Footnote Reveals That The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess

from the well,-that's-interesting dept

We already discussed the many issues with the DOJ’s motion to compel Apple to create a backdoor to let them brute force the passcode on Syed Farook’s iPhone. However, eagle-eyed Chris Soghoian caught something especially interesting in a footnote. Footnote 7, on page 18 details four possible ways that Apple and the FBI had previously discussed accessing the content on the device without having to undermine the basic security system of the iPhone, and one of them only failed because Farook’s employers reset the password after the attacks, in an attempt to get into the device.

The key line:

… to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this cases because neither the owner nor the government knew the password to the iCloud account and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).

The “owner” of course, being the San Bernardino Health Department, who employed Farook and gave him the phone. Basically, what this is saying is that if the password hadn’t been reset, it would have been possible to try to connect the phone to a “trusted” network, and force an automatic backup to iCloud — which (as has been previously noted) was available to the FBI. But by “changing” the password, apparently that option went away.

In other words, the San Bernardino Health Dept may have been the ones who really mucked things up for the FBI. But, of course, to be honest, the FBI is probably kind of happy about that. At this point, very few people honestly believe that there’s anything of much value on that phone. But this situation allows the FBI to present the most sympathetic case it probably can to try to force backdoors onto tech companies.

Filed Under: , , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Footnote Reveals That The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess”

Subscribe: RSS Leave a comment
33 Comments
Anonymous Coward says:

Passwords are not Backdoors

I still don’t see where Apple is being asked or forced to create a backdoor. Apple is being asked pull the data from an iphone in a manner at their discretion.

Tim’s hissy fit is just disingenuous. He/she is obvious a marketing person and not a technical queen.

Here is the order. https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

Anonymous Coward says:

Re: Passwords are not Backdoors

Pull the data by creating a custom version of their iOS (or firmware, but let’s call it FBiOS for the purposes of discussion) and somehow ensure it only works on one phone. That’s not discretion. It was spelled out precisely what the FBI wanted. Of course, the FBI says it would only have to work on one phone, but once they subpoena the source code for that FBiOS (yes I stole that from an article linked here the other day) version, and you can be certain they will, it would be trivial to work around any limitations that were implemented to keep it to that specific phone, iOS version, or model (depending on how Apple would have done it). Apparently, the federal government they can compel any private business to do anything, and Apple would have no choice but to comply.

While there have been discussions regarding which phones would be ‘safe’ (e.g. 5s and above due to the Secure Enclave technology), another “writ of do wtf i tell you” could be issued for any version at any time.

As to the “changing the password”, unless they’re very specific about what password they changed (iCloud, domain password, etc) it is hard to say what effect that would have had. We don’t believe, based on the information provided, that the San Bernardino Department Health Department use Mobile Device Management (MDM) software, otherwise they could have changed the iPhone passcode remotely and we wouldn’t be having this conversation. I’m also willing to wager that “a few hours after the attack” some hotshot investigator instructed the IT folks at SBDH to change the iTunes password.

Anonymous Anonymous Coward says:

Creative Self Imolation with an Altruistic End Game

So, instead of hiring some CI’s and writing a scenario for them pass on to some inept wannabe’s then arresting those inept wannabe’s for the crime the FBI prompted to be committed, the FBI arranged to shoot themselves in the foot in order to have an excuse to backdoor encryption?

Why again doesn’t Hollywood employ these guy’s. They are a lot more creative than the dorks that are currently writing for them.

Anonymous Coward says:

now this is what cook needs to be putting out there. that there were ways into the phone that apple provided but that the fbi or other investigators screwed them by being ignorant and developing an entirely custom operation system is absolutely ridiculous when the tools were there the government was just to stupid to use them. I feel like this would resonate a lot better with the avg person. I would also mention the cost to the taxpayers would be in the tens of millions of dollars due to the govt screw up. and that you would thing with the billions that are going to cyber warfare and terrorism that they should have known better.

That Anonymous Coward (profile) says:

Re: The health department probably did the right thing

But that is a decision the FBI should have made, not Skippy from IT who decided on his own to be helpful.

They could have secured the phone to prevent a remote wipe or even gotten an court order asking Apple to lock the account associated with the phone preventing remote wipes.

