San Bernardino shooter's iPhone Apple ID password was changed while in government custody

By Dan Thorp-Lancaster
last updated

In an interesting turn of events, it has been revealed that the Apple ID password tied to the iPhone involved in the current tussle between Apple and the FBI was changed after it was in the custody of the U.S. government.

As reported by Buzzfeed News, Apple executives revealed that the company had been in touch with the government and working on a solution to accessing the San Bernardino shooter's iPhone since January. When testing one possible solution, the company discovered that the Apple ID password associated with the iPhone had been changed, making it more difficult to access the information the FBI is after:

The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.Apple sent engineers to try that method, the executives said, but the experts were unable to do it. It was then that they discovered that the Apple ID passcode associated with the phone had been changed.

Had the password not been changed, Apple says, a backup of the information the government is seeking would be accessible, eliminating the need for the court order that lies at the center of the current dispute.

The news follows a push by the U.S. Department of Justice to compel Apple's cooperation in assisting the FBI with creating a backdoor to the iPhone in question.

Update: According to another report out of TechCrunch, Apple executives have also stated that the tool the FBI is asking the company to create could potentially work as a blueprint for cracking into more devices in the future, even going so far as to render a key security feature of newer iPhones and iPads useless:

The executive also explicitly stated that what the FBI is asking for — for it to create a piece of software that allows a brute force password crack to be performed — would also work on newer iPhones with its Secure Enclave chip.

Apple also argued that cooperating with the FBI on this matter has the potential to open a pandora's box of requests from foreign governments — and aspect of the dispute that hasn't received much attention thus far.

Update 2: The San Bernardino Twitter account has chimed in to say that the county changed the password at the FBI's request.

See more
FBI vs. Apple

Latest updates
FAQ: What you need to know
Why privacy matters
Sign the privacy petition

