Common software could have allowed FBI to unlock shooter's iPhone

WASHINGTON -- The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

See Full Article

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

The service costs $4 per month per phone.

Instead, the only person who knew the unlocking passcode for the phone is the dead gunman, Syed Farook, who worked as an inspector in the county's public health department.

The iPhone assigned to Farook also lacked a Touch ID feature, meaning the FBI cannot use the dead gunman's thumbprint to unlock it now. The FBI found the phone in a car after the shootings.

A U.S. magistrate last week ordered Apple to provide the FBI with highly specialized software that could be loaded onto the work-issued iPhone 5C used by Farook. He died with his wife in a gun battle with police after killing 14 people in December.

The software would help the FBI hack into the phone by bypassing a security time delay and feature that erases all data after 10 consecutive, unsuccessful attempts to guess the unlocking passcode. This would allow the FBI to use technology to rapidly and repeatedly test numbers in what's known as a brute force attack.

The FBI said it wants to determine whether Farook had used his phone to communicate with others about the attack.

Apple has said it will protest the ruling and has until Friday to intervene in court.

San Bernardino had an existing contract with a technology provider, MobileIron Inc., but did not install it on any inspectors' iPhones, county spokesman David Wert said. There is no countywide policy on the matter and departments make their own decisions, he said.

Wert disputed the value of the remote management technology because he said Farook -- or any other county employee -- could have removed it manually. That would have alerted county technology employees and led them to intervene.

In many offices and classrooms, officially issued smartphones include the installed management software. It can unlock the phone, delete all information in case of loss or theft, track the device's physical location, determine which apps are installed, check battery life and push software updates. The technology is intended to make such products more suitable in corporate environments, where tighter controls are important to protect company secrets.

"This is the business case" for mobile device management, said John Dickson, a principal at Denim Group Ltd., a security consultancy. "The organization simply has no control or influence or anything over the device unless they have some MDM authority. The ability to do remote air updates, the ability to do remote wipe, the ability to control certain settings. Those are the standard kinds of things you do in mobile device management."

This is the first time since the county issued its first Blackberry device in 2003 that law enforcement has needed access to a locked county-owned phone, Wert said. Prosecutors said in court filings that the county gave its consent to search the device. County policy said digital devices can be searched at any time and Farook signed such an agreement.

Apple executives said Friday that the company had worked hard to help federal investigators get information off the locked iPhone, suggesting they use an iCloud workaround while the phone was connected to a familiar wireless network so that it would begin automatically backing up and provide access to data. The executives spoke on condition of anonymity because of the ongoing legal process.

The executives said Apple sent engineers to work with the FBI on the workaround but the effort ultimately failed. In the government's filing Friday, prosecutors said in a footnote that neither the county nor the FBI knew the password to the iCloud account and the county, in an effort to get access to information on the phone in the hours after the attack, reset the password remotely -- thereby eliminating the possibility of that workaround being successful.

But if the county had installed the management device it had bought onto Farook's phone, none of these efforts would have been necessary.

Gartner Inc., a technology research firm, estimated that over 60 per cent of large enterprises -- meaning business, government and educational entities -- used some kind of MDM software as of last year, though not necessarily on all company-owned devices. That percentage is likely higher now than when the research was done months ago, said Terrence Cosgrove, a research director with Gartner's mobile and client computing research group. Cosgrove said MDM adoption rates are generally higher among government users.

Many workers balk at the idea that the software can monitor and track their personal phones, said Alex Heid, chief research officer at the cybersecurity firm SecurityScorecard Inc. But if the company provides a phone, it's considered reasonable practice to use such software.

"If a company's assumption is that they might not be able to get back into a device one day then it's not really a company asset at that point, it's a gift," he said.

Ted Olson, a lawyer for Apple, told ABC's "This Week" on Sunday that the legal fight had evoked an important debate about privacy and civil liberties. But he warned there would be no limiting what the government could require Apple to do in the future if the Justice Department got its way this time.

