Common software would have unlocked San Bernardino shooter's iPhone

WASHINGTON -- The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

DOJ enters Apple, FBI fight

The service costs $4 per month per phone.

Instead, the only person who knew the unlocking passcode for the phone is the dead gunman, Syed Farook, who worked as an inspector in the county's public health department.

The iPhone assigned to Farook also lacked a Touch ID feature, meaning the FBI cannot use the dead gunman's thumbprint to unlock it now. The FBI found the phone in a car after the shootings.

A U.S. magistrate last week ordered Apple to provide the FBI with highly specialized software that could be loaded onto the work-issued iPhone 5C used by Farook. He died with his wife in a gun battle with police after killing 14 people in December.

The software would help the FBI hack into the phone by bypassing a security time delay and feature that erases all data after 10 consecutive, unsuccessful attempts to guess the unlocking passcode. This would allow the FBI to use technology to rapidly and repeatedly test numbers in what's known as a brute force attack.

The FBI said it wants to determine whether Farook had used his phone to communicate with others about the attack.

Apple has said it will protest the ruling and has until Friday to intervene in court.

Wert disputed the value of the remote management technology because he said Farook -- or any other county employee -- could have removed it manually. That would have alerted county technology employees and led them to intervene.

In many offices and classrooms, officially issued smartphones include the installed management software. It can unlock the phone, delete all information in case of loss or theft, track the device's physical location, determine which apps are installed, check battery life and push software updates. The technology is intended to make such products more suitable in corporate environments, where tighter controls are important to protect company secrets.

"This is the business case" for mobile device management, said John Dickson, a principal at Denim Group Ltd., a security consultancy. "The organization simply has no control or influence or anything over the device unless they have some MDM authority. The ability to do remote air updates, the ability to do remote wipe, the ability to control certain settings. Those are the standard kinds of things you do in mobile device management."

Dickson said "the big question now going forward, it builds the case for, is why this guy would have an essentially uncontrolled device."

This is the first time since the county issued its first Blackberry device in 2003 that law enforcement has needed access to a locked county-owned phone, Wert said. Prosecutors said in court filings that the county gave its consent to search the device. County policy said digital devices can be searched at any time and Farook signed such an agreement.

Apple executives said Friday that the company had worked hard to help federal investigators get information off the locked iPhone, suggesting they use an iCloud workaround while the phone was connected to a familiar wireless network so that it would begin automatically backing up and provide access to data. The executives spoke on condition of anonymity because of the ongoing legal process.

The executives said Apple sent engineers to work with the FBI on the workaround but the effort ultimately failed. In the government's filing Friday, prosecutors said in a footnote that neither the county nor the FBI knew the password to the iCloud account and the county, in an effort to get access to information on the phone in the hours after the attack, reset the password remotely -- thereby eliminating the possibility of that workaround being successful.

But if the county had installed the management device it had bought onto Farook's phone, none of these efforts would have been necessary.

Gartner Inc., a technology research firm, estimated that over 60 percent of large enterprises -- meaning business, government and educational entities -- used some kind of MDM software as of last year, though not necessarily on all company-owned devices. That percentage is likely higher now than when the research was done months ago, said Terrence Cosgrove, a research director with Gartner's mobile and client computing research group. Cosgrove said MDM adoption rates are generally higher among government users.

Many workers balk at the idea that the software can monitor and track their personal phones, said Alex Heid, chief research officer at the cybersecurity firm SecurityScorecard Inc. But if the company provides a phone, it's considered reasonable practice to use such software.

"If a company's assumption is that they might not be able to get back into a device one day then it's not really a company asset at that point, it's a gift," he said.

James Comey, the director of the FBI, penned a message posted to Lawfare Blog on Sunday evening. In it, he writes that he could not look the San Bernardino victims in the eyes without taking this lead.

"The San Bernardino litigation isn't about trying to set a precedent or send any kind of message. It is about the victims and justice," he writes. "Fourteen people were slaughtered and many more had their lives and bodies ruined. We owe them a thorough and professional investigation under law. That's what this is. The American people should expect nothing less from the FBI."

He writes that this particular legal issue is actually quite narrow.

"The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly," he writes. "That's it. We don't want to break anyone's encryption or set a master key loose on the land."

NYPD Deputy Commissioner of Intelligence and Counterterrorism John Miller points out the victims of terrorist attacks are the Apple CEO Tim Cook's "customers too."

"I have to ask, how many people who died on the floor in San Bernardino or in Paris had iPhones in their pockets as they were being killed by the terrorists?" Miller said on "CBS This Morning" Friday.

In an open letter Tuesday, CEO Tim Cook said: "Building a version of iOS that bypasses security in this way would undeniably create a backdoor," which Miller dismissed.

"They've come in with a federal warrant based on probable clause signed by U.S. magistrate. That's how we do it in democracy -- they're asking for a front door," Miller said.

NYPD's John Miller: San Bernardino terror victims are Apple customers too

Calling the phone a "giant, massive storage device," Miller pointed to the possibility that this could unseal crucial evidence in the ongoing investigation. While investigators have been able to retrieve some information from Farook's iCloud, they said he stopped backing up his phone about six weeks prior to the Dec. 2 terrorist attack.

"There are notes in there, there are apps in there. There are all kinds of things in there that don't touch the cloud, there are things that do touch the cloud," Miller said. "There are things that are saved, there are documents."

But Cook claims that "once created, the technique could be used over and over again, on any number of devices." Since his open letter, other major tech companies -- including Facebook, Google and Twitter --have also come forward to support Apple's stance against the government.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.