Ask Mr. Religion
☞☞☞☞Presbyterian (PCA) 	
Gold Subscriber
LIFETIME MEMBER
Hall of Fame
More news emerging on the matter:
http://www.buzzfeed.com/johnpaczkow...sscode-changed-in-government-cust#.fdGyXP4j85
It appears that someone connected with the government changed the password associated with the phone within 24 hours after taking possession of the device.
"The Apple executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.
Apple sent trusted engineers to attempt that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed sometime after the terrorist’s death — within 24 hours of the government taking possession of the phone. By changing the password, the government foreclosed its ability to obtain a fresh copy of the most recent device data via this back-up-to-known-wifi method."
Apparently, the organizational owner of the phone that had been issued to the terrorist, San Bernardino Health Department (SBHD), reset the password hoping to gain access to some information. The SBHD also claimed that they were working with the FBI when they made that change.
“The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data,” the agency said in a statement.
The FBI downplayed the effect of the password reset, however, claiming that it “[does] not impact Apple’s ability to assist with the the court order under the All Writs Act,” and adding that “the government’s objective was, and still is, to extract as much evidence as possible from the phone.”
It appears, if the above is factual, that the FBI assumes the phone contains information not available from the iCloud backups and still seeks Apple's assistance to access that data on the device.
Most large companies that provide mobile phones, laptops, etc. to its employees have asset management software installed on these devices that allows the company to control their use, as well as reset them should they be lost or stolen to protect the company's intellectual property and confidential data. Some devices, especially laptops include trust hardware and management hardware that even allows the company to access the device when it is turned off by the user. Even removing the battery from the device cannot defeat this feature. Anti-theft software such as LoJack also have the capability of "phoning home" as soon as the laptop is powered up as well as allowing the user to remotely wipe the personal contents therein. There are also paid and free utilities that even include ability to take a picture of the person powering up the stolen asset using the device's built in camera hardware. Anyone with valued mobile computing assets and content therein should have this sort of software installed on their devices. I recall reading recently how the "Find My Phone" app actually was used to locate a person that had been kidnapped.
Of course, even with these methods, a forensic computer expert can still glean much information from the device that has been wiped by careful analysis of the device's registry hives (<--this is Windows specific; for Macs look for .plist files). The Windows registry hives are usually installed at %SystemRoot%\System32\Config (enter this in a "Run" field and select the option to grant admin access). The Windows hives are named: SAM, SECURITY, SOFTWARE, and SYSTEM. You can see their contents by entering regedit in a "Run" field. Folks that like tweaking their Windows environment (like myself) soon become very adept at using regedit. These hives should be regularly backed up to recover from a catastrophic failure or corruption of the Windows environment. There are lots of free registry backup utilities available, too. I use many of the utilities available from Tweaking.com, such as this. But be careful tweaking your registry. One wrong move and you can quickly "brick" your laptop or desktop.
On another topic, the silence of Apple's competitors about this debacle is not without reason:
http://www.dailydot.com/politics/apple-fbi-iphone-unlocking-encryption-computer-phone-makers-silent/
AMR
http://www.buzzfeed.com/johnpaczkow...sscode-changed-in-government-cust#.fdGyXP4j85
It appears that someone connected with the government changed the password associated with the phone within 24 hours after taking possession of the device.
"The Apple executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.
Apple sent trusted engineers to attempt that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed sometime after the terrorist’s death — within 24 hours of the government taking possession of the phone. By changing the password, the government foreclosed its ability to obtain a fresh copy of the most recent device data via this back-up-to-known-wifi method."
Apparently, the organizational owner of the phone that had been issued to the terrorist, San Bernardino Health Department (SBHD), reset the password hoping to gain access to some information. The SBHD also claimed that they were working with the FBI when they made that change.
“The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data,” the agency said in a statement.
The FBI downplayed the effect of the password reset, however, claiming that it “[does] not impact Apple’s ability to assist with the the court order under the All Writs Act,” and adding that “the government’s objective was, and still is, to extract as much evidence as possible from the phone.”
It appears, if the above is factual, that the FBI assumes the phone contains information not available from the iCloud backups and still seeks Apple's assistance to access that data on the device.
Most large companies that provide mobile phones, laptops, etc. to its employees have asset management software installed on these devices that allows the company to control their use, as well as reset them should they be lost or stolen to protect the company's intellectual property and confidential data. Some devices, especially laptops include trust hardware and management hardware that even allows the company to access the device when it is turned off by the user. Even removing the battery from the device cannot defeat this feature. Anti-theft software such as LoJack also have the capability of "phoning home" as soon as the laptop is powered up as well as allowing the user to remotely wipe the personal contents therein. There are also paid and free utilities that even include ability to take a picture of the person powering up the stolen asset using the device's built in camera hardware. Anyone with valued mobile computing assets and content therein should have this sort of software installed on their devices. I recall reading recently how the "Find My Phone" app actually was used to locate a person that had been kidnapped.
Of course, even with these methods, a forensic computer expert can still glean much information from the device that has been wiped by careful analysis of the device's registry hives (<--this is Windows specific; for Macs look for .plist files). The Windows registry hives are usually installed at %SystemRoot%\System32\Config (enter this in a "Run" field and select the option to grant admin access). The Windows hives are named: SAM, SECURITY, SOFTWARE, and SYSTEM. You can see their contents by entering regedit in a "Run" field. Folks that like tweaking their Windows environment (like myself) soon become very adept at using regedit. These hives should be regularly backed up to recover from a catastrophic failure or corruption of the Windows environment. There are lots of free registry backup utilities available, too. I use many of the utilities available from Tweaking.com, such as this. But be careful tweaking your registry. One wrong move and you can quickly "brick" your laptop or desktop.
On another topic, the silence of Apple's competitors about this debacle is not without reason:
http://www.dailydot.com/politics/apple-fbi-iphone-unlocking-encryption-computer-phone-makers-silent/
AMR
Last edited:
