The Hacker News Logo
Subscribe to Newsletter

FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable

apple-id-passcode-reset
Another Surprising Twist in the Apple-FBI Encryption Case: The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody.

Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook.

Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so.

According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves.

Here's How the FBI Screwed itself


On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5C, which Apple had already provided to the FBI under a court order.

Now the FBI is looking for the data on Farook's phone stored between October 19, 2015, and the date of the attacks on December 12, which has not been yet synced with Farook's iCloud account.

When the FBI approached Apple to help them brute force the passcode without losing data, Apple suggested the feds an alternative way, i.e., Connect Farook's iPhone to the Internet by taking it to a known Wi-Fi range. This way his phone would have automatically backup device data with his iCloud Account.

But the Twist lies here:


Just after the terrorist attacks, an unnamed San Bernardino police official 'Reset the Apple ID Passcode' associated with Farook's iPhone 5C "less than 24 hours after the government took possession of the device" in an attempt to access the data.

Here's the blunder:

By default, resetting the Apple ID password essentially creates an entirely new device ID on an iCloud account that will not automatically sync device data online, until the user manually configures the newly generated Apple ID password within the device settings.

Unfortunately, Farook's iPhone is already LOCKED, and Apple has already refused to provide a backdoor to bypass the device passcode.

So, the authorities are now left with no chance to pull off the data from iCloud even if they take the device to the known Wi-Fi range.

Here's what a senior Apple executive who requested anonymity told BuzzFeed:

The Apple ID passcode linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible…

The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.

The statement came just hours after the DoJ criticized Apple's response to the court order.

Possible Alternative Ways to Recover Data


But, there could still be some way out to get the data the FBI needed. One way could be if it is possible for Apple to simply restore the changes made to Farook's iCloud account.

This way the feds could search for known WiFi and get the data automatically synced to the associated iCloud account, unless or until Farook had not turned OFF auto-backup purposely.

Another possible way to recover the data without unlocking the device could be forcefully pushing (if and only if it is possible to install an update without user interaction) an iOS software update to the target device with an additional inbuilt application that will simply auto-backup every file on the system to a third party server.


Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.