« Episode 100: Does "intelligence under law" only work if the President breaks the law from time to time? | Main | Or is Apple happy to enable a backdoor as long as it makes money from it? »

Feb 20, 2016


I am not in the financial industry, but as someone who works in the Information Security industry I'll take a crack at this.

The failure on the part of San Bernardino County was to not deploy a Mobile Device Management (MDM) solution. If they had, then they would have the capability to unlock the phone and this entire issue would be moot.

A MDM would allow the administrators to remove the lock and access information on the device, for example Apple's MDM has the capability of removing a lock code altogether if the device is enrolled in a MDM:
"The ClearPasscode command requires the device’s UnlockToken (which was provided to
the server during the enrollment phase, in the UpdateToken message):"

Any CISO worth their salt is going to deploy an MDM solution as part of good GRC especially if those devices are firm owned, or can access firm data as a MDM can not only let you back into a locked device but can remotely wipe a device that is no longer in your control.

The comments to this entry are closed.