Footnote Reveals That The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess
from the well,-that's-interesting dept
We already discussed the many issues with the DOJ’s motion to compel Apple to create a backdoor to let them brute force the passcode on Syed Farook’s iPhone. However, eagle-eyed Chris Soghoian caught something especially interesting in a footnote. Footnote 7, on page 18 details four possible ways that Apple and the FBI had previously discussed accessing the content on the device without having to undermine the basic security system of the iPhone, and one of them only failed because Farook’s employers reset the password after the attacks, in an attempt to get into the device.
… to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this cases because neither the owner nor the government knew the password to the iCloud account and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).
The “owner” of course, being the San Bernardino Health Department, who employed Farook and gave him the phone. Basically, what this is saying is that if the password hadn’t been reset, it would have been possible to try to connect the phone to a “trusted” network, and force an automatic backup to iCloud — which (as has been previously noted) was available to the FBI. But by “changing” the password, apparently that option went away.
In other words, the San Bernardino Health Dept may have been the ones who really mucked things up for the FBI. But, of course, to be honest, the FBI is probably kind of happy about that. At this point, very few people honestly believe that there’s anything of much value on that phone. But this situation allows the FBI to present the most sympathetic case it probably can to try to force backdoors onto tech companies.
Filed Under: doj, encryption, fbi, password, reset, san bernardino, san bernardino health department, syed farook
Companies: apple
Comments on “Footnote Reveals That The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess”
Passwords are not Backdoors
I still don’t see where Apple is being asked or forced to create a backdoor. Apple is being asked pull the data from an iphone in a manner at their discretion.
Tim’s hissy fit is just disingenuous. He/she is obvious a marketing person and not a technical queen.
Here is the order. https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf
Re: Passwords are not Backdoors
Queen really? I suppose you’re going to claim that your totally not a bigot and that wasn’t directed at him being gay?
Re: Re: Passwords are not Backdoors
Inb4 hurr you said your instead of you’re
Re: Re: Passwords are not Backdoors
I’m confused, I thought I was the token gay…
Have I been replaced?!
Re: Re: Re: Passwords are not Backdoors
https://www.youtube.com/watch?v=KrlzaBNgz-M
Re: Passwords are not Backdoors
Pull the data by creating a custom version of their iOS (or firmware, but let’s call it FBiOS for the purposes of discussion) and somehow ensure it only works on one phone. That’s not discretion. It was spelled out precisely what the FBI wanted. Of course, the FBI says it would only have to work on one phone, but once they subpoena the source code for that FBiOS (yes I stole that from an article linked here the other day) version, and you can be certain they will, it would be trivial to work around any limitations that were implemented to keep it to that specific phone, iOS version, or model (depending on how Apple would have done it). Apparently, the federal government they can compel any private business to do anything, and Apple would have no choice but to comply.
While there have been discussions regarding which phones would be ‘safe’ (e.g. 5s and above due to the Secure Enclave technology), another “writ of do wtf i tell you” could be issued for any version at any time.
As to the “changing the password”, unless they’re very specific about what password they changed (iCloud, domain password, etc) it is hard to say what effect that would have had. We don’t believe, based on the information provided, that the San Bernardino Department Health Department use Mobile Device Management (MDM) software, otherwise they could have changed the iPhone passcode remotely and we wouldn’t be having this conversation. I’m also willing to wager that “a few hours after the attack” some hotshot investigator instructed the IT folks at SBDH to change the iTunes password.
Re: Passwords are not Backdoors
I still don’t see where Apple is being asked or forced to create a backdoor. Apple is being asked pull the data from an iphone in a manner at their discretion.
That is not the case. We covered the order and laid out what it specifies: https://www.techdirt.com/articles/20160216/17393733617/no-judge-did-not-just-order-apple-to-break-encryption-san-bernardino-shooters-iphone-to-create-new-backdoor.shtml
It absolutely does not say they need to pull data at their discretion. It says they need to disable two specific security features by building a new operating system — and then to enable another features. At no point is Apple actually asked to retrieve anything from the phone. Rather, once they remove those security features, then the FBI will step in and brute force the passcode.
So not sure what you read but you’re wrong.
