How did they change the Apple ID associated with the phone if the phone was locked?
The didn't change the Apple ID. They changed the passcode (I will use password from here on) associated with the AppleID probably via appleid.apple.com. However, that new password would have to be entered into the iPhone (Settings-iCloud) to have that iPhone activate iCloud backup, else it can't connect. Somebody probably thought they would change the password to get at the data in iCloud, found out the data hadn't been backed up in months (or at all), then learned that they couldn't get the iPhone to start auto backup without entering the new AppleID password in settings, and because they didn't know the original password, could not set it back. Now they are stuck with an iPhone that can't back up to iCloud and they can't change to the new password because they don't know the 4-digit PASSCODE to access the iPhone. Thus, because the FBI screwed up, they want Apple to create a software hack to bypass the 'Wipe data after 10 wrong passcode attempts' so they can brute force the device; easier to do with only 4 numeric digits, especially when you have to use 4, not 1, 2 or 3. Once the iPhone passcode is broken, then the FBI can enter the NEW AppleID password to get the phone to sync with iCloud, but then it won't be necessary because they can now simply copy everything to a computer.
In other words, they want Apple to save their butt for doing something they thought was smart, but didn't work, so they try Plan B and Apple balks.
This is a good reminder to everyone that while your iPhone may be super secure, your data is still available to law enforcement if uploaded to iCloud. While Apple keeps your data in iCloud encrypted from other people, they still hold the master key for iCloud data, thus they will hand it over when forced too. You do you have options on selecting what gets backed up to iCloud, but not everything. Items like iMessages are encrypted end to end and are not stored on Apple's servers, but they do make their way back up to Apple's servers via iCloud when iCloud Backup is turned on. Unfortunately Apple does not allow you to turn off Messages for iCloud backup, which I always found discouraging.
In related news the employer of the terrorist neglected to install the cellphone management software used elsewhere in that county government which would have allowed routine access to the phone's contents.
If this Buzzfeed story is true* it would take a colossal level of incompetence for a three letter agency to allow some county employee to muck around with a piece of evidence like that.
*I have no reason to believe it isn't, but we are talking about one of the world's premier clickbait websites.
This is a good reminder to everyone that while your iPhone may be super secure, your data is still available to law enforcement if uploaded to iCloud. While Apple keeps your data in iCloud encrypted from other people, they still hold the master key for iCloud data, thus they will hand it over when forced too. You do you have options on selecting what gets backed up to iCloud, but not everything. Items like iMessages are encrypted end to end and are not stored on Apple's servers, but they do make their way back up to Apple's servers via iCloud when iCloud Backup is turned on. Unfortunately Apple does not allow you to turn off Messages for iCloud backup, which I always found discouraging.
I would not be surprised if Apple starts offering an option to encrypt iCloud data as well. And I expect the iPhone 7 and iOS 10 to be even more locked down.
Why not just take the phone to Apple? If they had to apply a patch to circumvent the security, at least this patch could stay in Apple's hands. Unless this case is not about the data, but more to force a backdoor.
You didn't follow the case so far, did you? FBI just want a backdoor access to the phone, at this time they said only 1 phone. However, that backdoor access can be used on any phone. That's why Apple refused. Apple offered to restore iCloud backup and other ways to access this particular phone beside McAffee volunteered to crack this phone and extract the data in bytes for FBI for free, but FBI refused. FBI WANT APPLE TO CREATE A BACKDOOR SOFTWARE TO BE USED ON iPhone, any iPhone. Now, this is the catch: once you create that piece of software as you called it "a patch". Court can order Apple to give that "patch" to FBI due to national security. Apple can't refuse once they have something in their hand. Also, every other government in the world can do the same to Apple. Soon, that "patch" gets into a wrong hand...I bet it will. The cyber criminals not only have access to your personal profiles, but also can disrupt financial systems, social security, trust funds and who knows what else..At least now, that software doesn't exist. Apple can't give what they don't have.
Did FBI try to contact the carrier this iPhone is subscribed to? The carrier should be able to give FBI all the people the killer has talked to. This information is probably what FBI is looking for.
