The Federal Bureau of Investigation (FBI) yesterday rebutted accounts in the media, and implications by Apple, that it or San Bernardino County messed up when the iCloud password for the iPhone used by Syed Rizwan Farook was reset days after a shooting that left 14 dead.
On Dec. 6, FBI investigators, with the approval of San Bernardino County and the assistance of its IT staff, reset the password of Farook's iCloud account. San Bernardino County owned the iPhone 5C, had supplied it to Farook for his job as a health inspector, and controlled Farook's iCloud account.
Forook, along with this wife, Tashfeen Malik, are accused of killing 14 in San Bernardino, Calif., on Dec. 2. They died four hours later in a shootout with police.
"A logical next step was to obtain access to iCloud backups for the phone in order to obtain evidence related to the investigation in the days following the attack," the FBI said yesterday in a statement emailed to Computerworld.
Re/code first reported Sunday on the FBI's statement.
"[The FBI] was able to reset the password in order to provide immediate access to the iCloud backup data," the agency said in its statement.
After serving a search warrant on Apple, the FBI obtained the phone's last iCloud backup, dated Oct. 19.
But questions remain about what would have happened had the FBI and San Bernardino County not reset the iCloud account password on Dec. 6. If the iCloud Backup feature in iOS is enabled, the phone is supposed to automatically back up when it's connected to power and connected to an already-known Wi-Fi network, assuming there's enough space in the account and the iPhone's screen is locked.
Some have posited that had the phone been connected to a power outlet and a Wi-Fi network -- specifically a known network, such as one at Farook's residence -- it would have automatically backed up the appropriate content to iCloud.
According to reports, Apple executives speaking to an invite-only group of reporters Friday suggested that the FBI botched the job by resetting the device's iCloud password. It might have been possible to collect a new backup's contents if it had held off, they said.
Apple implied as much in a FAQ it published early Monday. "One of the strongest suggestions we offered [the FBI] was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for," Apple said. "Unfortunately, we learned that while the attacker's iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services."
Sign up for CIO Asia eNewsletters.