Footnote Reveals That The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess

from the well,-that's-interesting dept

We already discussed the many issues with the DOJ's motion to compel Apple to create a backdoor to let them brute force the passcode on Syed Farook's iPhone. However, eagle-eyed Chris Soghoian caught something especially interesting in a footnote. Footnote 7, on page 18 details four possible ways that Apple and the FBI had previously discussed accessing the content on the device without having to undermine the basic security system of the iPhone, and one of them only failed because Farook's employers reset the password after the attacks, in an attempt to get into the device.
The key line:
... to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this cases because neither the owner nor the government knew the password to the iCloud account and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).
The "owner" of course, being the San Bernardino Health Department, who employed Farook and gave him the phone. Basically, what this is saying is that if the password hadn't been reset, it would have been possible to try to connect the phone to a "trusted" network, and force an automatic backup to iCloud -- which (as has been previously noted) was available to the FBI. But by "changing" the password, apparently that option went away.

In other words, the San Bernardino Health Dept may have been the ones who really mucked things up for the FBI. But, of course, to be honest, the FBI is probably kind of happy about that. At this point, very few people honestly believe that there's anything of much value on that phone. But this situation allows the FBI to present the most sympathetic case it probably can to try to force backdoors onto tech companies.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, encryption, fbi, password, reset, san bernardino, san bernardino health department, syed farook
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 19 Feb 2016 @ 6:32pm

    Passwords are not Backdoors

    I still don't see where Apple is being asked or forced to create a backdoor. Apple is being asked pull the data from an iphone in a manner at their discretion.

    Tim's hissy fit is just disingenuous. He/she is obvious a marketing person and not a technical queen.

    Here is the order. https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 6:51pm

      Re: Passwords are not Backdoors

      Queen really? I suppose you're going to claim that your totally not a bigot and that wasn't directed at him being gay?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 7:45pm

      Re: Passwords are not Backdoors

      Pull the data by creating a custom version of their iOS (or firmware, but let's call it FBiOS for the purposes of discussion) and somehow ensure it only works on one phone. That's not discretion. It was spelled out precisely what the FBI wanted. Of course, the FBI says it would only have to work on one phone, but once they subpoena the source code for that FBiOS (yes I stole that from an article linked here the other day) version, and you can be certain they will, it would be trivial to work around any limitations that were implemented to keep it to that specific phone, iOS version, or model (depending on how Apple would have done it). Apparently, the federal government they can compel any private business to do anything, and Apple would have no choice but to comply.

      While there have been discussions regarding which phones would be 'safe' (e.g. 5s and above due to the Secure Enclave technology), another "writ of do wtf i tell you" could be issued for any version at any time.

      As to the "changing the password", unless they're very specific about what password they changed (iCloud, domain password, etc) it is hard to say what effect that would have had. We don't believe, based on the information provided, that the San Bernardino Department Health Department use Mobile Device Management (MDM) software, otherwise they could have changed the iPhone passcode remotely and we wouldn't be having this conversation. I'm also willing to wager that "a few hours after the attack" some hotshot investigator instructed the IT folks at SBDH to change the iTunes password.

      link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 19 Feb 2016 @ 9:56pm

      Re: Passwords are not Backdoors

      I still don't see where Apple is being asked or forced to create a backdoor. Apple is being asked pull the data from an iphone in a manner at their discretion.

      That is not the case. We covered the order and laid out what it specifies: https://www.techdirt.com/articles/20160216/17393733617/no-judge-did-not-just-order-apple-to-break-en cryption-san-bernardino-shooters-iphone-to-create-new-backdoor.shtml

      It absolutely does not say they need to pull data at their discretion. It says they need to disable two specific security features by building a new operating system -- and then to enable another features. At no point is Apple actually asked to retrieve anything from the phone. Rather, once they remove those security features, then the FBI will step in and brute force the passcode.

      So not sure what you read but you're wrong.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Feb 2016 @ 10:03pm

        Re: Re: Passwords are not Backdoors

        Mike,
        There is both an order compelling and a motion seeking. Both were filed on Feb. 16, 2016. I was referencing the order compelling. See page 3 line 3. The FBI says Apple can use any technology at their discretion if they can give the FBI the data on the phone. Apple did give the FBI the data on the icloud servers and recommended the FBI attempt to force a backup of the device. (see motion seeking; footnote 7)As we know from the media stories, the backup glitched. I just don't see any story here except Tim Cook throwing a hissy fit in a blog about how he doesn't wish to help in an investigation his company has already helped in.

