FBI Confirms It Screwed Up And Reset Shooter’s iCloud Password

[Megalith]

I find it difficult to believe that not a single person involved in the investigation knew how iOS works. I am not an LEO, but I am pretty sure you are trained to think things through before handling valuable evidence, no?

That kicked off a round of finger pointing from Apple executives, the FBI, and San Bernardino County officials over who reset the iCloud password. In a statement issued in the wee hours of Sunday morning, the FBI confirmed it was working with San Bernardino County officials when the password was reset. Apple executives said Friday that if the FBI hadn't changed the iCloud password, it wouldn't need to create a back door to the iPhone. It sounds like the FBI screwed this whole process up.

 

[cyclone3d]

So what is the problem? If they already knew the security questions in order to be able to reset the password, why are they not able to just restore the iCloud backup to a new phone?

And what at all does that have to do with the phone lock pin? The iCloud password has nothing to do with that as far as I am aware.

Seems to me that the FBI has no idea what they are even trying to do.

And if they need call logs/texts/whatever, can't they just have the cell provider give it to them?

 

[Ocellaris]

So what is the problem? If they already knew the security questions in order to be able to reset the password, why are they not able to just restore the iCloud backup to a new phone?

And what at all does that have to do with the phone lock pin? The iCloud password has nothing to do with that as far as I am aware.

Seems to me that the FBI has no idea what they are even trying to do.

And if they need call logs/texts/whatever, can't they just have the cell provider give it to them?

The phone has a PIN code to unlock it. This is separate from the iCloud password that is tied to the user account. The FBI wants the most recent information on the phone which had not been backed up to iCloud in a while. Since they don't have the PIN, they can't get to the data on the phone.

 

[d33g4n]

freebies to lessen the blow of not unlocking other things?

 

[ShamisOMally]

The phone has a PIN code to unlock it. This is separate from the iCloud password that is tied to the user account. The FBI wants the most recent information on the phone which had not been backed up to iCloud in a while. Since they don't have the PIN, they can't get to the data on the phone.

Wrong, FBI wants the master hardware keys to access all apple products, which means not only could they unlock the guys phone and every other iPhone 5c out there, but every apple product in existence.

This is literally the same crap Lavabit went through over the Snowden fiasco, where Lavabit openly said they'd give the FBI Snowden, the reporters and everyone else they needed to look at emails, instead the FBI wanted the SSL master key so they could access, download and run the entire server, thus making Lavabits encrypted email service which is legal to do a total waste of time and PPL could just use hotmail like everyone else is forced to for free.

And who wants to pay $10+ a month for an email system that is just as secure as hotmail/gmail is?

Apple has mega leeway into this case however because the same gag order letter that the FBI issued against Lavabit they are not allowed to use anymore because it was deemed unconstitutional, so the FBI is kicking its heels and crying like the child they are because they are not getting their way and have to *GASP* obey the law.

They think because its an actual company they can go after they can pressure Apple to do what they want, in reality they are crap out of luck and are at the same crossroads they have with encrypted hard drives/files where they also can't legally force you to unencrypt.

And if the judge orders that apple has to hand over the codes, the judge is basically saying that all encrypted things such as other email services, password locked files, encrypted hard drives etc have to be unlocked if the FBI says so, which flies completely in the face of the constitution.

Its the same crap with Alain Philippon right now, they demanded he give up his cell phone password when not only was he a canadian citizen coming back into canada, there is literally no laws on the books where if you come into canada you must provide passwords to all encrypted files/devices you have.

And they charged him anyways cause he made them look like fricken fools, and their excuse was "Well you're EXPECTED to relinquish your rights when crossing the border"

Government security forces over-extending their authority is nothing new, and they'll get shut down like every other time they have been.

 

[RealBeast]

The fascists are gaining ground in "our" government.

Sadly, the Bill of Rights is under assault and nobody seems to care. How about the candidates for POTUS clearly state their position on this critical issue? Highly unlikely though considering that they are all part of the system.

Although I did not vote for the current Prez, I certainly expected more from him on privacy and protecting the individual, he really dropped the ball on that one.

 

[sfsuphysics]

Wrong, FBI wants the master hardware keys to access all apple products, which means not only could they unlock the guys phone and every other iPhone 5c out there, but every apple product in existence.

Yes but to be fair, so does the NSA, CIA and well pretty much any LEA in the world wants that. That said, the judge's court order did not grant them that.

 

[Met-AL]

Wrong, FBI wants the master hardware keys to access all apple products, which means not only could they unlock the guys phone and every other iPhone 5c out there, but every apple product in existence.

That is not true.

The FBI wants Apple to remove the 10 try limit on this one phone so they can brute force guess the pin to unlock it.

Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California ordered Apple to provide assistance, including by providing signed software if required, to help the FBI try different passcodes on a locked iPhone 5c running iOS 9, without triggering off the auto-erasure feature in the phone after 10 failed attempts.

White House says FBI isn't asking Apple for an iPhone back door

 

[Skripka]

That is not true.

The FBI wants Apple to remove the 10 try limit on this one phone so they can brute force guess the pin to unlock it.


White House says FBI isn't asking Apple for an iPhone back door

Because these things are never found out or abused by others. We get to choose between less security...or even less security.

This kind of crap gets found. And it gets abused. I cite Greece, I cite Google...there are examples. You make it possible on even one phone and it leaks.

 

[Ocellaris]

For Apple to remove the limit, they need to produce custom iOS firmware that allows for unlimited retries from USB or wireless connections with no time delay between attempts, and this will only work on that one iPhone 5C (per government request). However once Apple gives this up, the precedent will be set and they will get constant requests from the government for "custom" firmware to unlock every damn iOS device associated with crimes.

 

[Skripka]

For Apple to remove the limit, they need to produce custom iOS firmware that allows for unlimited retries from USB or wireless connections with no time delay between attempts, and this will only work on that one iPhone 5C (per government request). How once Apple gives this up, the precedent will be set and they will get constant requests from the government for "custom" firmware to unlock every damn iOS device associated with crimes.

Yup...because the retry timeout and limit properties are 100% unique to ONE iPhone 5C handset and not endemic to all iOS devices. That is precisely the kind of code feature that once you have it working you reuse the code elsewhere.

 

[USMCGrunt]

Yup...because the retry timeout and limit properties are 100% unique to ONE iPhone 5C handset and not endemic to all iOS devices. That is precisely the kind of code feature that once you have it working you reuse the code elsewhere.

It can be if the phone is targeted by its MAC address, a universally unique code burned into the hardware.

I think if we could get legislation passed allowing these kinds of one off customizations only for evidence gathering for a terror crime ALREADY committed, it would be an adequate compromise for all parties. Apple isn't handing any agency the keys to all devices and the government is focused to a very narrow set of requirements (must be a terror crime, must have ALREADY been committed).

 

[DocSavage]

It can be if the phone is targeted by its MAC address, a universally unique code burned into the hardware.

I think if we could get legislation passed allowing these kinds of one off customizations only for evidence gathering for a terror crime ALREADY committed, it would be an adequate compromise for all parties. Apple isn't handing any agency the keys to all devices and the government is focused to a very narrow set of requirements (must be a terror crime, must have ALREADY been committed).

What about newer phones that can't be attacked like this 5c was? Do you think Apple needs to actually put weaknesses into their phones to facilitate these "one-off" cracks?

 

[Sikkyu]

if the fbi has the resources, which i'm sure they do. Why can't they just mirror the phone and setup a brute force method in a virtual environment? a 4 digit pin would be cracked within hours.

Hell, there is a consumer verson that is $250 or so.

How to brute-force break a 4-digit iPhone password in 111 hours or less

serisouly fbi? ever google anything or what.

 

[scojer]

How convenient of them. Next thing you know we'll read a headline that they straight up erased the phone. Are we even sure they have THE phone?

 

[Skripka]

It can be if the phone is targeted by its MAC address, a universally unique code burned into the hardware.

I think if we could get legislation passed allowing these kinds of one off customizations only for evidence gathering for a terror crime ALREADY committed, it would be an adequate compromise for all parties. Apple isn't handing any agency the keys to all devices and the government is focused to a very narrow set of requirements (must be a terror crime, must have ALREADY been committed).

The problem...

I think we can ALL agree such narrow legislation will never pass as narrow usage as that. It will be used and abused in short order.

 

[lcpiper]

Ok, I got 2 minutes into that article and it's just complete horseshit. the writer is so far off it's ridiculous. I can tell that this writer is completely ignorant when it comes to the intelligence Services.

 

[lcpiper]

Wrong, FBI wants the master hardware keys to access all apple products, which means not only could they unlock the guys phone and every other iPhone 5c out there, but every apple product in existence.

This is literally the same crap Lavabit went through over the Snowden fiasco, where Lavabit openly said they'd give the FBI Snowden, the reporters and everyone else they needed to look at emails, instead the FBI wanted the SSL master key so they could access, download and run the entire server, thus making Lavabits encrypted email service which is legal to do a total waste of time and PPL could just use hotmail like everyone else is forced to for free.

And who wants to pay $10+ a month for an email system that is just as secure as hotmail/gmail is?

Apple has mega leeway into this case however because the same gag order letter that the FBI issued against Lavabit they are not allowed to use anymore because it was deemed unconstitutional, so the FBI is kicking its heels and crying like the child they are because they are not getting their way and have to *GASP* obey the law.

