I thought I saw one report that Apple could increase the guy's iCloud storage limit, which might start the backups going again.
One of the strongest suggestions we offered was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for. Unfortunately, we learned that while the attacker’s iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.
The FBI and the San Bernardino County changed the Apple ID/iCloud account password. There's a possible way they did this by using the
iForgot support site and had access to the e-mail account tied to the account. Being that this
phone was the property of San Bernardino County, it could have been his work e-mail address. The password reset that the two government agencies performed means the phone no longer can backup to iCloud, assuming that setting was still on. Being that they had success changing the password it indicates the account was not set up for
two step verification. Or if it was, the government agencies involved reactivated the phone number on another device to receive the SMS with the verification code. They could have been attempting this path to gain access at
http://icloud.comIf San Bernardino had the device under
MDM control, they could flip that setting on, however they couldn't send the new password in via that path.
Previous Topic
Index