Dan Thorp-Lancaster
Dan Thorp-Lancaster
59 Comments
  • If you'd like to support Apple's stance on privacy, there is a White House petition at https://petitions.whitehouse.gov/petition/apple-privacy-petition
  • wish Canadians could sign I would do it in a heartbeat Sent from the iMore App
  • I love how points of view that differ with the site owners get censored.
  • Very common on iMore. Freedom of Speech only applies to people who agree with you.
  • Freedom of speech doesn't exist on the internet. We are bound by terms and conditions that we agree to when we use a site Posted via the iMore App on my iPhone 6s Plus 64 gigabytes
  • I didn't see any term and condition for iMore that stated people couldn't have an opposing view. I visit this site for the propoganda and regurgitated articles from other tech sites. And the amusing comments of course.
  • I'm curious how connecting to WiFi would have allowed to the government to have access to the phone. That seems like the real story here.
  • It would be connected to a trusted connection and therefore allows more sensitive data to be accessed. Sent from the iMore App
  • you can set up a trusted connection to an iPhone without having the iPhone accepting it? Yikes
  • What they mean is that if the phone was set to back up to the cloud and it connected to a known network while plugged in to power, the phone would back itself up and Apple could give the Feds the data from the cloud backup. What's sort of fallen between the cracks on this story is the fact that Apple can and does give access to those backups when the Feds ask them. Never back up to the cloud if you are concerned about your privacy. Local backups, locally backed up by yourself, either encrypted or on a passcode protected volume is the only way of shutting that particular backdoor.
  • That's pretty much what I got from this story. Hopefully this can be elaborated on more.
  • No, when the data is moving from the device to iCloud through the Wi-Fi network, the F.B.I. network would be made to be easy to access data moving through it. It's the same reason why you would not look at sensitive info on a public Wi-Fi network. Apple devices usually connect automatically to Apple store Wi-Fi, they could easily fake their network. The data accessed would not be from iCloud itself, but would be the data moving through the network.
  • Yea I figured it out. If the password wasn't changed, without apple intervening they could restore the iCloud backup to another device for example and get the details that they need. They could also find the known wifi networks and get the phone in range, plug it in and let it back up.... Then restore the new back up to the other phone again. This way they'll have more recent data.
  • Think Again, the data flowing from the iphone up to apples servers across wifi or cellular is encrypted with apples keys while in flight.. I do not see Apple giving the FBI their root cert either.
  • This is weird news. The only way to read that statement is that *after* the terrorists were killed, and *after* the government took possession of their phone, either the investigators, or the section of the government that the terrorists worked for, changed the password on the phone. The most likely explanation to me is that the "company phone" went missing, and the policy around that was to remote wipe it, or change the AppleID on it. So really, ... a classic case of the government shooting itself in the foot.
  • I love it! So American! I as an American, despise the American government, this is a prime example. We screwed it up, you fix it. Sent from the iMore App
  • There is another problem here, Apple says in the security documents, that iCloud backups are encrypted in transport and on servers, but clearly they can access them whenever they want to.
  • They are encrypted from the internet gateway to the server, Wi-Fi networks can be accessed if they are not secured. It's the same reason why you don't access private info on a public network; It is simple and easy to access. Apple DOES have a key to un-encrypt ALL data stored in iCloud, but they'd wouldn't use it just for one account.
  • As tragic as the shooting was, this was the excuse the Federal Government has been waiting for to gain access to Apple's encryption. Yes, the FBI claims they are asking for a "one time deal", but also yes is the fact this would be a gateway to rendering everyone's personal encryption useless. The FBI has had a hard on for Apple's out-of-the-box encryption since the day Tim Cook announced it. Like I said, even though this was a tragic event that led to this, opening this door will open up another pandora's box on our personal privacy. If Apple makes an exception once, then another instance will trigger another judge to authorize a warrant, and then another, and then another. And do I trust my Government to be good boy scouts and only use this backdoor once?? Edward Snowden makes me say no, I don't trust them with my privacy one bit.
  • Lol man my government is so dumb they should be face palming themselves so hard right now
  • So it was changed but how was it changed? Was the terrorist working with others who had/have access to the device? Or was it changed somehow by the government?
  • This is the real question. Everyone reads that the government changed it. Anyone who had access to that account could have changed it. I would subpoena the captured IP address of the login location that changed it. Probably was friends of terrorists.
  • The way it sounds the government had to change it. As they were going to install the most recent back up to a different device. I'm just guessing here.. But one that I can say for sure is that they used this opportunity to request this of Apple and make it public just so they can get the majority of the public to agree and force the private sector to forget about making info encrypted. All for the sake of National Security
  • Changed how? By who? How would they not know the passcode if they changed it? Sent from the iMore App
  • That's what I don't get... Gotta go read another article elsewhere. Sent from the iMore App
  • The password was reset by the employer (San Bernadino Health something or other), NOT the FBI. Apple is using convenient language to make people think it was the FBI. Although technically it was the "government", the FBI was not involved in the reset.
  • Per the county: CountyWire ‏@CountyWire 24 hours ago
    The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request. Therefore, Apple is using precise language.
  • The FBI wants a back door (master key) to everyones devices, no other solution will do for them. They didn't "screw up" by changing the Apple ID, this is what they wanted, they purposely left themselves only one alternative and that was to force Apple to make software to break into Apple's devices.
    To the FBI this country has 3 hundred million potential terrorists and no one gets a pass, the constitution is just an out-dated piece of paper to them.
  • Here's what I see, people think the FBI are inept but they have technology and people that are way above capable. They know exactly what they are doing. They are trying to force Apple to do something that will put them at the start of the road to getting all the information. If anyone thinks they will stop with Apple they wont. Once they get it done they will then move to Android unless they have already created their own methods. The problem is that they keep using Terrorism as the scapegoat but none of their surveillance stops the attacks. Sent from the iMore App
  • Admission that our beloved govt spook brigade isn't as smart as they profess to be, hey ?? Hopefully, Tim will send them right back where they came from...... bushtown. Cheeeney's waiting.