They think because its an actual company they can go after they can pressure Apple to do what they want, in reality they are crap out of luck and are at the same crossroads they have with encrypted hard drives/files where they also can't legally force you to unencrypt.

And if the judge orders that apple has to hand over the codes, the judge is basically saying that all encrypted things such as other email services, password locked files, encrypted hard drives etc have to be unlocked if the FBI says so, which flies completely in the face of the constitution.

Its the same crap with Alain Philippon right now, they demanded he give up his cell phone password when not only was he a canadian citizen coming back into canada, there is literally no laws on the books where if you come into canada you must provide passwords to all encrypted files/devices you have.

And they charged him anyways cause he made them look like fricken fools, and their excuse was "Well you're EXPECTED to relinquish your rights when crossing the border"

Government security forces over-extending their authority is nothing new, and they'll get shut down like every other time they have been.

They may have asked for such a thing in another case, but not in this case Shamis. As for your predictions of the outcome, mine are very different.

 

[lcpiper]

Yes but to be fair, so does the NSA, CIA and well pretty much any LEA in the world wants that. That said, the judge's court order did not grant them that.

I have to wonder why your post sounds like you are lumping the NSA and CIA into the category of law enforcement agencies when they are not, they are Intelligence Services and don't do law Enforcement.


Maybe you were just saying everyone wants the keys.

 

[lcpiper]

Because these things are never found out or abused by others. We get to choose between less security...or even less security.

This kind of crap gets found. And it gets abused. I cite Greece, I cite Google...there are examples. You make it possible on even one phone and it leaks.

Skripka, hacking the one phone only effects the one phone and claiming otherwise is foolish. Claiming the eothod will get leaked is foolish cause only Apple has the ability to do it in their Lab. So unless the hackers are going to infiltrate Apple's Labs, it ain't happening.

 

[lcpiper]

For Apple to remove the limit, they need to produce custom iOS firmware that allows for unlimited retries from USB or wireless connections with no time delay between attempts, and this will only work on that one iPhone 5C (per government request). However once Apple gives this up, the precedent will be set and they will get constant requests from the government for "custom" firmware to unlock every damn iOS device associated with crimes.

There is no precedent, Apple has done this in the past and in fact, the government used the same All Writs Act to justify this in the past.

 

[lcpiper]

Yup...because the retry timeout and limit properties are 100% unique to ONE iPhone 5C handset and not endemic to all iOS devices. That is precisely the kind of code feature that once you have it working you reuse the code elsewhere.

Yes, you're correct. This should be a one time thing. In fact, it's possible that the code has already been written, it isn't a huge thing to write.

We'll see what Apple says soon enough. The court granted Apple more time to come up with their reply to the government demand to hack the phone's lockout attempt setting. Initially the government had just asked Apple to extract the data, Apple refused. Now they want the phone hacked and then turned over to the FBI. Apple isn't getting ahead in this case, they're digging themselves into a hole.

 

[lcpiper]

What about newer phones that can't be attacked like this 5c was? Do you think Apple needs to actually put weaknesses into their phones to facilitate these "one-off" cracks?

You do know that MAC addresses are not actually unique right? There are many many duplicates out there, just not enough that it's likely that two of the same will be on the same network, it's rare, but it happens.

 

[lcpiper]

What about newer phones that can't be attacked like this 5c was? Do you think Apple needs to actually put weaknesses into their phones to facilitate these "one-off" cracks?

I think the entire concept that Apple can't get into their new knows is bullshit. Look, even the new phones get software updates as pushes from either Apple or the Vendors. That's what will always make the phones vulnerable, because Apple can push whatever they want. Hell, what Apple should probably do is create a custom iOS version that isn't even written for a user, instead it's written to do one thing only, turn the phone into nothing more then a big thumb drive. Then they just push the OS update, it roots, and it dumps all it's data. Then they just hand the data over and brick the damn phone. At that point all Apple will ever have to worry about is if the subpoena or warrant is proper.

 

[USMCGrunt]

You do know that MAC addresses are not actually unique right? There are many many duplicates out there, just not enough that it's likely that two of the same will be on the same network, it's rare, but it happens.

I think you meant to quote me instead. There might be duplicates out there when you take the whole range of Apple's networked products but not cellphones. I won't claim to know how cell phone networks operate but if they're using TCP/IP frames, the layer 2 address is going to be the MAC which will have to be unique, otherwise you'll get incorrect routing. Even if I am wrong, the phone has WiFi which has its own MAC that the FBI can easily get and hand off to Apple to have them create a custom iOS that can be deployed over the wifi network targeting the WiFi MAC.

