This story is over 5 years old.


FBI Approved Hack That Complicated Access to San Bernardino Shooter's iPhone Data

Resetting the phone's iCloud password potentially blocked an alternate way for authorities to access the data on the phone without Apple’s help.
Photo by Erik S. Lesser/EPA

There's a new wrinkle in the fight between Apple and the FBI over unlocking an iPhone that belonged to a gunman in the San Bernardino mass shooting.

On Friday, a Twitter account associated with San Bernardino County said that the county worked with the FBI to reset the phone's iCloud password. That contradicts a previous claim by the bureau that the county acted alone to reset the password, a move that complicated efforts to access data on the phone.


The FBI has taken Apple to court to compel the company to unlock the iPhone, which is protected by a four-digit code and could be set to erase itself if more than 10 incorrect password guesses are made. Apple says it can't help the FBI unlock the phone without creating a special tool, and that doing so would set a dangerous precedent. Resetting the iCloud password was important because it potentially blocked an alternate way for authorities to access the data on the phone without Apple's help.

Related: Everything We Know About Apple vs the FBI

Syed Farook and his wife killed 14 people and wounded 22 others in a shooting last December that authorities have said was inspired by the Islamic State. Police seized Farook's electronic devices during the ensuing investigation, including his iPhone, which technically belonged to his employer, San Bernardino County.

In theory, it could have been possible for investigators to get around the iPhone's passcode protection by having the phone backup its data remotely to the iCloud, which can happen automatically if the phone connects to one of its default WiFi networks. But if someone changes the iCloud password, the auto-backup feature can be disabled as a security precaution. Apple has already provided the FBI with Farook's iCloud data, but the last backup occurred on October 19, six weeks before the shooting.

The Department of Justice said in recent court filing that the auto-backup method of recovering the phone's data was not possible "because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup." The "owner" referenced in that passage is San Bernardino County.


Related: The Fight Between Apple and the FBI Could Shape the Future of Digital Privacy

But in a tweet posted on Friday, San Bernardino County said it did not act unilaterally in resetting the iCloud password. "The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request," it said.

The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request.

— CountyWire (@CountyWire)February 20, 2016

On Sunday, San Bernardino County also tweeted a link to an ABC News story, which included an FBI statement that refuted previous remarks from an unnamed federal official who on Friday blamed the iCloud password reset on a "county information technology employee." The official had said the employee "executed the reset without being asked to do so by federal authorities."

The FBI statement said that it seized the phone on December 3, a day after the shooting, and that the "logical next step was to obtain access to iCloud backups for the phone in order to obtain evidence related to the investigation in the days following the attack."

The FBI admitted that it worked with county technicians to reset the iCloud password on December 6, which seemingly contradicted the DOJ court filing that said the phone's "owner" was responsible for the botched iCloud hack. Regardless, the FBI maintained that the iCloud hack was irrelevant to its efforts to get Apple to unlock the phone because it's possible that not all of the data would have been backed up.


Related: Why the FBI's Order to Apple Is So Technically Clever

"Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance as required by the All Writs Act order, since the iCloud backup does not contain everything on an iPhone," the FBI statement said, referencing a law from 1789 that it cited as the basis for the court order against Apple. "As the government's pleadings state, the government's objective was, and still is, to extract as much evidence as possible from the phone."

Last week, a federal court in Riverside, California granted the FBI's request for a court order to force Apple to help unlock the phone. But in a letter sent to customers on Tuesday, Apple CEO Tim Cook said it planned to fight the court order, which he said "has implications far beyond the legal case at hand."

"Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the US government," Cook wrote. "We are challenging the FBI's demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications."

Follow Atoosa Moinzadeh on Twitter: @amoinzadeh