FBI Says Suspect iPhone Password Reset Was Deliberate

apple

Investigators would have needed to crack the shooting suspect’s iPhone even if its iCloud password hadn’t been reset, the FBI has said

The FBI has responded to criticism of its approach to gathering data from an iPhone 5C owned by a suspect in last year’s shooting in San Bernardino, California, stating that its actions don’t affect Apple’s legal obligations in the case.

Meanwhile, FBI director James Comey made a personal appeal to Apple and the US public on his blog, saying that the investigation wasn’t intended to set a legal precedent.

‘Chilling implications’

fbi2Apple has argued that if it cooperates with the FBI in the way it has been asked to, it would have “chilling implications” for its customers’ privacy.

Following the 2 December shooting incident, investigators recovered the government-issued iPhone 5C belonging to county employee Syed Rizwan Farook, but weren’t able to directly access the data on the device as it was locked.

Soon afterward they reset the password to the iCloud account linked to the device in order to gain access to data backed up from the handset.

Apple executives last week implied that the password reset was a mistake, as it made it impossible for a further backup to be carried out that would have yielded up-to-date data that could have been accessed without recourse to breaking the iPhone’s encryption.

In a Saturday statement, the FBI responded that investigators would have needed access to the contents of the device itself regardless of whether they had been able to obtain an up-to-date backup.

“Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains,” the FBI stated. “Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple’s assistance as required by the All Writs Act order, since the iCloud backup does not contain everything on an iPhone.”

iPhone crack ordered

A federal court judge last Tuesday ordered Apple to develop software that would disable an iPhone security feature that permanently locks a device after 10 failed attempts to guess its password, allowing investigators more scope in determining the correct password and unlocking the device.

Apple chief executive Tim Cook has refused to comply with the order, calling it comparable to the creation of a “back door” and an “over-reach” by investigating authorities. Companies including Google and Facebook have supported Apple’s position, while public opinion remains roughly evenly divided, according to opinion polls.

The Department of Justice, for its part, has accused Apple of putting its “marketing strategy” ahead of its legal obligations and has said Cook mischaracterised the government’s case.

In his blog post, the FBI’s Comey didn’t mention Apple or the iPhone by name, but appealed for a “long conversation” on the matter, which he said should be settled not by Apple nor by the FBI but “by the American people”.

“The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. It is about the victims and justice,” he wrote. “We can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.”

Apple must file its legal response to the judicial order by Friday, which is also the day of its annual shareholder meeting.

Apple and other US IT companies have criticised the UK’s draft Investigatory Powers bill and government plans that aim to enable investigators to crack encrypted messages.

Are you a security pro? Try our quiz!