Apple and feds reveal San Bernardino shooter's iCloud password was reset hours after attack

Senior Apple executives underscored Friday that they have no intention of backing down in a high-stakes fight with the FBI over an iPhone used by one of the shooters in December’s San Bernardino terror attack. 

Separately on Friday, federal prosecutors and senior Apple executives also disclosed new details about what transpired privately in the weeks leading up to their very public legal battle this week.  

Speaking with reporters on condition of anonymity Friday afternoon, the Apple officials reiterated their position that providing the FBI with software to potentially help unlock the iPhone would be damaging to the interests of its customers and of the country.

See more of our top stories on Facebook >>

In a court filing Friday, federal prosecutors denounced Apple’s stance, calling it a marketing ploy that shunned the way courts have always operated.

The Apple executives said that the filing was redundant and that federal officials were just applying more public pressure on Apple in hopes the company would cave.

The back-and-forth came as the two sides also revealed new details about their previous efforts to access the phone's contents. 

Apple said that in early January it provided four alternatives to access data from the iPhone besides the controversial method the FBI is now proposing.

But one of the most encouraging options was ruled out because within 24 hours of the shooting rampage, the phone’s owner — possibly gunman Syed Rizwan Farook’s employer, the San Bernardino County public health department — reset the password to Farook’s iCloud account to access data from the backup, according to Apple and federal officials.

That means the iCloud password on the iPhone itself is now wrong, and it won’t back up unless someone can get past the phone’s passcode and change it.

The issue was discovered after Apple engineers sent to Southern California to work with the FBI struggled to trigger an automatic backup, Apple said. When iCloud is enabled, iPhones automatically sync with the cloud if they are charging and are connected to a familiar Wi-Fi network.

Prosecutors still contend that unlocking the iPhone is crucial because some data does not sync to iCloud. They said the FBI has retrieved Farook’s iCloud backups up to Oct. 19, about six weeks before the attack, and an FBI affidavit suggested that Farook deliberately disabled the sync feature.

Apple executives and Jonathan Zdziarski, a top expert on iPhone security, said that other issues could have cropped up and that the FBI’s assertion may not be true. Among the possibilities: An iPhone operating system update Oct. 21 could have disrupted iCloud settings; the iCloud storage space could have been full; or Farook may never have returned to a location where the automatic backup would have been activated.

Zdziarski said Apple may be able to reset the iCloud password so that it matches the one saved on the iPhone. Apple did not immediately comment.

Apple deliberately changed its iPhone software in 2014 to make it nearly impossible for anyone besides a device’s user to unlock it. It’s now refusing to weaken some of the security measures to provide the government with an easier route in.

The company has said allowing even one exception to that policy, including for a terrorism case, would open the floodgates for authorities to seek the same workaround in all types of investigations.

Chat with me on Twitter @peard33 

MORE

Apple-FBI battle terrorist's iPhone: All the details

Why Apple's fight with the FBI could reverberate in China

Tim Cook's stance on privacy could define his Apple legacy

Copyright © 2016, Los Angeles Times
63°