Apple vs FBI Gets Weirder
Update to my story of a few hours ago:
The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.
The interesting question is who did this. To understand this question, we need to delve into the wonderful world of Apple’s various identification methods.
Anyone who has ever logged in to iTunes has an Apple ID (an e-mail address) and a password. You can use those to access most of Apple’s online services, including tech support. This is the password to which the Buzzfeed article is referring. The passcodes for iOS devices are completely separate. The passcodes were not changed (as far as I know).
But — and my lovely wife and I know this from bitter experience — before you can change that password. you need to log in with the old password. And guessing wrong is even less forgiving than iOS. If I remember correctly, three wrong guesses means you have to change your password, getting you bogged down in Apple’s very security-conscious password reset process.
In other words, whoever changed the password had to know the old password. Another explanation is that the person in question was in possession of the phone that might be used for password recovery. There is something very rotten here. This is not the end of this story.