What I found shocking was that San Bernardino has software that they install on SOME phones owned by the county that lets them unlock the phone. But that policy isn’t for all county owned phones, which seems stupid to have a very useful tool that isn’t deployed on all of the assets.

http://www.msn.com/en-us/news/technology/common-mobile-software-could-have-opened-san-bernardino-shooters-iphone/

Anonymous Coward says:

Re: The health department probably did the right thing

If a conspirator knew the account password they could have remote wiped the phone

Good – because they’d have the location of the co-conspirator via how the wipe was preformed.

If the “bad guys” had enough op-sec to destroy passwords and other phones, why would the work phone been used where the employer had the right to inspect?

Anonymous Coward says:

Mcafee offered to crack the encryption free of charge to the government. Saying that he has a hacker team that is the envy of any group. Funny how the government doesn’t want to take him up on that isn’t it?

http://www.cnbc.com/2016/02/19/john-mcafee-fbi-should-let-me-hack-iphone.html

No opening this phone isn’t the real objective. The real objective is to gain a tool that can be used on any iPhone. Otherwise they would have taken Mcafee up on that.

Since Congress is not willing to pass a bill requiring backdoors into encryption this whole dog and pony show is about one thing and one thing only. Getting a new tool, that Apple is to give them free of charge, which could be used on any encrypted iPhone. This is the sneaky way to get what you want when you can’t get a law passed.

Um Guys says:

The FBI Instructed the County to Change the Password

…to set up this whole situation?

http://www.theguardian.com/technology/2016/feb/20/san-bernadino-county-fbi-gunman-apple-account

he San Bernardino County government on Friday night said the FBI told its staff to tamper with the Apple account of Syed Farook, who with his wife, Tashfeen Malik, carried out the December shooting in which 14 people were killed.

Anon says:

So...

So going postal is now a terrorist incident? If this guy were really an actual terrorist, he would have shot up somewhere more public and intimidating than… where they work.

Do they have ANY clue that there is any communication of relevance there? A major fishing expedition which will involve millions of dollars (plus what’s already been spent) and yield nothing.

Coyne Tibbets (profile) says:

Re: So...

All Muslims are terrorists.
All terrorists are Muslim.
All violent acts committed by Muslims are terror attacks, regardless of victim count.
All violent attacks by non-Muslims are ordinary crimes, regardless of victim count.

Our rulers created these rules to properly define the enemy we’re supposed to be fighting. Bottom line: The enemy is Muslims and no one else. George Orwell demonstrated this type of thought control in 1984.

This case is a perfect example: it appears to be an ordinary (if any can be called that) workplace attack. But it is positively a terrorist act simply because a Muslim was involved. Just ask our rulers.

Coyne Tibbets (profile) says:

Say what again?

Syed Farook’s iPhone password was reset by the iPhones owner, which is San Bernardino Health Department.

Say what? When my employer resets my password, they have to communicate the new password to me, or it has to be some dummy default.

1) If they were able to do this then why can’t the government just get the eMail that has the new password? It must have been passed by some channel other than the device; you can’t sign on to your device if the new password is on the device.

2) If the transmitted password can’t be retrieved, then why can’t San Bernardino Health Department simply reset it again?

The longer this “episode” runs, the more clear it becomes that this is just an excuse to force Apple to develop a backdoor. Which, of course, the government will keep and use anytime it wishes.

Anonymous Coward says:

Re: Say what again?

There’s two different things here: the password to his cloud account, which the employer can (and did) reset, and the passcode to the phone itself, which they cannot. By resetting the password on the cloud account, they were able to get the information that the phone had previously backed up a month and a half before the shooting, but they stopped the phone from being able to make a new backup with the current contents of the phone.

Anonymous Coward says:

This has nothing to do with syed and more to give themselves yet another ability

We are nothing but sheep, cattle, there to work on behalf, to be monitored, to be fucking conditioned………the politicians work for the government, not the people

Its fucking archaic, the world has changed, but we have not, who decided that being ruled is a natural human state, oh thats right, questionable folks of the past, with questionable folks of the present carrying the batton

The more things change, the more things stay the same

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...