FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable
Yes, the Federal Bureau of Investigation (FBI) has been screwed up and
left with no option to retrieve data from iPhone that belonged to San
Bernardino shooter Syed Farook.
Apple has finally responded to the Department of Justice (DoJ) court
filing that attempts to force Apple to comply with an FBI request to
help the feds unlock Farook's iPhone, but Apple refused to do so.
According to Apple, the company had been helping feds with the
investigation since early January to provide a way to access Farook's
iPhone, but the problem is that the feds approached the company after
attempting a 'blunder' themselves.
Here's How the FBI Screwed itself
On October 19, 2015, Roughly six weeks before the San Bernardino
terrorist attacks, Syed Farook made a last full iCloud backup of his
iPhone 5C, which Apple had already provided to the FBI under a court
order.
Now the FBI is looking for the data on Farook's phone stored between
October 19, 2015, and the date of the attacks on December 12, which has
not been yet synced with Farook's iCloud account.
When the FBI approached Apple to help them brute force the passcode
without losing data, Apple suggested the feds an alternative way, i.e.,
Connect Farook's iPhone to the Internet by taking it to a known Wi-Fi
range. This way his phone would have automatically backup device data
with his iCloud Account.
But the Twist lies here:
Just after the terrorist attacks, an unnamed San Bernardino police
official 'Reset the Apple ID Passcode' associated with Farook's iPhone
5C "less than 24 hours after the government took possession of the device" in an attempt to access the data.
Here's the blunder:
By default, resetting the Apple ID password essentially creates an
entirely new device ID on an iCloud account that will not automatically
sync device data online, until the user manually configures the newly
generated Apple ID password within the device settings.
Unfortunately, Farook's iPhone is already LOCKED, and Apple has already refused to provide a backdoor to bypass the device passcode.
So, the authorities are now left with no chance to pull off the data
from iCloud even if they take the device to the known Wi-Fi range.
Here's what a senior Apple executive who requested anonymity told BuzzFeed:
The Apple ID passcode linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible…
The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.
The statement came just hours after the DoJ criticized Apple's response to the court order.
Possible Alternative Ways to Recover Data
But, there could still be some way out to get the data the FBI needed.
One way could be if it is possible for Apple to simply restore the
changes made to Farook's iCloud account.
This way the feds could search for known WiFi and get the data
automatically synced to the associated iCloud account, unless or until
Farook had not turned OFF auto-backup purposely.
Another possible way to recover the data without unlocking the device could be forcefully pushing (if and only if
it is possible to install an update without user interaction) an iOS
software update to the target device with an additional inbuilt
application that will simply auto-backup every file on the system to a
third party server
0 comments:
Post a Comment