Re: Re: Passwords are not Backdoors
Mike,
There is both an order compelling and a motion seeking. Both were filed on Feb. 16, 2016. I was referencing the order compelling. See page 3 line 3. The FBI says Apple can use any technology at their discretion if they can give the FBI the data on the phone. Apple did give the FBI the data on the icloud servers and recommended the FBI attempt to force a backup of the device. (see motion seeking; footnote 7)As we know from the media stories, the backup glitched. I just don’t see any story here except Tim Cook throwing a hissy fit in a blog about how he doesn’t wish to help in an investigation his company has already helped in.
SB-Shooter-Order-Compelling file: https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf
SB-shooter-MOTION-seeking file:http://www.wired.com/wp-content/uploads/2016/02/SB-shooter-MOTION-seeking-asst-iPhone.pdf
It should be noted the first file has [proposed] struck out. But it does have the court clerk’s stamp.
Re: Re: Re: Passwords are not Backdoors
I just don’t see any story here except Tim Cook throwing a hissy fit in a blog about how he doesn’t wish to help in an investigation his company has already helped in.
This again?
As has been pointed out time and time and time again, there’s a significant difference between providing unencrypted data from a device versus creating a modified version of the OS to undermine key security features and allowing the FBI to attempt to brute-force the password.
One Apple can do with ease and without affecting their security as it requires something that they already have, the other takes a lot more work, provides a bypass for the security on the devices they sell, and opens up a huge can of worms by allowing a precedent to be set that companies can be forced to bypass their own security, effectively creating a ‘golden key’ requirement without a single law being passed.
Re: Passwords are not Backdoors
Nice try San Bernardino Health Dept IT person.
Re: Re: Passwords are not Backdoors
You misspelled “FBI terrorist”.
Re: Re: Re: Passwords are not Backdoors
You got it backwards. It should be “terrorist FBI” .
Your Honor we caused a giant clusterfuck, now force Apple to clean up after our inability to secure evidence properly.
Creative Self Imolation with an Altruistic End Game
So, instead of hiring some CI’s and writing a scenario for them pass on to some inept wannabe’s then arresting those inept wannabe’s for the crime the FBI prompted to be committed, the FBI arranged to shoot themselves in the foot in order to have an excuse to backdoor encryption?
Why again doesn’t Hollywood employ these guy’s. They are a lot more creative than the dorks that are currently writing for them.
I’m surprised there’s no court order compelling the resurrection of Farook and the un-destruction of the phones he destroyed. But, court order.
Re: Re:
For all we know his corpse could be at a black site being force fed through a tube while being forced to listen to a Megadeth/Taylor Swift/Justin Beiber/Kanye West mashup between waterboardings where they ask him for the passcode and what he did with his computer’s harddrive.
now this is what cook needs to be putting out there. that there were ways into the phone that apple provided but that the fbi or other investigators screwed them by being ignorant and developing an entirely custom operation system is absolutely ridiculous when the tools were there the government was just to stupid to use them. I feel like this would resonate a lot better with the avg person. I would also mention the cost to the taxpayers would be in the tens of millions of dollars due to the govt screw up. and that you would thing with the billions that are going to cyber warfare and terrorism that they should have known better.
The health department probably did the right thing
If a conspirator knew the account password they could have remote wiped the phone, so changing the iCloud password wasn’t necesarily the wrong thing to do.
Re: The health department probably did the right thing
But that is a decision the FBI should have made, not Skippy from IT who decided on his own to be helpful.
They could have secured the phone to prevent a remote wipe or even gotten an court order asking Apple to lock the account associated with the phone preventing remote wipes.
What I found shocking was that San Bernardino has software that they install on SOME phones owned by the county that lets them unlock the phone. But that policy isn’t for all county owned phones, which seems stupid to have a very useful tool that isn’t deployed on all of the assets.
http://www.msn.com/en-us/news/technology/common-mobile-software-could-have-opened-san-bernardino-shooters-iphone/
Re: The health department probably did the right thing
If a conspirator knew the account password they could have remote wiped the phone, so changing the iCloud password wasn’t necesarily the wrong thing to do.
Turning the phone off would prevent that, would it not?
Re: Re: The health department probably did the right thing
Turn off an iPhone?
Re: The health department probably did the right thing
If a conspirator knew the account password they could have remote wiped the phone
Good – because they’d have the location of the co-conspirator via how the wipe was preformed.
If the “bad guys” had enough op-sec to destroy passwords and other phones, why would the work phone been used where the employer had the right to inspect?
Maybe they should retract that statement about Apple’s objection being solely for marketing and make it a mea culpa for their incompetence and getting an order of preservation to prevent password change etc. If nothing else it would be more accurate.
Even if there were an auto-backup, you couldn’t be certain that all relevant data were contained therein. FBI would still need to conduct forensic analysis on the phone’s direct contents.
Regarding iCloud, it’s trivial to change Apple’s backend to allow the phone to authenticate successfully.
How suprising..
that Techdirt has so many Apple coders as readers..
I code in my own linux, and it’s sorta like OSX but I have no Idea what it all entails
He had a buddy in IT?
This series of events raises the question about the IT person. Was this person a friend? And did they change the password, which should be known, deliberately?
Mcafee offered to crack the encryption free of charge to the government. Saying that he has a hacker team that is the envy of any group. Funny how the government doesn’t want to take him up on that isn’t it?
http://www.cnbc.com/2016/02/19/john-mcafee-fbi-should-let-me-hack-iphone.html
No opening this phone isn’t the real objective. The real objective is to gain a tool that can be used on any iPhone. Otherwise they would have taken Mcafee up on that.
Since Congress is not willing to pass a bill requiring backdoors into encryption this whole dog and pony show is about one thing and one thing only. Getting a new tool, that Apple is to give them free of charge, which could be used on any encrypted iPhone. This is the sneaky way to get what you want when you can’t get a law passed.
The FBI Instructed the County to Change the Password
…to set up this whole situation?
http://www.theguardian.com/technology/2016/feb/20/san-bernadino-county-fbi-gunman-apple-account
he San Bernardino County government on Friday night said the FBI told its staff to tamper with the Apple account of Syed Farook, who with his wife, Tashfeen Malik, carried out the December shooting in which 14 people were killed.
So...
So going postal is now a terrorist incident? If this guy were really an actual terrorist, he would have shot up somewhere more public and intimidating than… where they work.
Do they have ANY clue that there is any communication of relevance there? A major fishing expedition which will involve millions of dollars (plus what’s already been spent) and yield nothing.
Re: So...
All Muslims are terrorists.
All terrorists are Muslim.
All violent acts committed by Muslims are terror attacks, regardless of victim count.
All violent attacks by non-Muslims are ordinary crimes, regardless of victim count.
Our rulers created these rules to properly define the enemy we’re supposed to be fighting. Bottom line: The enemy is Muslims and no one else. George Orwell demonstrated this type of thought control in 1984.
This case is a perfect example: it appears to be an ordinary (if any can be called that) workplace attack. But it is positively a terrorist act simply because a Muslim was involved. Just ask our rulers.
Say what again?
Syed Farook’s iPhone password was reset by the iPhones owner, which is San Bernardino Health Department.
Say what? When my employer resets my password, they have to communicate the new password to me, or it has to be some dummy default.
1) If they were able to do this then why can’t the government just get the eMail that has the new password? It must have been passed by some channel other than the device; you can’t sign on to your device if the new password is on the device.
2) If the transmitted password can’t be retrieved, then why can’t San Bernardino Health Department simply reset it again?
The longer this “episode” runs, the more clear it becomes that this is just an excuse to force Apple to develop a backdoor. Which, of course, the government will keep and use anytime it wishes.
Re: Say what again?
There’s two different things here: the password to his cloud account, which the employer can (and did) reset, and the passcode to the phone itself, which they cannot. By resetting the password on the cloud account, they were able to get the information that the phone had previously backed up a month and a half before the shooting, but they stopped the phone from being able to make a new backup with the current contents of the phone.
This has nothing to do with syed and more to give themselves yet another ability
We are nothing but sheep, cattle, there to work on behalf, to be monitored, to be fucking conditioned………the politicians work for the government, not the people
Its fucking archaic, the world has changed, but we have not, who decided that being ruled is a natural human state, oh thats right, questionable folks of the past, with questionable folks of the present carrying the batton
The more things change, the more things stay the same