Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sorry, but how does this confirm that? It sounds to me as though someone screwed up by changing the password rather than it being intentionally changed so they could request that Apple build an iOS with a backdoor.


Maybe the FBI should concentrate their efforts on finding that someone and asking them what the password is.


That won't help. The problem is that the phone is signed in with the old password, and so it can't do automatic backups. If they had turned the phone on near a wifi network before changing the password, it would have auto-backed-up and they'd be able to get at whatever was on it through the iCloud backup.

Since they can't get into the phone, they now can't do that even if they know what the password is (which they probably do).


I would assume they have found that person. It's curious that anyone took it upon themselves to initiate the password reset without authority, but I'd bet they have simply forgotten what they changed it to.


If that's the case, it sounds like the FBI are being very careless with evidence and passwords to suspects' phones, even in very high profile cases.

If they can't keep passwords secure, they aren't going to be able to keep this backdoored iOS version secure either.


No no no, you don't understand it from the FBI's perspective: they NEED back-door access to all iPhones BECAUSE they are very careless with evidence and passwords all the time.


That's essentially Apple's concern, isn't it? That they will want to increasingly rely on this version of iOS, and eventually accidentally compromise Apple's security model?


Well, I assume Apple have multiple concerns - one is that the cops will leak the backdoor. But even if you could backdoor iOS in a way that couldn't leak, I think Apple would still oppose it.

Apple see this as the thin end of a wedge, establishing the principle that the feds can force Apple to put backdoors in iOS and Apple can't say no. The thick end of the wedge will have much wider scope and much less oversight.


> It's curious that anyone took it upon themselves to initiate the password reset without authority

The phone is critical evidence, according to the FBI and the legal actions around this phone. If the phone's password was changed after the crime without authority the person who did this would have been charged with tampering with evidence.

> I'd bet they have simply forgotten what they changed it to.

What possible reasoning are you using to conclude that a government employee changing the password of a phone after it was known the phone was used by a terrorist would have "simply forgotten what they changed it to"?


My assumption about it being forgotten is predicated on the person doing it not having authority.

I'm basing all this on this snippet from the article:

> It was then that they discovered that the Apple ID password associated with the iPhone had been changed. (The FBI claimed earlier Friday that this was done by someone at the San Bernardino Health Department.)


How does one change the password they supposedly do not know and need Apple's assistance to retrieve?


They probably did a reset, and since the phone was owned by the employer, they probably had access to the email and user details required to initiate an iCloud password reset.

Unfortunately resetting the iCloud password disabled automatic iCloud backups when the phone was on a known wifi network.


Hanlon's Razor, eh? Very rational. Would you be interested in purchasing shares in the Golden Gate Bridge?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: