Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Terrorist changed iCloud password, disabled auto-backups on his iPhone

Gregg Keizer | March 15, 2016
Government claims 'a forced backup...was never going to be successful,' as it again rebuts Apple's contention that it should have left the device alone.

The government last week revealed new details about the iPhone that is at the center of an increasingly bitter dispute between federal authorities and Apple.

In an affidavit submitted by the Federal Bureau of Investigation (FBI) last week, an agent spelled out the steps his team took to access the content on the iPhone 5C used by Syed Rizwan Farook, who with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif. on Dec. 2, 2015. The two died in a shootout with police later that day.

The government has labeled the attack an act of terrorism, and has acquired a court order requiring Apple to help the FBI break the iPhone's passcode so that investigators can pull data from the device. Apple has contested the order.

The FBI's Christopher Pluhar, a supervisory special agent, said that Farook had changed his iCloud password several weeks before the attack, and with the device locked with a four-digit passcode, the FBI's forensics team was unable to get into the iPhone to extract its contents.

The mention of a four-digit passcode was important: If the FBI could circumvent the device's security safeguards, it would be able to "brute force" such a passcode in just hours.

The Department of Justice (DOJ) has demanded -- and a federal court has granted the request -- that Apple craft a special version of iOS that would disable the safeguards, then plant the code on Farook's iPhone. Apple has been asked to switch off the auto-destruct feature that wipes the phone after 10 incorrect passcode entries, remove the lengthening delays between each guess, and make it possible for the FBI to electronically bombard the iPhone with passcodes instead of having to manually enter them on the lock screen.

Pluhar added to the government's contention that it did not screw up by changing the password for Farook's employer-controlled iCloud account in an attempt to force the device to back up after the FBI found it in a vehicle used by Farook. By restoring the iCloud backup to other similar iPhones, the FBI acquired the contents of the last backup, which was dated Oct. 19, 2015.

But Farook had changed the iCloud password on Oct. 22 -- perhaps from the one assigned him by his employer, the San Bernardino County Department of Public Health, and the putative owner of the iCloud account -- just days after the last backup was successfully saved to Apple's servers. At the same time, he disabled the auto-backup feature of iOS 9, the DOJ claimed.

However, Pluhar had not said that, had, in fact, said nothing of auto-backup being switched off in his sworn statement.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.