​Apple: Investigators ruined best way to access terrorist data

Last Updated Feb 22, 2016 9:50 AM EST

There might have been an easier way.

According to senior Apple executives on Friday, the FBI might have been able to obtain data from an iPhone 5C belonging to Syed Farook, one of the San Bernardino terrorists, by connecting it to a familiar Wi-Fi network and having it create a new backup on Apple's iCloud service.

The idea was foiled, the executives say, because the password to the terrorist's iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn't recognize each other, the executives said.

The password reset is the newest wrinkle in the standoff between the government and Apple, which received a court order this week compelling it to create a custom version of its iOS operating system that bypasses security features on the iPhone.

Apple rejected the order, saying it will fight the government's request -- all the way to the Supreme Court, if necessary -- because it means creating a "master key" for all phones that will undermine privacy and security.

On Friday, the Department of Justice derided Apple, writing in a 35-page filing that the company's refusal to comply with the court "appears to be based on its concern for its business model and public brand marketing strategy."

U.S. presidential hopeful Donald Trump also weighed in, calling for a boycott of the iPhone if Apple doesn't comply. Meanwhile, tech industry leaders, including the CEOs of Google and Twitter, and privacy advocates, including Edward Snowden, have voiced their support for the company.

Apple already provided the FBI with access to Farook's iCloud backups through mid-October, when he apparently stopped iCloud to back up the iPhone provided to him by his employers. (Farook and his wife destroyed their personal phones before their attacks.)

The data left on the phone is encrypted with 256-bit AES security, the same standard used to protect US government computers.

That encryption makes a brute-force attack on the iPhone 5C by the FBI nearly impossible. Such an attack includes trying numerous passwords until the right one is found.

One of the FBI's key arguments for forcing Apple to unlock the phone is that agents believe Farook intentionally stopped backing up his work phone to Apple's iCloud service to keep some information secret, according to the February 16, 40-page DOJ request (embedded below) that led to the court order.

In January, while assisting the FBI and the DOJ with the ongoing investigation, Apple engineers suggested a simpler idea than bypassing the iPhone's passcode security. They recommended that the iPhone be connected to a known Wi-Fi network, such as one in Farook's home or workplace, and plugged into a power source so it could automatically create a new iCloud backup overnight.

If successful, that backup might have contained the missing information between the October backup and December 2, when the San Bernardino massacre occurred.

It wasn't clear whether the auto-backup idea would work, but the FBI never got the chance to try, Apple said.

The FBI told CBS News on Friday that someone with San Bernardino County (Farook's employer, which actually owned the phone) remotely reset the password on Farook's account in the hours after the attack.

In a tweet, San Bernardino County officials confirmed they had changed the password on the iCloud account, saying the FBI had asked them to.

According to senior Apple executives, the password reset meant that someone would need to log in to the phone and enter the new password before it could sync with Apple's iCloud servers again. That wouldn't be possible without knowing Farook's iPhone passcode, which is the very thing the FBI hopes to obtain by compelling Apple to modify its iOS software and bypass its own security features.

However, in a statement released Sunday, the FBI disputed key parts of Apple's claim. "The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data," the statement said. "The reset of the iCloud account password does not impact Apple's ability to assist with the the court order under the All Writs Act."

Furthermore, the FBI said:

"Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains. Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance as required by the All Writs Act order, since the iCloud backup does not contain everything on an iPhone. As the government's pleadings state, the government's objective was, and still is, to extract as much evidence as possible from the phone."

In the court order, a federal judge offered Apple the ability to use "an alternate technological means," if one existed, to provide the FBI with access to Farook's iPhone data. According to Apple, the auto-backup scheme was the best idea to date.

On Tuesday, Apple CEO Tim Cook said company engineers had been advising the FBI and cooperating with the investigation but that the call to rewrite iOS would create a "backdoor" into the iPhone that hackers and malicious governments could use to undermine the privacy and security of all iPhone users.

The company on Friday asked for a three-day extension to file its appeal to the court order, and the deadline has reportedly been moved to February 26.

"We have no sympathy for terrorists," Cook wrote in an open letter to customers explaining Apple's decision to challenge the court's order. "But now the government has asked us for something we simply do not have, and something we consider too dangerous to create."