"Apple has a responsibility to maintain the trust and faith of millions of people who've depended upon Apple to produce a product that protects their privacy -- their intimate, personal life," said Olson, a former solicitor general under President George W. Bush. "This is a Pandora's box."

Fowler reported from New York.



Advertisements

Latest Tech & Science News

  • Warming climate could affect life in Arctic Ocean, says new study

    Tech & Science CBC News
    Climate change is transforming the Arctic Ocean in ways that could permanently alter the food chain and impact ocean species, according to a new study. The study, published in the journal Science Advances, looked at the concentration of the chemical element radium-228 in the central Arctic Ocean and found that between 2007 and 2015 the concentration doubled. Source
  • No drunk or stoned droning: New Jersey passes ban

    Tech & Science CTV News
    New Jersey has added drunk droning to the statute books, outlawing the flying of unmanned aircraft after one too many drinks. The law makes it an offense to operate a drone under the influence of intoxicating liquor, narcotic, hallucinogenic or habit-producing drug or with a blood alcohol concentration of 0.08 per cent or more. Source
  • Environmental impact of N.S. turbines must be researched: executive director

    Tech & Science CTV News
    HALIFAX - Nova Scotia's bid to become a world leader in tidal energy received a boost today when Energy Minister Geoff MacLellan announced a new competition for research funding. MacLellan says $150,000 is being offered to support five research projects that will involve the use of Dalhousie University's Aquatron -- one of Canada's largest aquatic research facilities. Source
  • World's largest sea turtle could come off 'endangered' list

    Tech & Science CTV News
    Federal ocean managers say it might be time to move the East Coast population of the world's largest turtle from the U.S.'s list of endangered animals. An arm of the National Oceanic and Atmospheric Administration has received a petition from a fishing group asking that the Northwest Atlantic Ocean's leatherback sea turtles be listed as "threatened," but not endangered, under the Endangered Species Act. Source
  • No increase in earthquakes during full or new moons, study suggests

    Tech & Science CBC News
    The moon may be the cause of some things that happen on Earth, but earthquakes aren't one of them, a new study suggests. There's been an ongoing debate as to whether or not more earthquakes occur when the moon's tidal forces — its pull — is strongest. Source
  • BlackBerry's 'Jarvis' scans connected, autonomous cars for software vulnerabilities

    Tech & Science CTV News
    At the Detroit motor show, BlackBerry CEO, John Chen, unveiled the firm's new cybersecurity software, Jarvis, designed to analyze the many software systems used in connected and autonomous cars to identify potential security vulnerabilities. Jarvis aims to analyze all of the complex IT systems onboard connected and autonomous vehicles with speed and reliability. Source
  • Welcome to the neighbourhood. Have you read the terms of service?

    Tech & Science CBC News
    The L-shaped parcel of land on Toronto's eastern waterfront known as Quayside isn't much to look at. There's a sprawling parking lot for dry-docked boats opposite aging post-industrial space, where Parliament Street becomes Queens Quay. To its south is one of the saddest stretches of the Martin Goodman trail, an otherwise pleasant running and biking route that spans the city east to west. Source
  • Canada's deepest cave discovered by Calgary-based expedition

    Tech & Science CBC News
    It's definitely not for the claustrophobically inclined. A Calgary-based expedition has recently documented what's believed to be Canada deepest cave just north of Fernie, B.C. Kathleen Graham and Jeremy Bruns were part of a nine-person team of volunteer explorers who made the discovery around the new year. Source
  • Tips on how to protect yourself online

    Tech & Science CTV News
    The case of an Ontario man who allegedly earned hundreds of thousands of dollars by peddling massive troves of personal information obtained on the so-called dark web is a sobering reminder of the scale of online threats Canadians face every day. Source
  • B.C. man charged in alleged 'spambot' attack on video streaming platform

    Tech & Science CTV News
    COQUITLAM, B.C. -- A British Columbia man has been charged with mischief after a U.S.-based social media platform was allegedly flooded with thousands of spam messages, effectively shutting down many of its channels. Brandan Lukus Apple of Coquitlam was charged Dec. Source