Apple says terrorist's iCloud password was changed remotely while iPhone was in government's posession

Resetting the password prevented the iPhone from doing an iCloud auto-backup, according to anonymous Apple execs.

iphone apple fbi passcode

In the latest development, Apple is claiming that the government inadvertently jeopardized the FBI’s investigation into the San Bernardino terrorist attack.

Senior Apple execs told reporters on Friday that the iCloud password linked to Syed Rizwan Farook’s iPhone 5c was changed less than 24 hours after federal investigators took possession of the phone. ABC News confirmed that the password was changed remotely by an IT employee of San Bernardino County, the terrorist’s former employer. If the password had remained the same, Apple claims, it might have been possible to access a backup of the iPhone stored in iCloud.

In lieu of this information being available, the FBI sought a court order asking Apple to create a “backdoor” via a weaker version of iOS that bypasses security protocol to access the iPhone 5c. 

Earlier on Friday, the U.S. Department of Justice filed a motion compelling Apple to comply with the court order. Apple has until February 26 to respond, but this week Apple CEO Tim Cook posted a letter saying that the company was planning to challenge it. 

The DOJ’s filing actually mentioned how San Bernardino County accidentally changed the suspect’s iCloud password remotely. That’s why Apple decided to bring it up in an anonymous call with reporters.

Update, February 20, 2016; 10:37am PST: The San Bernardino Sun reports that, according to a tweet posted to San Bernardino County’s official Twitter account, the FBI asked country officials to change the suspect’s iCloud password, and that “the County was working cooperatively with the FBI” at the time. This runs counter to previous reports, which characterized the password change as accidental.

During the call, Apple executives also said that the company had been cooperating with the FBI since January, and that the iPhone maker had proposed different ways to access the device without a backdoor. One of the ways was to try to do an auto-backup of the iPhone to iCloud. That attempt proved unfruitful, however, because the iCloud password had been changed.

From the DOJ filing, as pointed out by Gizmodo:

“ attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup).”

Subscribe to the Best of Macworld Newsletter