Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple ID linked to terrorist's iPhone 5c changed while device was in government hands, Apple says [ux2]

Last updated

In response to a Department of Justice motion to compel Apple's cooperation in the unlocking of an iPhone 5c used by one of the San Bernardino terrorists, company executives on Friday revealed the Apple ID passcode linked to that device was changed while the handset was in government hands, effectively blocking attempts to retrieve an iCloud backup.

The Apple ID used to sync Syed Rizwan Farook's iPhone 5c with Apple's iCloud was modified less than 24 hours after the device was impounded by the government, BuzzFeed News reports.

Apple says the San Bernardino County Department of Public Health, the phone's owner and Farook's former employer, changed the account passcode. A county representative later told Reuters that FBI agents requested the iCloud password reset.

If the passcode was not changed, FBI officials might have been able to procure a backup of the data it is currently attempting to suss out of the phone itself, the company said. The most recent backup was logged six weeks prior to the San Bernardino attack. It is not known whether Farook intentionally shut off iCloud backups or simply ran out of storage space.

Further, Apple has been conducting "regular" discussions with government entities since early January regarding methods by which data from Farook's iPhone 5c may be recovered. According to the report, Apple proposed four different options for data recovery, none of which involved building a software backdoor into iOS.

Apple first discovered that the passcode had been changed in attempting one of the suggested workarounds. The method, seemingly involving the offloading of a backup to iCloud before recovering it from Apple's servers, leveraged an iPhone convenience feature in which the device automatically connects to a known Wi-Fi network. Apple engineers were unable to complete the process due to the updated Apple ID passcode.

The implications of this new development could damage the government's case. The DOJ on Friday filed a motion to force Apple's compliance in aiding the FBI's data extraction efforts, a task that now requires the creation of a software backdoor.

Apple does comply with valid law enforcement data requests, and has in the past handed over information related to criminal investigations gleaned from its servers. The DOJ itself notes prior cooperation in its Friday motion to compel. The company has not, however, been asked to create a forensics tool that would ostensibly break iOS encryption.

The sticky situation could have been avoided if the associated Apple ID passcode was not changed, Apple says.

Apple says the government opened the door to public scrutiny when it filed its motion to compel. The company proposed the FBI officials keep its requests sealed, but the agency decided to seek a court order demanding Apple's cooperation.

Update: Apple executives confirmed San Bernardino county officials changed the passcode. This article has been updated to reflect the new information.

Update 2: San Bernardino county spokesman David Wert informed Reuters that the iCloud password was reset at the request of FBI officials. While the agency did not offer comment on the matter, Apple contends this reset occurred prior consultation.



115 Comments

rogifan_old 725 comments · 9 Years

So this was the Apple ID password and not the pin code to unlock the phone? I thought I read somewhere that this guy stop backing up to iCloud well in advance of this attack.

volcan 1799 comments · 10 Years

How did they change the Apple ID associated with the phone if the phone was locked?

SpamSandwich 32917 comments · 19 Years

And the truth shall set you "free" (or possibly get you sent to Federal prison)?

Government incompetence is equal to incompetence and sloppiness in the general population. Because people are not angels and government is made of people, giving ANY branch of government too much power results in the brutal use of that power for their own benefit.

fastasleep 6451 comments · 14 Years

"AppleID" and "passcode" used interchangeably. Which is it that was changed?

rogifan_old 725 comments · 9 Years

volcan said:
How did they change the Apple ID associated with the phone if the phone was locked?

appleid.apple.com?