
San Bernardino County tweets it reset attacker iCloud password at FBI's request - randomname2
http://www.sbsun.com/general-news/20160219/san-bernardino-county-tweets-it-reset-terrorists-icloud-password-with-fbi
======
jedberg
I've worked with the FBI and the Secret Service investigating computer crime.

The Secret Service is extremely competent when it comes to computer forensics,
and when they don't know what to do, they don't guess, the consult with
experts.

The FBI is the opposite in every way, mostly because of budget constraints and
the subsequent lack of training. I hope that this is a good learning
opportunity for them and a chance for them to increase their training budget
in this area.

~~~
m3rc
Also hearsay personal experience but a friend of a friend had his house raided
by the FBI and all his computer equipment impounded. When he got it all back
they told him his hard drives were empty or unformatted. He had them all
formatted as ZFS...

~~~
michaelcampbell
I'm unsure as to how to read this; are you saying because they were ZFS, the
FBI couldn't read them and because of their lack of expertise, assumed they
were empty?

Or that they formatted them before returning them?

~~~
xg15
Judging by how Windows, when presented with an unknown FS, acts as if the disk
were unformatted _and_ immediately offers to format it, my guess would be
both...

(And by "unknown" I mean of course "anything that is not FAT* or NTFS"...)

~~~
wantreprenr007
Johnny clubfingers 5-0 clicks Ok, and destroys "evidence" for being a total
idiot... I take it he/she was hungover during that 2 hours of computer
forensics in the academy. For crooks, this is good news; for stopping
potential future victims, this isn't good, and misapplied to
innocent/MPAA/RIAA enforcement, it's destructive and lowers LE credibility.

The moral of the story is for individuals, whom should implictly fear
government overreach no matter whom is in office, one has to back their shit
up and make it SWAT-proof, even if that means running several TahoeLAFS boxes
in countries like Switzerland, because running a server (physical or Linode)
or just replicating data to a friend's server just doesn't cut it and never
did.

------
vermontdevil
Wonder if folks realize this is the work phone not the personal one. The
personal phone was destroyed by the terrorists. I doubt there's anything of
value on the work phone.

But then again obviously FBIs long term goal is to break in all the phones
regardless of the circumstances.

------
randomname2
Also reported by Reuters:
[http://mobile.reuters.com/article/idUSKCN0VS2GC](http://mobile.reuters.com/article/idUSKCN0VS2GC)

Some are saying the password reset requested by the FBI prevented a backup and
closed the "front door" they already had, forcing the Apple backdoor.

The simplest possible explanation for them shutting themselves out has to be
incompetence rather than malice, right?

~~~
sehugg
Wired reports: "...the company’s engineers had first suggested to the
government that it take the phone to the suspect’s apartment to connect it to
the Wi-FI there. But since reporters and members of the public had swarmed
that crime scene shortly after the shootings occurred, it was likely that any
Wi-Fi there had been disconnected" [1]

[1] [http://www.wired.com/2016/02/apple-says-the-government-
bungl...](http://www.wired.com/2016/02/apple-says-the-government-bungled-its-
chance-to-hack-that-iphone/)

~~~
ryao
Am I the only one concerned that an iCloud backup translating into information
disclosure is a major security weakness in Apple's platform?

Also, since Apple remembers old iCloud passwords to prevent reuse for a year,
what stops them from setting it to the original value in their database? Even
if there were information lost in their database when the password changed,
surely they have backups, right?

~~~
GhotiFish
backups I can see being a problem. Though just because you can prevent people
from using duplicate passwords doesn't mean you can reset it to that password.
Just use a hash.

------
mortdeus
You people seriously want me to believe that it was the fbi's incompetence
that led to the gov throwing away their only get in free card for the most
popular American phone used to coordinate the only substantial ISIS affiliated
attack on US soil. Come on now, do you guys seriously think that this was
unintentional?

You don't put rookies on this and I'd seriously be surprised if the NSA wasn't
involved in this matter personally.

The government wants a back door installed into all iPhones period. I mean how
do you expect apple to build a tool that can bypass the same security features
the government is trying to deal with right now without them inadvertently
letting everybody and their mother know that there is some fatal flaw in the
security layer of every modern iphone and/or iTunes.

There's no magic way to fine tune a tool like this and if out spy agencies
don't know this then god help us all. Isis is probably gonna win. _rolls eyes_

I mean jail breaking is one thing. This is vault busting and once people know
there's a bug and where to look they will find it and exploit it.

And apple's only remedy will be to patch the backdoor. Which is obviously what
the gov is trying to prevent apple from being able to do by getting a
precedent established in the courts that wags a finger at Apple saying "ah,
ah, ah you didn't say the magic word"

Please goddamnit!

The gov doesn't want to be Samuel l Jackson anymore. They want to reverse the
roles and this case is the perfect cover. Just like the gov exploited the
bombing on 9/11 to pass the patriot act. This is no different.

------
DrewHintz
Here's the tweet:

"The County was working cooperatively with the FBI when it reset the iCloud
password at the FBI's request."

[https://twitter.com/countywire/status/700887823482630144](https://twitter.com/countywire/status/700887823482630144)

------
cmurf
What's with this stupid 'terrorist's communication device of choice' meme? Oh
wait, it's not a meme because no one but the FBI uses it, it's a propaganda
ploy. Let's test this:

U.S. dollar is the criminal and terrorist currency of choice. We must
therefore, of course, break the dollar.

Ok, fail.

------
doxcf434
I wonder what data the FBI thinks is on the phone that wouldn't be available
via other means such a call logs, email, cell tower pings.