 

[lcpiper]

I think you meant to quote me instead. There might be duplicates out there when you take the whole range of Apple's networked products but not cellphones. I won't claim to know how cell phone networks operate but if they're using TCP/IP frames, the layer 2 address is going to be the MAC which will have to be unique, otherwise you'll get incorrect routing. Even if I am wrong, the phone has WiFi which has its own MAC that the FBI can easily get and hand off to Apple to have them create a custom iOS that can be deployed over the wifi network targeting the WiFi MAC.

You know how to figure out the MAC address issue. Like anything that's addressable, there are a finite number of possible addresses. I'm not sure how many it comes out to, but I think it's very possible that Apple has sold more iphones then possible MAC Addresses exist. Specially when you consider that there is the iPhone, iPhone2, iPhone3, etc ....

And just because I think we are both a little bit off here. I am not so sure that the cell phone part even uses a MAC, I think it's a different type of number, the WiFi would have a MAC.

Here is a pretty decent article on the subject.
Unique Phone ID Numbers Explained

 

[USMCGrunt]

You know how to figure out the MAC address issue. Like anything that's addressable, there are a finite number of possible addresses. I'm not sure how many it comes out to, but I think it's very possible that Apple has sold more iphones then possible MAC Addresses exist. Specially when you consider that there is the iPhone, iPhone2, iPhone3, etc ....

And just because I think we are both a little bit off here. I am not so sure that the cell phone part even uses a MAC, I think it's a different type of number, the WiFi would have a MAC.

Here is a pretty decent article on the subject.
Unique Phone ID Numbers Explained

I'll have a look at that link. As far as the MAC goes, the first 24 bits are reserved for vendor ID while the last 24-bits is NIC specific. A given company can and will have multiple vendor IDs (I've seen this with Dell switches most recently), each NIC specific set has 2^24 addresses which is approx. 16.7 million. The total address space is something like 280 trillion so it's pretty unlikely there will be MAC address overlap of devices any time soon.

Regardless, IF they are routing calls using TCP/IP there WILL be a MAC address used in the frame....it's how the protocol suite works.

 

[Miikun]

I'll have a look at that link. As far as the MAC goes, the first 24 bits are reserved for vendor ID while the last 24-bits is NIC specific. A given company can and will have multiple vendor IDs (I've seen this with Dell switches most recently), each NIC specific set has 2^24 addresses which is approx. 16.7 million. The total address space is something like 280 trillion so it's pretty unlikely there will be MAC address overlap of devices any time soon.

Regardless, IF they are routing calls using TCP/IP there WILL be a MAC address used in the frame....it's how the protocol suite works.

Pretty sure apple uses the Apple UDID for this purpose, it's also used to authorize non-app store applications to run on a standard device, and other device targeted operations.
The problem is if they release a version of ios that targets that phone, they'll have to use a remote update channel. The FBI can take that code, and if they can modify the UDID / resign the message (assuming it checks for a sig) and implement a DNS attack (possibly by applying pressure to a provider rather than something hacky) they could turn around and use this on any device with a lower OS version than that provided by Apple. And if the OS version is in the update channel, they may be able to modify that to install over newer versions of iOS in some cases. This may or may not be the actual update methodology, but when we talk about targeting a device using an update channel this is not atypical. For example if Apple hasn't signed the update message, they would be hesitant to provide this kind of backdoor since it can be leaked. If they felt confident that only they could sign the message (giving them the power to decide when or when not to provide this kind of override) and that all active devices are using this methodology, they may have been less resistant.

 

[USMCGrunt]

Pretty sure apple uses the Apple UDID for this purpose, it's also used to authorize non-app store applications to run on a standard device, and other device targeted operations.
The problem is if they release a version of ios that targets that phone, they'll have to use a remote update channel. The FBI can take that code, and if they can modify the UDID / resign the message (assuming it checks for a sig) and implement a DNS attack (possibly by applying pressure to a provider rather than something hacky) they could turn around and use this on any device with a lower OS version than that provided by Apple. And if the OS version is in the update channel, they may be able to modify that to install over newer versions of iOS in some cases. This may or may not be the actual update methodology, but when we talk about targeting a device using an update channel this is not atypical. For example if Apple hasn't signed the update message, they would be hesitant to provide this kind of backdoor since it can be leaked. If they felt confident that only they could sign the message (giving them the power to decide when or when not to provide this kind of override) and that all active devices are using this methodology, they may have been less resistant.

Pretty confident after doing some light reading that cell phones communicate using the TCP/IP suite which means they have MACs. This is especially reinforced by any network that uses VoLTE...which I think most major operators have moved to. In fact, when I turn off WiFi on my S6 Edge+, the IP address changes from my local network to an ipv6 global unicast address, meaning it's using TCP/IP...not sure why I didn't think to do that earlier...