San Bernardino Shooter's iCloud Password Changed While iPhone was in Government Possession
If it hadn't been changed, backup info might have been accessible, Apple says.
-- The password for the San Bernardino shooter's iCloud account associated with his iPhone was reset hours after authorities took possession of the device.
The Justice Department acknowledged in its court filing that the password of Syed Farook's iCloud account had been reset. The filing states, "the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup."
Apple could have recovered information from the iPhone had the iCloud password not been reset, the company said. If the phone was taken to a location where it recognized the Wi-Fi network, such as the San Bernardino shooters' home, it could have been backed up to the cloud, Apple suggested.
The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.
Apple executives say the iPhone was in the possession of the government when iCloud password was reset. A federal official familiar with the investigation confirmed that federal investigators were indeed in possession of the phone when the reset occurred.
Missing the opportunity for a backup was crucial because some of the information stored on the phone would have been backed up to the iCloud and could have potentially been retrieved. According to court records, the iPhone had not been backed up since Oct. 19, 2015, one-and-a-half months before the attack and that this “indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence.”
The development comes as the Justice Department is pushing forward with its legal fight against Apple, urging a federal judge to compel the tech giant to help the FBI crack open an iPhone left behind by Farook.
Farook, who along with his wife, Tashfeen Malik, launched a deadly assault on Dec. 2, 2015, killing 14 of Farook's coworkers at a holiday party.
The Justice Department has asked Apple to turn off the feature that erases an iPhone's data after 10 failed attempts to unlock the device so that investigators can run all possible combinations to break the four-digit passcode on Farook's phone. A federal judge ordered Apple to help the FBI but the company has said it plans to fight the order.
Prosecutors said Farook's device could be encrypted to the point that its content would be "permanently inaccessible," and, "Apple has the exclusive technical means which would assist the government in completing its search."
After the court order, Apple quickly vowed to challenge the decision.
"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers," Apple CEO Tim Cook said in a statement to customers Tuesday night. "[T]his order ... has implications far beyond the legal case at hand."
"The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on [the shooter's] iPhone," Cook added. "In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone’s physical possession."
In addition, all of the personal and sensitive information on customers' phones "needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission," Cook wrote.
If the battle between the FBI and Apple continues, it's a matter that could work its way up to the U.S. Supreme Court.