        SB-Shooter-Order-Compelling file: https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

        SB-shooter-MOTION-seeking file:http://www.wired.com/wp-content/uploads/2016/02/SB-shooter-MOTION-seeking-asst-iPhone.pdf

        It should be noted the first file has [proposed] struck out. But it does have the court clerk's stamp.

        link to this | view in chronology ]

        • icon
          That One Guy (profile), 21 Feb 2016 @ 11:31pm

          Re: Re: Re: Passwords are not Backdoors

          I just don't see any story here except Tim Cook throwing a hissy fit in a blog about how he doesn't wish to help in an investigation his company has already helped in.

          This again?

          As has been pointed out time and time and time again, there's a significant difference between providing unencrypted data from a device versus creating a modified version of the OS to undermine key security features and allowing the FBI to attempt to brute-force the password.

          One Apple can do with ease and without affecting their security as it requires something that they already have, the other takes a lot more work, provides a bypass for the security on the devices they sell, and opens up a huge can of worms by allowing a precedent to be set that companies can be forced to bypass their own security, effectively creating a 'golden key' requirement without a single law being passed.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Feb 2016 @ 6:57am

      Re: Passwords are not Backdoors

      Nice try San Bernardino Health Dept IT person.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 19 Feb 2016 @ 6:37pm

    Your Honor we caused a giant clusterfuck, now force Apple to clean up after our inability to secure evidence properly.

    link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 19 Feb 2016 @ 6:43pm

    Creative Self Imolation with an Altruistic End Game

    So, instead of hiring some CI's and writing a scenario for them pass on to some inept wannabe's then arresting those inept wannabe's for the crime the FBI prompted to be committed, the FBI arranged to shoot themselves in the foot in order to have an excuse to backdoor encryption?

    Why again doesn't Hollywood employ these guy's. They are a lot more creative than the dorks that are currently writing for them.

    link to this | view in chronology ]

  • identicon
    Mark Wing, 19 Feb 2016 @ 6:54pm

    I'm surprised there's no court order compelling the resurrection of Farook and the un-destruction of the phones he destroyed. But, court order.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 7:48pm

      Re:

      For all we know his corpse could be at a black site being force fed through a tube while being forced to listen to a Megadeth/Taylor Swift/Justin Beiber/Kanye West mashup between waterboardings where they ask him for the passcode and what he did with his computer's harddrive.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 8:59pm

    now this is what cook needs to be putting out there. that there were ways into the phone that apple provided but that the fbi or other investigators screwed them by being ignorant and developing an entirely custom operation system is absolutely ridiculous when the tools were there the government was just to stupid to use them. I feel like this would resonate a lot better with the avg person. I would also mention the cost to the taxpayers would be in the tens of millions of dollars due to the govt screw up. and that you would thing with the billions that are going to cyber warfare and terrorism that they should have known better.

    link to this | view in chronology ]

  • identicon
    Scote, 19 Feb 2016 @ 9:02pm

    The health department probably did the right thing

    If a conspirator knew the account password they could have remote wiped the phone, so changing the iCloud password wasn't necesarily the wrong thing to do.

    link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 20 Feb 2016 @ 2:51am

      Re: The health department probably did the right thing

      But that is a decision the FBI should have made, not Skippy from IT who decided on his own to be helpful.

      They could have secured the phone to prevent a remote wipe or even gotten an court order asking Apple to lock the account associated with the phone preventing remote wipes.

      What I found shocking was that San Bernardino has software that they install on SOME phones owned by the county that lets them unlock the phone. But that policy isn't for all county owned phones, which seems stupid to have a very useful tool that isn't deployed on all of the assets.

      www.msn.com/en-us/news/technology/common-mobile-software-could-have-opened-san-bernardino-sho oters-iphone/

      link to this | view in chronology ]

    • icon
      nasch (profile), 20 Feb 2016 @ 7:32am

      Re: The health department probably did the right thing

      If a conspirator knew the account password they could have remote wiped the phone, so changing the iCloud password wasn't necesarily the wrong thing to do.

      Turning the phone off would prevent that, would it not?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Feb 2016 @ 7:39am

        Re: Re: The health department probably did the right thing

        Turn off an iPhone?

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Feb 2016 @ 8:37am

      Re: The health department probably did the right thing

      If a conspirator knew the account password they could have remote wiped the phone

      Good - because they'd have the location of the co-conspirator via how the wipe was preformed.

      If the "bad guys" had enough op-sec to destroy passwords and other phones, why would the work phone been used where the employer had the right to inspect?

      link to this | view in chronology ]

  • identicon
    Patrick, 20 Feb 2016 @ 1:07am

    Maybe they should retract that statement about Apple's objection being solely for marketing and make it a mea culpa for their incompetence and getting an order of preservation to prevent password change etc. If nothing else it would be more accurate.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Feb 2016 @ 4:45am

    Even if there were an auto-backup, you couldn't be certain that all relevant data were contained therein. FBI would still need to conduct forensic analysis on the phone's direct contents.