Not if the terrorists used something like iMessage or FaceTime. That would only be some encrypted data with connections to Apple's servers to the cellular provider.
Apple would be able to tell FBI whom he talked to with iMessage or FaceTime.
This is a good reminder to everyone that while your iPhone may be super secure, your data is still available to law enforcement if uploaded to iCloud. While Apple keeps your data in iCloud encrypted from other people, they still hold the master key for iCloud data, thus they will hand it over when forced too. You do you have options on selecting what gets backed up to iCloud, but not everything. Items like iMessages are encrypted end to end and are not stored on Apple's servers, but they do make their way back up to Apple's servers via iCloud when iCloud Backup is turned on. Unfortunately Apple does not allow you to turn off Messages for iCloud backup, which I always found discouraging.
Prior to Apple are forced by the court to surrender your data, NSA already had warrant to run you over, consficated your computers and imprisoned you.
"The sticky situation could have been avoided if the associated Apple ID passcode was not changed, Apple says. Apple says the government opened the door to public scrutiny when it filed its motion to compel. The company proposed the FBI officials keep its requests sealed, but the agency decided to seek a court order demanding Apple's cooperation."
Very interesting revelation. The FBI changed the code on that iphone and created this problem - preventing Apple from helping them as they had in the past.
I think it shows that either the FBI contrived this confrontation to further their power grab agenda, or that they're incompetent. Or both. Director James Comey and the FBI aren't the only law enforcement agency pushing to get their hands on an Apple made special iphone encryption breaking master-key. Others around the country, local and federal, including the NY District attorney Vance have been appearing on talk shows like Charlie Rose pushing their agenda.
In any case, the bigger question is, can America trust these Law enforcement advocates to keep a secret, when they have no qualms about grandstanding on public TV shows?
Keep in mind, all of these gov't 'law enforcement' employees have no special personal moral ethical code any more than anyone else. They are just people, and we know how trustworthy they are. It just takes one bad apple or incompetent worker to let a 'secret' encryption key get into the wrong hands. History clearly shows the gov't's inability to keep important secrets is a foregone gone conclusion. Remember 'the bomb'?
This idiot at the county must be someone in their IT department. Otherwise how would they even have access to do something like reset passwords or manage phones?
Why isn't the anger over this iPhone being directed at this fool? I mean, seriously, how stupid do you have to be to start screwing around with a piece of evidence (an iPhone and its associated account) that was just involved in a serious crime? Trying to cover your tracks, maybe? Other than that I'm having trouble understanding why someone would do something so irresponsible.
One important point that hasn't been mentioned much is that this iPhone was not a personally-owned phone, but one supplied by the employer (San Bernardino county health department).
I have not had to deal with enterprise-managed iPhones by it's my understanding that, when properly configured, the enterprise manager has full control over the configuration and can access the data (by controlling where the backups go). I think there is a large sack of "fail" here. The FBI's signature case might have just gone into the toilet.
rob53 said: As others have said, the FBI allowed the phone to be "bricked" so Apple is off the hook.
Not really*, since wouldn’t they still have the technical ability to fix it?
*they are, of course, under no legal obligation to do anything
Let me re-phrase that sentence. The FBI had the phone in their possession. I don't know if it was ever turned off. They only way the San Bernardino county people could have changed the passcode without FBI knowledge is if it was managed and the county IT people initiated a remote reset of the passcode. If the iPhone was turned off, that change couldn't take place. Once it was turned on it probably could have as long as it could find a WiFi or cellular connection. No matter how it happened, the iPhone was changed while it was in the FBI's possession and they allowed the passcode change to happen. Once it happened, there's no way to recover the backed up data because iCloud and local backup requires the passcode as one of the encryption keys. Can Apple fix this? Can they hack their own iCloud server and break the encryption? Only Apple can answer that one. If the FBI really wanted to extract the data in this iPhone, they should have immediately locked it in a lead box to preserve the evidence then talked to Apple about the proper ways to get to the data. The San Bernardino IT staff did what their procedures told them to do when corporate property has been stolen or abused, they disabled the phone. That's standard practice. I have to wonder if the FBI told them to change the passcode figuring they could easily get in. Dumb and dumber.
