I take it these suspects didn't have any backups of their phone? It clearly cannot be the case that the backup can only be decrypted by the original device, since the entire point of the backup is to be able to restore it to a different device.
The suspects DID have backups of the phone on Apple's iCloud platform, and Apple already provided that to the FBI.
But that doesn't meet the FBI's actual needs. The FBI's ACTUAL needs are to have a case with a lot of public sympathy in which they can force a major tech company to very publicly comply with their order to add a backdoor to a phone (without calling it that) in order to influence the legal and legislative systems (and perhaps public opinion, if the FBI even cares about that).
Apple has provided the FBI with decrypted copies of the iCloud backups. But the phone only backed up "intermittently" so recent activity would not have been included in those backups. (Well, it COULD have been, except that the FBI told San Bernadino County to change the password, which messed that up.)
“[Apple] executives […] initially offered to help recover the iPhone's contents by connecting it to the Web from a network that the device had already accessed. That would have backed up the iPhone to iCloud and granted the FBI a way to obtain data without requiring it to crack a password, they said.
[…] The Friday DOJ filing to the court indicated that the county health department, which employed Farook and owned the phone, had remotely reset the password in an attempt to gain information, eliminating the possibility of an auto backup.”
Indeed, you're supposed to encrypt the backups with a password. If you don't, some data like wifi passwords won't be backed up, as far as I recall. If they did have backups that were encrypted, FBI could brute force that password too (if it's not just sitting in the keychain).
Indeed - is the backup encrypted using the apple account password or a user specified password? I am just wondering if a backup exists then it could be decrypted simply by doing a password reset (would only work if using the apple account password not a specific password for the backup)
An iPhone backup file managed by iTunes is encrypted with a separate key, which can be stored in the OS X keychain. A paranoid user might opt not to do so. The OS X keychain could be accessed by compromising the security of OS X, depending on how much encryption the user opted for. It's entirely possible for a paranoid OS X user to make things difficult in a case like this, even for the FBI.
On the other hand, if the FBI had some lead time, all of the above could be circumvented without Apple's cooperation.
