Apple says terrorist's iCloud password was changed remotely while iPhone was in government's posession

Resetting the password prevented the iPhone from doing an iCloud auto-backup, according to anonymous Apple execs.

In the latest development, Apple is claiming that the government inadvertently jeopardized the FBI’s investigation into the San Bernardino terrorist attack.

Senior Apple execs told reporters on Friday that the iCloud password linked to Syed Rizwan Farook’s iPhone 5c was changed less than 24 hours after federal investigators took possession of the phone. ABC News confirmed that the password was changed remotely by an IT employee of San Bernardino County, the terrorist’s former employer. If the password had remained the same, Apple claims, it might have been possible to access a backup of the iPhone stored in iCloud.

In lieu of this information being available, the FBI sought a court order asking Apple to create a “backdoor” via a weaker version of iOS that bypasses security protocol to access the iPhone 5c. 

Earlier on Friday, the U.S. Department of Justice filed a motion compelling Apple to comply with the court order. Apple has until February 26 to respond, but this week Apple CEO Tim Cook posted a letter saying that the company was planning to challenge it. 

The DOJ’s filing actually mentioned how San Bernardino County accidentally changed the suspect's iCloud password remotely. That’s why Apple decided to bring it up in an anonymous call with reporters.

During the call, Apple executives also said that the company had been cooperating with the FBI since January, and that the iPhone maker had proposed different ways to access the device without a backdoor. One of the ways was to try to do an auto-backup of the iPhone to iCloud. That attempt proved unfruitful, however, because the iCloud password had been changed.

From the DOJ filing, as pointed out by Gizmodo:

“ attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).”

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags AppleiPhone 5C

More about AppleDepartment of JusticeDOJFBINews

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Oscar Raymundo

Latest Videos

More videos

Blog Posts