San Bernardino County tweets it reset attacker iCloud password at FBI's request

I&#x27;ve worked with the FBI and the Secret Service investigating computer crime.<p>The Secret Service is extremely competent when it comes to computer forensics, and when they don&#x27;t know what to do, they don&#x27;t guess, the consult with experts.<p>The FBI is the opposite in every way, mostly because of budget constraints and the subsequent lack of training. I hope that this is a good learning opportunity for them and a chance for them to increase their training budget in this area.

Wonder if folks realize this is the work phone not the personal one. The personal phone was destroyed by the terrorists. I doubt there&#x27;s anything of value on the work phone.<p>But then again obviously FBIs long term goal is to break in all the phones regardless of the circumstances.

Also reported by Reuters: <a href="http:&#x2F;&#x2F;mobile.reuters.com&#x2F;article&#x2F;idUSKCN0VS2GC" rel="nofollow">http:&#x2F;&#x2F;mobile.reuters.com&#x2F;article&#x2F;idUSKCN0VS2GC</a><p>Some are saying the password reset requested by the FBI prevented a backup and closed the &quot;front door&quot; they already had, forcing the Apple backdoor.<p>The simplest possible explanation for them shutting themselves out has to be incompetence rather than malice, right?

You people seriously want me to believe that it was the fbi&#x27;s incompetence that led to the gov throwing away their only get in free card for the most popular American phone used to coordinate the only substantial ISIS affiliated attack on US soil. Come on now, do you guys seriously think that this was unintentional?<p>You don&#x27;t put rookies on this and I&#x27;d seriously be surprised if the NSA wasn&#x27;t involved in this matter personally.<p>The government wants a back door installed into all iPhones period. I mean how do you expect apple to build a tool that can bypass the same security features the government is trying to deal with right now without them inadvertently letting everybody and their mother know that there is some fatal flaw in the security layer of every modern iphone and&#x2F;or iTunes.<p>There&#x27;s no magic way to fine tune a tool like this and if out spy agencies don&#x27;t know this then god help us all. Isis is probably gonna win. <i>rolls eyes</i><p>I mean jail breaking is one thing. This is vault busting and once people know there&#x27;s a bug and where to look they will find it and exploit it.<p>And apple&#x27;s only remedy will be to patch the backdoor. Which is obviously what the gov is trying to prevent apple from being able to do by getting a precedent established in the courts that wags a finger at Apple saying &quot;ah, ah, ah you didn&#x27;t say the magic word&quot;<p>Please goddamnit!<p>The gov doesn&#x27;t want to be Samuel l Jackson anymore. They want to reverse the roles and this case is the perfect cover. Just like the gov exploited the bombing on 9&#x2F;11 to pass the patriot act. This is no different.

Here&#x27;s the tweet:<p>&quot;The County was working cooperatively with the FBI when it reset the iCloud password at the FBI&#x27;s request.&quot;<p><a href="https:&#x2F;&#x2F;twitter.com&#x2F;countywire&#x2F;status&#x2F;700887823482630144" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;countywire&#x2F;status&#x2F;700887823482630144</a>

What&#x27;s with this stupid &#x27;terrorist&#x27;s communication device of choice&#x27; meme? Oh wait, it&#x27;s not a meme because no one but the FBI uses it, it&#x27;s a propaganda ploy. Let&#x27;s test this:<p>U.S. dollar is the criminal and terrorist currency of choice. We must therefore, of course, break the dollar.<p>Ok, fail.

I wonder what data the FBI thinks is on the phone that wouldn&#x27;t be available via other means such a call logs, email, cell tower pings.

Why would you ever do this with the real device without thoroughly testing the circumstances with a stand-in first?<p>From a technical perspective, it seems very simple and easy to replicate before actually doing it and locking yourself out completely like they seem to have done.

Honest question: If the county reset the password, couldn&#x27;t they reset it again and gain access?

Any details on this? How did they reset it if iCloud is using standard encryption techniques?

Oh, shit, FBI is either stupid, or more likely, has the data and playing the field.

The FBI is looking worse and worse here

What kind of work-issued device is not put on an enterprise management policy? (a.k.a. the employer should be able to unlock it)

I would like to see Apple implement a new firmware signing scheme that requires the user to sign the firmware using a key generated on that device and not backed up that is protected by the passcode etc. Once initialised the device will only accept updates signed with this key and upstream updates would be verified against the Apple key before being signed with the local key.<p>This would eliminate this vector and not drastically effect the usability of the device. Though it would also need a way to fully reset the device including the removal of this signing key in order to bring the device back to factory settings in the case of loss of the device specific signing key.

If Apple did write the firmware that the FBI wants and then signed it, would changing the device UUID hard coded into the firmware not invalidate the signature? Is the concern that there are somehow other signing keys in the chain of trust that exist outside of Apple that would make it a general exploit or is the concern that they would be a much lower threshold for getting this sort of thing? Apple might have a point if it is the latter, but if it is the former, the security of the iPhone is already compromised.

Why can&#x27;t the FBI just work directly on the phone hard drive (removed the hard drive from the phone and connect it to another computer)? Why are the going through IOS operating system?

Your tax dollars at work...

I don&#x27;t really understand how a backdoor doesn&#x27;t already exist if Apple can reset passwords for encrypted data...