The San Bernardino Terrorist's iCloud Password Was Accidentally Reset By His Employer

By Matt Novak on at

Everybody is in a tizzy over whether Apple should comply with a court order to unlock the iPhone of the dead San Bernardino terrorist. But there’s one detail in this whole mess that’s completely bizarre. The terrorist’s employer, the San Bernardino Health Department, accidentally reset the guy’s iCloud password.

Technically, the iPhone in question (the one the FBI is demanding that Apple unlock) was purchased by the San Bernardino Department of Health. And as security researcher Christopher Soghoian has pointed out on Twitter, the Department tried to reset the phone’s password remotely in the hours after the attack. They hoped to gain information from a possible back-up of the phone to iCloud. Instead, they rendered the account useless.

From today’s filing by the Justice Department against Apple (emphasis mine):

The four suggestions that Apple and the FBI discussed (and their deficiencies) were: (1) to obtain cell phone toll records for the SUBJECT DEVICE (which, while the government has of course done so, is insufficient because there is far more information on the SUBJECT DEVICE than simply toll records); (2) to determine if any computers were paired with the SUBJECT DEVICE to obtain data (which the government has determined that none were); (3) to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup); and (4) obtaining previous back-ups of the SUBJECT DEVICE (which the government has done, but is insufficient because these backups end on October 19, 2015, nearly one-and-a-half months prior to the IRC shooting incident, and also back-ups do not appear to have the same amount of information as is on the phone itself). After subsequent conversations, though, Apple conceded that none of these suggestions would work to execute the search warrant or to sufficiently obtain the information sought.

“The owner” they’re talking about there is the Department of Health.

Of course, there are many good reasons that Apple doesn’t want to be compelled to effectively design a backdoor that would unlock the dead guy’s phone. If they did, it would mean that everybody (good guys and bad guys alike) could potentially go around unlocking anyone’s phone.

It’s not a black and white case, but there’s at least a lesson here: If you’re an employer and an employee just killed a bunch of people, don’t take it upon yourself to try and hack the bad guy’s phone.