Apple Worked with FBI to Access Terrorists’s iPhone Since Early January

| Analysis

iPhone with an FBI WatcherApple offered the FBI four different options for recovering data on the iPhone 5c used by Syed Rizwan Farook, one of the terrorists involved in an attack in San Bernardino, CA, in December. None of those methods involved Apple creating a backdoor into iOS as ordered by a federal court this week, and at least one of those methods might have been thwarted because a San Bernardino Health Department employee changed the password on the iTunes account tied to the iPhone.

According to Buzzfeed, unnamed Apple executives said the company had been working with the FBI since "early January" to access data on the device. One of the methods proposed involved allowing the device to auto-connect to a trusted Wi-Fi network, where Apple hoped the device would auto-backup to iCloud. Apple would then be able to copy the data on iCloud for controlled retrieval.

It was the process of attempting this method that revealed the password on the iTunes account had been changed some 24 hours after the device was seized by the government. It had been changed by a San Bernardino Health Department IT employee who was trying to access information in iCloud—the San Bernardino Health Department owns the device and the account in question, and was not operating with instructions from the FBI.

Because the password had been changed on iCloud, but not entered into the iPhone in the FBI's custody, connecting to the known Wi-Fi network didn't result in the device performing an automatic backup as hoped. That may not have happened anyway, however, as the last known iCloud backup—which had already been given to the FBI—was performed on on October 19th. It's possible Syed Farook turned off that feature.

While Apple worked with the FBI to access the device, the company is pushing back on this week's court order because it believes that order is unprecedented. Apple claims no company has ever been asked to create a new version of an operating system for the purpose of collecting data on a device.

In a document filed by the DOJ asking a court to compel Apple to comply with the order (Politico published the full document), DOJ attorneys argued that creating a new version of the operating system is no big deal because Apple does it all the time. Apple technically has until February 26th to comply with the order, and the court has not ruled on the DOJ's preemptive complaint.

Apple is also arguing that creating this version of iOS would be the equivalent of creating a master key that could be used to open any iPhone, putting iPhone users everywhere at risk. The company also noted that no other government—which included authoritarian regimes such as China by definition—have asked Apple to do this.

Lastly, thought the DOJ has asserted that Apple said it could build this software, Apple executives deny having done so, as reported by CNBC:

This fight has evolved fast and furiously, and isn't over by a long shot.

Image made with help from Shutterstock.

Comments

vpndev

This fight has almost nothing to do with getting evidence from this iPhone. The two shooters are dead and the evidence is that they were not part of a cell, or knew about cells in the U.S. or elsewhere. Nor were part of a foreign group, although they did express support for one.

No - this is all about forcing to build backdoors into devices. The Guardian (UK paper) has an excellent view on it here
http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple

Lee Dronick

What I am thinking is that iOS needs an Administrator password as well as a User password. Not different accounts just a feature that allows two passwords. For private owners there would only be one password, but for business supplied iPhones there would be two. The User password can not change the Admin password, but an Admin can change the User’s and the Admin can unlock the iPhone.

Scott B in DC

“It was the process of attempting this method that revealed the password on the iTunes account had been changed some 24 hours after the device was seized by the government. It had been changed by a San Bernardino Health Department IT employee who was trying to access information in iCloud—the San Bernardino Health Department owns the device and the account in question, and was not operating with instructions from the FBI.”

And why don’t we hear about the FBI going after the dude for tampering with evidence, obstruction of justice, or anything else that prevented them FBI from getting the information before he screwed them over?!

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account