Apple says terrorist's iCloud password was changed remotely while iPhone was in government's posession

iphone apple fbi passcode

Resetting the password prevented the iPhone from doing an iCloud auto-backup, according to anonymous Apple execs.


In the latest development, Apple is claiming that the government inadvertently jeopardized the FBI’s investigation into the San Bernardino terrorist attack.

[ Related: Why Apple is right to fight FBI over iPhone access ]

Senior Apple execs told reporters on Friday that the iCloud password linked to Syed Rizwan Farook’s iPhone 5c was changed less than 24 hours after federal investigators took possession of the phone. ABC News confirmed that the password was changed remotely by an IT employee of San Bernardino County, the terrorist’s former employer. If the password had remained the same, Apple claims, it might have been possible to access a backup of the iPhone stored in iCloud.

In lieu of this information being available, the FBI sought a court order asking Apple to create a “backdoor” via a weaker version of iOS that bypasses security protocol to access the iPhone 5c. 

Earlier on Friday, the U.S. Department of Justice filed a motion compelling Apple to comply with the court order. Apple has until February 26 to respond, but this week Apple CEO Tim Cook posted a letter saying that the company was planning to challenge it. 

The DOJ’s filing actually mentioned how San Bernardino County accidentally changed the suspect's iCloud password remotely. That’s why Apple decided to bring it up in an anonymous call with reporters.

During the call, Apple executives also said that the company had been cooperating with the FBI since January, and that the iPhone maker had proposed different ways to access the device without a backdoor. One of the ways was to try to do an auto-backup of the iPhone to iCloud. That attempt proved unfruitful, however, because the iCloud password had been changed.

From the DOJ filing, as pointed out by Gizmodo:

“ attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).”

This story, "Apple says terrorist's iCloud password was changed remotely while iPhone was in government's posession" was originally published by Macworld.

Drexel and announce Analytics 50 award winners
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies