The US investigation agency FBI demands that Apple Inc unlock an iPhone used by San Bernardino shooter Rizwan Farook might have been avoided if his employer, which owns the device, had equipped it with special mobile phone software it issues to many workers.
San Bernardino County, which employed Farook as an environmental health inspector, requires some, but not all, of its workers to install mobile-device management software made by Silicon Valley-based MobileIron Inc on government-issued phones, according to county spokesman David Wert.
That software is designed to secure corporate data. It also allows information technology departments to remotely unlock phones, even without assistance of the phone’s users or access to the password needed to open the phone and unscramble the data.
“If that particular iPhone was using MobileIron, the county’s IT department could unlock it,” MobileIron Vice President Ojas Rege told Reuters.
The problem is that the MobileIron software was not installed on Farook’s phone because his department did not use it. “The app was not installed on that device,” Wert said.
If it had been, the high-stakes legal battle that has pitted Apple and much of the technology industry against the U.S. government could have been avoided altogether. The Department of Justice, in court filings, has said there is no way to get at the data in the phone without Apple engineering a special software solution.
Apple, which is refusing to comply with a judge’s order to unlock the phone, could not be reached immediately for comment.
Wert said he did not know why some departments opted out of using the mobile-management software. He said that the county might review the policy after the debacle over accessing Farook’s phone.
“I think everybody who is in the business of providing mobile devices to their employees is probably taking a fresh look after these past couple days,” he said.
David Goldschlag, a mobile-security expert with Pulse Secure, confirmed that MobileIron is capable of unlocking phones without the user’s passcode, and he said the company’s major competitors have similar features.
— Edward Snowden (@Snowden) February 19, 2016
To be sure, mobile security experts warned that Farook could still have prevented the county from remotely accessing his phone by simply deleting the MobileIron software from his phone. But such a deletion would at a minimum have alerted managers to a problem, security experts said.