~~~
dangson
iMessages for one. They're encrypted and aren't stored on Apple's servers, but
are easily accessible (no password on the app) once the phone has been
unlocked.

------
obsurveyor
Why would you ever do this with the real device without thoroughly testing the
circumstances with a stand-in first?

From a technical perspective, it seems very simple and easy to replicate
before actually doing it and locking yourself out completely like they seem to
have done.

~~~
johnminter
Yes. The analytical chemist's credo: never test an irreplaceable sample using
an untested procedure. Or as Norm Abrams from This Old House put it, "Measure
twice, cut once." Spares one that embarrassing moment when you say, "I cut it
off twice and its still too short." :)

~~~
tomschlick
Shit they didn't even have to do that. A simple phone call to Apple saying
"Hey if we reset this password how much are we going to fuck everything up?"
would have sufficed.

Straight amateur hour over at the FBI

------
dawnerd
Honest question: If the county reset the password, couldn't they reset it
again and gain access?

~~~
striking
They have access to the iCloud backup, but they want access to the phone's
contents. The backup is more than a month old.

------
sktrdie
Any details on this? How did they reset it if iCloud is using standard
encryption techniques?

~~~
bgentry
The iCloud account was probably owned and managed by the city since it was
their phone.

Also if the iCloud account in question was pointing at the perpetrator's work
email address, the city would have been able to do an email reset.

~~~
jlgaddis
It would also be possible for the County to reset it if they were using any of
the myriad "MDM" applications.

------
nxzero
Oh, shit, FBI is either stupid, or more likely, has the data and playing the
field.

------
ktRolster
The FBI is looking worse and worse here

~~~
drivingmenuts
Hope the judge recognizes the apparent level of incompetence demonstrated by
this case.

That should be enough to get the FBI's request overturned.

But it probably won't be.

~~~
ktRolster

      > Hope the judge recognizes the apparent level of incompetence demonstrated by this case.
    

I don't think competence is particularly relevant to the laws in this case....

------
largote
What kind of work-issued device is not put on an enterprise management policy?
(a.k.a. the employer should be able to unlock it)

~~~
matart
Absolutely, I worked for a small department at a University and we had to use
the management policy to get emails

------
jpgvm
I would like to see Apple implement a new firmware signing scheme that
requires the user to sign the firmware using a key generated on that device
and not backed up that is protected by the passcode etc. Once initialised the
device will only accept updates signed with this key and upstream updates
would be verified against the Apple key before being signed with the local
key.

This would eliminate this vector and not drastically effect the usability of
the device. Though it would also need a way to fully reset the device
including the removal of this signing key in order to bring the device back to
factory settings in the case of loss of the device specific signing key.

------
ryao
If Apple did write the firmware that the FBI wants and then signed it, would
changing the device UUID hard coded into the firmware not invalidate the
signature? Is the concern that there are somehow other signing keys in the
chain of trust that exist outside of Apple that would make it a general
exploit or is the concern that they would be a much lower threshold for
getting this sort of thing? Apple might have a point if it is the latter, but
if it is the former, the security of the iPhone is already compromised.

------
lasdfas
Why can't the FBI just work directly on the phone hard drive (removed the hard
drive from the phone and connect it to another computer)? Why are the going
through IOS operating system?

~~~
skocznymroczny
The hard drive content is encrypted. Assuming there are no backdoors, seems
like the only thing they can try is to make bruteforcing easier.

~~~
darylteo
Should note that John McAfee is offering to "break the encryption" of the data
within 3 weeks of commencement using "social engineering".

His intentions: good. His success probability: unlikely (unless they have
knowledge of how the encryption key is built from the passcode)

Source: [http://www.businessinsider.com/john-mcafee-ill-decrypt-
san-b...](http://www.businessinsider.com/john-mcafee-ill-decrypt-san-
bernardino-phone-for-free-2016-2?IR=T)

~~~
jessaustin
Social engineering?

"Mr. Cook, it's John McAfee on line three, again. He says, quote, 'pretty
pretty please.'"

------
pteredactyl
Your tax dollars at work...

------
awqrre
I don't really understand how a backdoor doesn't already exist if Apple can
reset passwords for encrypted data...

~~~
bogus-
Apple has the encryption keys for data stored on iCloud servers. The FBI wants
a backdoor into the phone itself.

~~~
cmurf
I don't think Apple is in the key escrow business anymore; on OS X they had
such an option, to show the user the DEK and optionally store it. I don't
think the DEK or KEK are backed up at all in iCloud. If you forget your
password, all options I see involve device erasure.

~~~
daxelrod
It's hard to find this information on Apple's website. According to
[https://theintercept.com/2014/09/22/apple-
data/](https://theintercept.com/2014/09/22/apple-data/)

> Apple encrypts your iCloud data in storage, but they encrypt it with their
> own key, not with your passcode key, which means that they are able to
> decrypt it to comply with government requests.

Not sure if things have changed since then.

