Apple, FBI "backdoor" battle could've been avoided with basic IT security practices
The legal spat between the FBI and Apple over a locked iPhone belonging to one of the San Bernardino shooter Syed Farook likely could've been avoided had his employer installed mobile device management software on the device.
San Bernardino County, which employed Farook, confirmed that it installs MobileIron software, a widely-used app, on some but not all of its employees' iPhones, according to Reuters, which first broke the story.
Federal agents have been trying to gain access to the iPhone since Farook and his wife, Tashfeen Malik, killed 14 people and injured dozens in the shooting attack on December 2.
But the FBI said it's unable to unlock the iPhone in question because it's locked with a passcode.
An executive at MobileIron confirmed that the IT department "could unlock" the particular phone if the software was installed.
The software allows IT administrators to remotely manage, update, and secure sensitive corporate data on iPhones, often in the background and without any interaction from the user. If a phone is lost or stolen, the data can be remotely erased, and passcodes can be reset if they are forgotten.
Using mobile device management software is considered the industry norm across business and enterprise users. Many bring-your-own-device users who use their phones for both personal and corporate use will have some kind of basic remote management software available -- often provided by the phone maker -- such as Apple's Find My iPhone or Google's Android Device Manager.
Because the FBI has no way of accessing the locked iPhone, it sought a court order to force Apple to help.
Judge Sheri Pym ruled this week that Apple must provide "reasonable technical assistance" to help agents unlock the phone. iPhones that are protected by a passcode are encrypted, and cannot be unlocked by Apple.
Knowing this, the court instead ordered Apple to provide a custom version of the phone's software, which would help agents enter the iPhone's password without the device wiping its contents after numerous failed attempts.
Apple chief executive Tim Cook said hours after the order was made public that the company would oppose the order, saying bypassing the security feature would "undeniably create a backdoor."
Despite its pushback, Apple said it was willing to cooperate as much as it could prior to the court order, but claimed the FBI fluffed the effort.
A senior Apple executive speaking to the media Friday on condition of anonymity said the FBI could've been able to obtain data from Farook's iPhone by connecting it to a familiar Wi-Fi network and having it create a new backup to Apple's iCloud service.
From sister-site CNET:
"The idea was foiled, the executives say, because the password to the terrorist's iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn't recognize each other, the executives said."
San Bernardino County's official Twitter feed said in a tweet that the county was "working cooperatively with the FBI when it reset the iCloud password at the FBI's request."
The FBI said on Saturday that the latest backup to iCloud was carried out on October 19, but still needed help from Apple in case there was new data.
The statement noted:
"Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains. Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance as required by the All Writs Act order.