    Regarding iCloud, it's trivial to change Apple's backend to allow the phone to authenticate successfully.

    link to this | view in chronology ]

  • identicon
    Digitari, 20 Feb 2016 @ 6:01am

    How suprising..

    that Techdirt has so many Apple coders as readers..

    I code in my own linux, and it's sorta like OSX but I have no Idea what it all entails

    link to this | view in chronology ]

  • icon
    madasahatter (profile), 20 Feb 2016 @ 7:43am

    He had a buddy in IT?

    This series of events raises the question about the IT person. Was this person a friend? And did they change the password, which should be known, deliberately?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Feb 2016 @ 8:51am

    Mcafee offered to crack the encryption free of charge to the government. Saying that he has a hacker team that is the envy of any group. Funny how the government doesn't want to take him up on that isn't it?

    http://www.cnbc.com/2016/02/19/john-mcafee-fbi-should-let-me-hack-iphone.html

    No opening this phone isn't the real objective. The real objective is to gain a tool that can be used on any iPhone. Otherwise they would have taken Mcafee up on that.

    Since Congress is not willing to pass a bill requiring backdoors into encryption this whole dog and pony show is about one thing and one thing only. Getting a new tool, that Apple is to give them free of charge, which could be used on any encrypted iPhone. This is the sneaky way to get what you want when you can't get a law passed.

    link to this | view in chronology ]

  • identicon
    Um Guys, 20 Feb 2016 @ 3:35pm

    The FBI Instructed the County to Change the Password

    ...to set up this whole situation?

    http://www.theguardian.com/technology/2016/feb/20/san-bernadino-county-fbi-gunman-apple-ac count

    he San Bernardino County government on Friday night said the FBI told its staff to tamper with the Apple account of Syed Farook, who with his wife, Tashfeen Malik, carried out the December shooting in which 14 people were killed.

    link to this | view in chronology ]

  • identicon
    Anon, 20 Feb 2016 @ 8:26pm

    So...

    So going postal is now a terrorist incident? If this guy were really an actual terrorist, he would have shot up somewhere more public and intimidating than... where they work.

    Do they have ANY clue that there is any communication of relevance there? A major fishing expedition which will involve millions of dollars (plus what's already been spent) and yield nothing.

    link to this | view in chronology ]

    • icon
      Coyne Tibbets (profile), 21 Feb 2016 @ 2:58am

      Re: So...

      All Muslims are terrorists.
      All terrorists are Muslim.
      All violent acts committed by Muslims are terror attacks, regardless of victim count.
      All violent attacks by non-Muslims are ordinary crimes, regardless of victim count.

      Our rulers created these rules to properly define the enemy we're supposed to be fighting. Bottom line: The enemy is Muslims and no one else. George Orwell demonstrated this type of thought control in 1984.

      This case is a perfect example: it appears to be an ordinary (if any can be called that) workplace attack. But it is positively a terrorist act simply because a Muslim was involved. Just ask our rulers.

      link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 21 Feb 2016 @ 2:33am

    Say what again?

    Syed Farook's iPhone password was reset by the iPhones owner, which is San Bernardino Health Department.

    Say what? When my employer resets my password, they have to communicate the new password to me, or it has to be some dummy default.

    1) If they were able to do this then why can't the government just get the eMail that has the new password? It must have been passed by some channel other than the device; you can't sign on to your device if the new password is on the device.

    2) If the transmitted password can't be retrieved, then why can't San Bernardino Health Department simply reset it again?

    The longer this "episode" runs, the more clear it becomes that this is just an excuse to force Apple to develop a backdoor. Which, of course, the government will keep and use anytime it wishes.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Feb 2016 @ 11:56am

      Re: Say what again?

      There's two different things here: the password to his cloud account, which the employer can (and did) reset, and the passcode to the phone itself, which they cannot. By resetting the password on the cloud account, they were able to get the information that the phone had previously backed up a month and a half before the shooting, but they stopped the phone from being able to make a new backup with the current contents of the phone.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Feb 2016 @ 2:57am

    This has nothing to do with syed and more to give themselves yet another ability

    We are nothing but sheep, cattle, there to work on behalf, to be monitored, to be fucking conditioned.........the politicians work for the government, not the people

    Its fucking archaic, the world has changed, but we have not, who decided that being ruled is a natural human state, oh thats right, questionable folks of the past, with questionable folks of the present carrying the batton

    The more things change, the more things stay the same

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.