was not cracked as
of yet.
The didn't change the Apple ID. They changed the passcode (I will use password from here on) associated with the AppleID probably via appleid.apple.com. However, that new password would have to be entered into the iPhone (Settings-iCloud) to have that iPhone activate iCloud backup, else it can't connect. Somebody probably thought they would change the password to get at the data in iCloud, found out the data hadn't been backed up in months (or at all), then learned that they couldn't get the iPhone to start auto backup without entering the new AppleID password in settings, and because they didn't know the original password, could not set it back. Now they are stuck with an iPhone that can't back up to iCloud and they can't change to the new password because they don't know the 4-digit PASSCODE to access the iPhone. Thus, because the FBI screwed up, they want Apple to create a software hack to bypass the 'Wipe data after 10 wrong passcode attempts' so they can brute force the device; easier to do with only 4 numeric digits, especially when you have to use 4, not 1, 2 or 3. Once the iPhone passcode is broken, then the FBI can enter the NEW AppleID password to get the phone to sync with iCloud, but then it won't be necessary because they can now simply copy everything to a computer.
In other words, they want Apple to save their butt for doing something they thought was smart, but didn't work, so they try Plan B and Apple balks.
CORRECTION: Password changed by SB County, not FBI. Still, FBI should first go after county for screwing them, not Apple.
Update: County acted upon FBI requests. Why didn't they consult Apple before they screwed with their evidence? This deeply worries me that we will see every police dept having their own back door option at will!
They changed the Apple ID password, not the passcode, The passcode is on the device itself.
OK, that's better, but if they have access to the iCloud account, and there is a backup to iCloud (which seems to be implied) for that device, can't they just restore from backup from any ol' iOS device?
It would appear you need at least once enter the changed password on the device and attempt an iCloud backup in order to "link" the backup to the new password. I'm guessing here but otherwise I think they'd have done this by now, no?
So Apple proposed four different ways of extracting the information. So, no one can get into the device, but under normal conditions the "backdoor" is already there in form of the iCloud backup?
OK, that's better, but if they have access to the iCloud account, and there is a backup to iCloud (which seems to be implied) for that device, can't they just restore from backup from any ol' iOS device?
It would appear you need at least once enter the changed password on the device and attempt an iCloud backup in order to "link" the backup to the new password. I'm guessing here but otherwise I think they'd have done this by now, no?
If the device was backed up to iCloud then that was already done before the incident. If your phone was broken, stolen, or lost, you can then get a new one, and using your iCloud credentials restore from your last iCloud backup. Since I'm being told that they were able to change his iCloud account password, then they would have had access to his iCloud account. If there were no backups to iCloud performed for that work phone then why is there talk about iCloud backups at all?
"Apple says the San Bernardino County Department of Public Health, the phone's owner and Farook's former employer, changed the account passcode. A county representative later told Reuters that FBI agents requested the iCloud password reset. If the passcode was not changed, FBI officials might have been able to procure a backup of the data it is currently attempting to suss out of the phone itself, the company said."
According to this report, it was the FBI that requested that the Password be changed. So the FBI created this access problem. This could be the smoking gun that shows the FBI covering up their own incompetence.
So this was the Apple ID password and not the pin code to unlock the phone? I thought I read somewhere that this guy stop backing up to iCloud well in advance of this attack.
Yea, because he totally had plans for a long life after killing all those people /=
The perps are dead, they have no accomplices. There is no reason for the FBI to be hacking phones unless they want to randomly spy on everyone. But of course, this is the whole point. If you're doing nothing wrong you have nothing to hide, right?
The FBI is going to come out of this looking like the Frackin' Bloody Idiots that they are
Exactly and so with be DOJ! With such stupidity how can we trust that FBI is asking just for this one phone only. If the FBI things this way, I am sure FBI will but the whole stuff out on ftp://fbi.gov/public for anyone to download and they will never know the difference.
The didn't change the Apple ID. They changed the passcode (I will use password from here on) associated with the AppleID probably via appleid.apple.com. However, that new password would have to be entered into the iPhone (Settings-iCloud) to have that iPhone activate iCloud backup, else it can't connect. Somebody probably thought they would change the password to get at the data in iCloud, found out the data hadn't been backed up in months (or at all), then learned that they couldn't get the iPhone to start auto backup without entering the new AppleID password in settings, and because they didn't know the original password, could not set it back. Now they are stuck with an iPhone that can't back up to iCloud and they can't change to the new password because they don't know the 4-digit PASSCODE to access the iPhone. Thus, because the FBI screwed up, they want Apple to create a software hack to bypass the 'Wipe data after 10 wrong passcode attempts' so they can brute force the device; easier to do with only 4 numeric digits, especially when you have to use 4, not 1, 2 or 3. Once the iPhone passcode is broken, then the FBI can enter the NEW AppleID password to get the phone to sync with iCloud, but then it won't be necessary because they can now simply copy everything to a computer.
In other words, they want Apple to save their butt for doing something they thought was smart, but didn't work, so they try Plan B and Apple balks.
CORRECTION: Password changed by SB County, not FBI. Still, FBI should first go after county for screwing them, not Apple.
Mmh.. Please confirm that whoever changed the iCloud passcode knew the old one, otherwise we have a serious breach. OK, so someone at SB County knows the old password. Who do you think should receive a court order to help poor FBI bozos to retrieve data from the shooter's iPhone ? Right. So why all the buzz ?
It would appear you need at least once enter the changed password on the device and attempt an iCloud backup in order to "link" the backup to the new password. I'm guessing here but otherwise I think they'd have done this by now, no?
If the device was backed up to iCloud then that was already done before the incident. If your phone was broken, stolen, or lost, you can then get a new one, and using your iCloud credentials restore from your last iCloud backup. Since I'm being told that they were able to change his iCloud account password, then they would have had access to his iCloud account. If there were no backups to iCloud performed for that work phone then why is there talk about iCloud backups at all?
I'm with you on that. What I don't know is what happens if in the meantime you change your password? Let's say you lost your phone and have iCloud backups from that. Then you hange the password. Then you get a new phone and attempt a restore. Will this work? Or do you need first use the old password on the new phone for a restore and then change the password for it to work? In other words: is the iCloud backup linked to a specific password?
OK, that's better, but if they have access to the iCloud account, and there is a backup to iCloud (which seems to be implied) for that device, can't they just restore from backup from any ol' iOS device?
It would appear you need at least once enter the changed password on the device and attempt an iCloud backup in order to "link" the backup to the new password. I'm guessing here but otherwise I think they'd have done this by now, no?
I think the way it works is that you have to log the new password (to the iCloud account) into the device so that the device can log onto the iCloud account to back up on to there. Right now, the iPhone is using a password that won't work because it was changed on the server end. They can't change the password on the device because they don't have the passcode to unlock it. And since the IT Dept. didn't know what the password was before they changed it on their end, it can't be changed back to the password that the device is trying to use when it attempts to log on to the iCloud account.
Which means that there's no way to force a back up because the iPhone can't log on to any iCloud account to do so. Apple had a chance of retrieving at least some of the data with a forced back up, if the IT Dept. had not screwed with the password to the iCloud account.
The back up Apple has in the iCloud account connected to this iPhone is months old, the FBI want a current back up of what's on the iPhone now. Which has a high probability of containing no more new information than what they already have.
CORRECTION: Password changed by SB County, not FBI. Still, FBI should first go after county for screwing them, not Apple.
Mmh.. Please confirm that whoever changed the iCloud passcode knew the old one, otherwise we have a serious breach. OK, so someone at SB County knows the old password. Who do you think should receive a court order to help poor FBI bozos to retrieve data from the shooter's iPhone ? Right. So why all the buzz ?
I wouldn't think so. It's like when I change the password to an account on my Mac using the utility on a boot disc. I can change the password to the account but don't ever see what the old password was.
Comments
No, most likely they logged into the AppleID.apple.com (probably reset the password by having AppleID send them an e-mail to Farook's San Bernardino County's account, which they would have control over and access to).
If San Bernardino County would actually be running an MDM like any other business to setup, restrict, track and control their devices, they simply would have had the MDM system reset the PIN number so the FBI could access the device. Every MDM system I have ever reviewed and used gives the company the capability to reset the PIN, lock the device or wipe the device.
In the end it looks like San Bernardino County is the negligent one in this case on two accounts (1) did not use a proper MDM solution to manage the device to begin with and (2) then screwed up any attempt at data recovery by changing the AppleID password prevent any cloud based backups from the device.
It appears Apple has already bent over backwards to assist the FBI in how the are able with this device. This court action thus, is not about getting into this particular phone, but creating a backdoor giving the government access to all future devices. Beyond U.S. citizen's civil liberties and constitutional protections, one last thing to ponder -- if the Justice Department succeeds in this, what kind of defense will Apple and other U.S. companies have when the likes of Russia and China begin to demand back doors in every encrypted product, and how will that leave any user (including U.S. gov't agencies) exposed for foreign espionage?
"In the government’s Friday filing, the Justice Department acknowledged that the password was re-set in the hours after the attack by authorities with San Bernardino County. The county owned the phone and provided it to Farook for work."
i mean damn.
Way to go Feeble But Incompetent!
http://abcnews.go.com/US/san-bernardino-shooters-destroy-phones-hard-drives-sources/story?id=35570286
http://appleinsider.com/articles/13/08/03/president-obama-vetoes-samsung-ban-on-apple-inc-iphones-ipads
Apple was asked to stop the password’s counter to make it easier for the FBI to crack the iPhone with brute force attack, but once this knowledge is out…
It gets even more complicated. Apple provides the iOS programmers with an encryption algorithm that is used by most of the banks. Now the question is: OK we have an access to the phone, BUT what if the messages/data on the phone are encrypted?
Apple CAN NOT decrypt this algorithm otherwise your banks’ data is not safe.
Programmers all over the world use this algorithm. We are using this algorithm in a product called ContactShield which enables you to encrypt specific contacts in your address book or send encrypted messages. You can try this product for free. Access to your phone is only half of the story. You can still protect your data with encryption that was not cracked as of yet.
According to this report, it was the FBI that requested that the Password be changed. So the FBI created this access problem. This could be the smoking gun that shows the FBI covering up their own incompetence.
I think the way it works is that you have to log the new password (to the iCloud account) into the device so that the device can log onto the iCloud account to back up on to there. Right now, the iPhone is using a password that won't work because it was changed on the server end. They can't change the password on the device because they don't have the passcode to unlock it. And since the IT Dept. didn't know what the password was before they changed it on their end, it can't be changed back to the password that the device is trying to use when it attempts to log on to the iCloud account.
Which means that there's no way to force a back up because the iPhone can't log on to any iCloud account to do so. Apple had a chance of retrieving at least some of the data with a forced back up, if the IT Dept. had not screwed with the password to the iCloud account.
The back up Apple has in the iCloud account connected to this iPhone is months old, the FBI want a current back up of what's on the iPhone now. Which has a high probability of containing no more new information than what they already have.
I wouldn't think so. It's like when I change the password to an account on my Mac using the utility on a boot disc. I can change the password to the account but don't ever see what the old password was.