Investigators May Have Waited Too Long to Ask Apple for Help Cracking Texas Gunman’s iPhone
A new wrinkle has emerged in the case of Devin Kelley, the gunman who killed dozens of people in a Texas church last weekend, and his encrypted smartphone.
U.S. officials have unofficially told reporters that the device was an Apple iPhone. However, according to a new report from Reuters—again attributed to unnamed sources—federal, state and local law enforcement officials failed to contact Apple (AAPL) for technical assistance in the crucial 48 hours following the shooting.
The prospect of the FBI facing another killer’s iPhone that they can’t get into carries echoes of the controversy surrounding the device used by San Bernardino shooter Rizwan Farook. In that case, the FBI wanted Apple to create a special version of its iOS mobile operating system that would allow investigators to bypass the security mechanisms on the phone—if you enter an incorrect passphrase too many times, an encrypted iPhone can erase its storage.
However, iPhones have evolved since the model 5c that Farook used, and they now have fingerprint sensors that people can use to log in. Although the feds haven’t specified what make Kelley’s phone is, let alone which model, if it was a recent iPhone it is quite possible that he would have enabled its fingerprint-login functionality.
If so, as Apple would have advised them, investigators would have been able to use Kelley’s dead hand to access the phone, as long as they did it within 48 hours of his last login, and providing that no-one turned the phone off and on again during that period.
After the 48-hour window, or if the device had been restarted, a passphrase became necessary, taking investigators back to their familiar problem.
Apple said in a statement given to Buzzfeed that it had contacted the investigators after hearing of the shooting, offering to expedite any requests for access to the shooter’s data.
Reuters’ sources noted that investigators would be able to request access to Kelley’s iCloud backups, as long as they got a court order. However, they said Apple had received no such request. And according to a Washington Post report, the investigators chose instead to have a county technician reset Kelley’s iCloud password—making it impossible for Apple to perform an automated backup from his phone, in order to make access to his data easier.
This article was updated with further details.