  • Irevolt said what I was about to write: It seems to me that the government isn't incompetent; if they did change the password (the how remains a mystery...), they did it specifically so that their only recourse to getting the data would be to push Apple to do the untenable. Another detail that seems to be lost in all the hoopla surrounding the data on the phone is that the FBI already has a ton of information at its disposal through the computer and other pieces of evidence it has already collected. I suspect that the government already has all the data it really needs to demonstrate the guilt of Syed Farook. I further suspect that it's a case of overreach that the government is using to force tech companies to weaken device security.
  • They don't need the data from that phone to demonstrate the guilt of Syed Farook. But they need the data from that phone. Posted via the Android iMore App!
  • The data on that phone is available elsewhere -- through the employer's backup, for instance. The government has already accessed data on potential contacts, etc. Again, the phone isn't really the issue, it's the incessant overreach of the government in security matters and its profiting of this case to achieve a goal it's been whining on about for years.
  • So you say. Posted via the Android iMore App!
  • I'm really torn on this issue. I want my data safe guarded. No one should have unlimited access to my information. In that regard I agree completely with Apple and their stance. On the other hand, there may be information on that phone that could stop a future attack by an associate or friend of the assailants. If that information could possible stop or limit that, then I am for Apple helping get into the phone for the information. Mind you, I am not leaning either way. I am not agreeing or disagreeing with either side. There are good reasons for both sides and their arguments. I'm glad that I am not the one making this difficult decision.
  • This crap with the FBI is confusing as ****, how did they change the password? And if they did change how in the **** do you now know what you changed it to? And if it is an error on your behalf why are you bringing Apple into this and smearing over all the new outlets because they refuse to help you in this particular matter
  • What i can't figure out is why the feds cant access a local or county government phone. Mr. Farook was a county health inspector.The iphone was or belonged to the county health department that probably had wipe policies on it and probably had things locked down on it. May not even be connected to icloud. hmmm..... Sent from the iMore App
  • WAIT!!! My comment was censored??? For using the word ****?
  • HE double hockey stick?
  • iMore is all about sweetness and light (and censoring anyone who disagrees).
  • If county changed the password once, then why the heck don't they change it again to 1234? Whatever MDM system they seem to be running there is pretty crappy if they can't even control their own devices. Something is seriously fishy about FBI's request.
  • I took a step back for a moment to think about this some more. Mr Farook was a County Health Inspector, If he had patient health information or anything related on that county phone then more than likely it was not connected to icloud and had wipe policies and whatever else. Remember the whole HIPPA Privacy Act. Its a case where the feds are stuck on their own law. Sent from the iMore App
  • Too much scandal here, if already the iPhone 5 could been hacked in a pwn2own , so it's too overreactive because the police just it's asking by an easy to grant access and get the information that it's all, I doubt that can start hacking to the operative system later if the techniques used would not be used elsewhere, with this proves the zero confidence in the government. Also Google can't say about secure devices android has too many bugs and holes of security that is the less indicated to speak about security and privacy
  • ?? Posted via the Android iMore App!
  • People need to stop using their phones like they are a super secret machine. Every time you grant an app access to your photos, info, location you are opening a back door. The issue at hand is serious, we don't government phones hacked with a software that could fall in hands of terrorists, we also don't want a device that terrorist can hide behind. In the mobile world there need to be limitations but don't think your internet habits are safe to begin with. The FBI and Apple are both doing their jobs to protect. Sent from the iMore App
  • Well they are our super secret devices Posted via the iMore App on my iPhone 6s Plus 64 gigabytes
  • Put Tim Cook in handcuffs if he does not comply with the judges order Sent from the iMore App
  • handcuff him for taking the allotted time to legally respond, up to and including not doing anything while they appeal? Wow. Extreme
  • That’s not what was said. “Put Tim Cook in handcuffs IF HE DOES NOT COMPLY with the judges order”.
    I’m inclined to say yes as if I decided for whatever reason not to comply with a judge I’m pretty sure I’d have bailiffs and/or police beating down my door and my lawyers are cheaper than Tims. It’s not really right to encourage someone to do this just because you happen to agree THIS time?
  • He does not have to comply, yet. That is the beauty of the USA. We have courts. The FBI brought this to the courts. Apple, Inc. has the right to defend itself in those same courts up to and including the SCOTUS. Call me naïve, but I doubt that the SCOTUS will force a company to comply to this unprecedented request.
  • We have courts. We have a legal process. They are there to be used. Thanks for clearing that up. Posted via the Android iMore App!
  • You disagree? Apple should just comply with an order it feels is wrong without using the legal system in place for these very reasons?
  • Did you forget you wrote the word "yet" in your opening statement? Let me try saying it like this. You stated the obvious, that we have courts and we should use them. Posted via the Android iMore App!
  • I agree it is obvious. But quite a few people seem to be if the "just do it, Apple" and appear to have forgotten that Apple has the luxury of fighting this in court, putting it up to a court to decide. I hope this goes to the SCOTUS. That will put any of these proposed state and federal bills to rest, one way or another. And 8 justices or 9, I don't see the SCOTUS forcing a company to do this. Sent from the iMore App
  • Thanks. I imagine those other people also know about the court process. Posted via the Android iMore App!
  • Go sit down Mr. Trump. ideeot.
  • Summary of issues: FBI is wrong for pushing that they be given the tool to do this and deliberately spinning issues in ways that mislead the average reader.
    Apple is wrong for pretending that they don't have the capability to break into the phone (they can create the tool rather easily), claiming that their "number one priority" is user security, and deliberately spinning the issues in ways that mislead the average reader. Apple's presence in "less open" countries show us how they balance profit and user privacy. What should happen is Apple should, internally, crack the phone and hand over the data, then destroy, in entirety, the tool. What the FBI should do is attempt to reverse engineer the Secure Enclave, or brute force the hard drive, bypassing iOS entirely.
  • Surely if it comes to court, in light of this Apple can't be forced to fix the agency's mistake. For that matter does the county office not know who changed the password so he/she can open it? What am I missing here?
  • I just can't help but wonder....what are they looking for that could be on that county government phone. Has anyone thought to ask the county government or better yet phone records of calls or data? A court order could do that for a cellular company in the states. If that iphone was anything like what i used for a company in the past its locked down so tight you could only make a phone call and maybe an email and a few apps that are already installed. I would start by figuring out first how the iphones are issued to personnel and what restrictions they have on them. Sent from the iMore App