Apple ID linked to terrorist's iPhone 5c changed while device was in government hands, Apple says [
In response to a Department of Justice motion to compel Apple's cooperation in the unlocking of an iPhone 5c used by one of the San Bernardino terrorists, company executives on Friday revealed the Apple ID passcode linked to that device was changed while the handset was in government hands, effectively blocking attempts to retrieve an iCloud backup.
The Apple ID used to sync Syed Rizwan Farook's iPhone 5c with Apple's iCloud was modified less than 24 hours after the device was impounded by the government, BuzzFeed News reports.
Apple says the San Bernardino County Department of Public Health, the phone's owner and Farook's former employer, changed the account passcode. A county representative later told Reuters that FBI agents requested the iCloud password reset.
If the passcode was not changed, FBI officials might have been able to procure a backup of the data it is currently attempting to suss out of the phone itself, the company said. The most recent backup was logged six weeks prior to the San Bernardino attack. It is not known whether Farook intentionally shut off iCloud backups or simply ran out of storage space.
Further, Apple has been conducting "regular" discussions with government entities since early January regarding methods by which data from Farook's iPhone 5c may be recovered. According to the report, Apple proposed four different options for data recovery, none of which involved building a software backdoor into iOS.
Apple first discovered that the passcode had been changed in attempting one of the suggested workarounds. The method, seemingly involving the offloading of a backup to iCloud before recovering it from Apple's servers, leveraged an iPhone convenience feature in which the device automatically connects to a known Wi-Fi network. Apple engineers were unable to complete the process due to the updated Apple ID passcode.
The implications of this new development could damage the government's case. The DOJ on Friday filed a motion to force Apple's compliance in aiding the FBI's data extraction efforts, a task that now requires the creation of a software backdoor.
Apple does comply with valid law enforcement data requests, and has in the past handed over information related to criminal investigations gleaned from its servers. The DOJ itself notes prior cooperation in its Friday motion to compel. The company has not, however, been asked to create a forensics tool that would ostensibly break iOS encryption.
The sticky situation could have been avoided if the associated Apple ID passcode was not changed, Apple says.
Apple says the government opened the door to public scrutiny when it filed its motion to compel. The company proposed the FBI officials keep its requests sealed, but the agency decided to seek a court order demanding Apple's cooperation.
Update: Apple executives confirmed San Bernardino county officials changed the passcode. This article has been updated to reflect the new information.
Update 2: San Bernardino county spokesman David Wert informed Reuters that the iCloud password was reset at the request of FBI officials. While the agency did not offer comment on the matter, Apple contends this reset occurred prior consultation.
The Apple ID used to sync Syed Rizwan Farook's iPhone 5c with Apple's iCloud was modified less than 24 hours after the device was impounded by the government, BuzzFeed News reports.
Apple says the San Bernardino County Department of Public Health, the phone's owner and Farook's former employer, changed the account passcode. A county representative later told Reuters that FBI agents requested the iCloud password reset.
If the passcode was not changed, FBI officials might have been able to procure a backup of the data it is currently attempting to suss out of the phone itself, the company said. The most recent backup was logged six weeks prior to the San Bernardino attack. It is not known whether Farook intentionally shut off iCloud backups or simply ran out of storage space.
Further, Apple has been conducting "regular" discussions with government entities since early January regarding methods by which data from Farook's iPhone 5c may be recovered. According to the report, Apple proposed four different options for data recovery, none of which involved building a software backdoor into iOS.
Apple first discovered that the passcode had been changed in attempting one of the suggested workarounds. The method, seemingly involving the offloading of a backup to iCloud before recovering it from Apple's servers, leveraged an iPhone convenience feature in which the device automatically connects to a known Wi-Fi network. Apple engineers were unable to complete the process due to the updated Apple ID passcode.
The implications of this new development could damage the government's case. The DOJ on Friday filed a motion to force Apple's compliance in aiding the FBI's data extraction efforts, a task that now requires the creation of a software backdoor.
Apple does comply with valid law enforcement data requests, and has in the past handed over information related to criminal investigations gleaned from its servers. The DOJ itself notes prior cooperation in its Friday motion to compel. The company has not, however, been asked to create a forensics tool that would ostensibly break iOS encryption.
The sticky situation could have been avoided if the associated Apple ID passcode was not changed, Apple says.
Apple says the government opened the door to public scrutiny when it filed its motion to compel. The company proposed the FBI officials keep its requests sealed, but the agency decided to seek a court order demanding Apple's cooperation.
Update: Apple executives confirmed San Bernardino county officials changed the passcode. This article has been updated to reflect the new information.
Update 2: San Bernardino county spokesman David Wert informed Reuters that the iCloud password was reset at the request of FBI officials. While the agency did not offer comment on the matter, Apple contends this reset occurred prior consultation.
Comments
Government incompetence is equal to incompetence and sloppiness in the general population. Because people are not angels and government is made of people, giving ANY branch of government too much power results in the brutal use of that power for their own benefit.
The DOJ ebook case against Apple, the way that the Samsung suits have been handled, the monitor that was appointed to monitor Apple and now this iPhone case.
why are Apple using the word passcode instead of password? it's like they are trying to confuse us.
If you have not signed the petition to the White House they need 100,000 signatures by 3/18/16. Here's the link:
https://petitions.whitehouse.gov/petition/apple-privacy-petition
However, that new password would have to be entered into the iPhone (Settings-iCloud) to have that iPhone activate iCloud backup, else it can't connect.
Somebody probably thought they would change the password to get at the data in iCloud, found out the data hadn't been backed up in months (or at all), then learned that they couldn't get the iPhone to start auto backup without entering the new AppleID password in settings, and because they didn't know the original password, could not set it back.
Now they are stuck with an iPhone that can't back up to iCloud and they can't change to the new password because they don't know the 4-digit PASSCODE to access the iPhone. Thus, because the FBI screwed up, they want Apple to create a software hack to bypass the 'Wipe data after 10 wrong passcode attempts' so they can brute force the device; easier to do with only 4 numeric digits, especially when you have to use 4, not 1, 2 or 3.
Once the iPhone passcode is broken, then the FBI can enter the NEW AppleID password to get the phone to sync with iCloud, but then it won't be necessary because they can now simply copy everything to a computer.
In other words, they want Apple to save their butt for doing something they thought was smart, but didn't work, so they try Plan B and Apple balks.