Sidenote: I doubt McAfee can extract the data with social engineering since the original passcode is gone. I'm waiting to hear what he has to say.
Why not just take the phone to Apple? If they had to apply a patch to circumvent the security, at least this patch could stay in Apple's hands. Unless this case is not about the data, but more to force a backdoor.
You didn't follow the case so far, did you? FBI just want a backdoor access to the phone, at this time they said only 1 phone. However, that backdoor access can be used on any phone. That's why Apple refused. Apple offered to restore iCloud backup and other ways to access this particular phone beside McAffee volunteered to crack this phone and extract the data in bytes for FBI for free, but FBI refused. FBI WANT APPLE TO CREATE A BACKDOOR SOFTWARE TO BE USED ON iPhone, any iPhone.
So does China, Russia, Syria, and any number of other of the world's bad actor nations. Including most, if not all, of the people running to be the next US president. As does every hacker on the face of the Earth. :-(
Apple executives confirmed San Bernardino county officials changed the passcode.
I find this confusing. They changed the passcode but they hey don't know what they changed it to or are they choosing to not give it to the Feds?
It doesn't matter what they changed it to. They wanted to have it backup to a different backup server and capture the data. The only way to do that was to take the iCloud password the phone already has configured. However I think this is all very silly. You would think Apple would have backups of the iCloud database going back the past couple of months. Apparently they do not. I guess it is possible they store passwords in a separate table and don't back it up on purpose. If they ever lost the database they would then have 100s of millions of people simultaneously trying to reset their password. I am not sure that is a great plan, but you never know.
How did they change the Apple ID associated with the phone if the phone was locked?
The didn't change the Apple ID. They changed the passcode (I will use password from here on) associated with the AppleID probably via appleid.apple.com. However, that new password would have to be entered into the iPhone (Settings-iCloud) to have that iPhone activate iCloud backup, else it can't connect. Somebody probably thought they would change the password to get at the data in iCloud, found out the data hadn't been backed up in months (or at all), then learned that they couldn't get the iPhone to start auto backup without entering the new AppleID password in settings, and because they didn't know the original password, could not set it back. Now they are stuck with an iPhone that can't back up to iCloud and they can't change to the new password because they don't know the 4-digit PASSCODE to access the iPhone. Thus, because the FBI screwed up, they want Apple to create a software hack to bypass the 'Wipe data after 10 wrong passcode attempts' so they can brute force the device; easier to do with only 4 numeric digits, especially when you have to use 4, not 1, 2 or 3. Once the iPhone passcode is broken, then the FBI can enter the NEW AppleID password to get the phone to sync with iCloud, but then it won't be necessary because they can now simply copy everything to a computer.
In other words, they want Apple to save their butt for doing something they thought was smart, but didn't work, so they try Plan B and Apple balks.
Comments
Maybe be since the County owned the phone, they control the Apple ID, but not the passcode to unlock the screen.
Now, this is the catch: once you create that piece of software as you called it "a patch". Court can order Apple to give that "patch" to FBI due to national security. Apple can't refuse once they have something in their hand. Also, every other government in the world can do the same to Apple. Soon, that "patch" gets into a wrong hand...I bet it will. The cyber criminals not only have access to your personal profiles, but also can disrupt financial systems, social security, trust funds and who knows what else..At least now, that software doesn't exist. Apple can't give what they don't have.
The FBI? Correct, they have no idea why they want into the phone.
Apple? Apple is perfectly clear why Apple wants no parts of this government out-of-control response.
Thank God for Snowden waking people up to the risks
Why isn't the anger over this iPhone being directed at this fool? I mean, seriously, how stupid do you have to be to start screwing around with a piece of evidence (an iPhone and its associated account) that was just involved in a serious crime? Trying to cover your tracks, maybe? Other than that I'm having trouble understanding why someone would do something so irresponsible.
Sidenote: I doubt McAfee can extract the data with social engineering since the original passcode is gone. I'm waiting to hear what he has to say.