San Bernardino district attorney Michael Ramos has backtracked from his remarks claiming the iPhone at the centre of the current 'Apple vs FBI' controversy was possibly storing a so-called 'cyber pathogen'.
Technology giant Apple and the FBI have been engaged in court proceedings after disagreeing over encryption on the iPhone 5C recovered from the processions of Syed Rizwan Farook, who killed over a dozen people in an Islamic State-inspired spree. The FBI claim they cannot access the content of the device, while Apple maintain that unlocking the phone would set a 'dangerous precedent'.
In court filings related to the case, Ramos argued the FBI was justified in seeking Apple to help unlock the iPhone because it could potentially be used as a weapon to attack critical infrastructure or county computer systems.
"The seized iPhone may contain evidence that can only be found on the seized phone –that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County's infrastructure [...] and poses a continuing threat to the citizens of San Bernardino County," he asserted. The main problem was that no-one else knew what that meant.
After facing harsh criticism from the security community – and being openly mocked on Twitter - Ramos has distanced himself from the claims. According to The Associated Press, he later acknowledged there was 'no evidence' to back up his statement but added: "I wouldn't call it a total hypothetical."
In response to the 'cyber pathogen' remarks, independent software expert Jonathan Zdziarski said the comments were not only misleading to the court, but amount to "blatant fear-mongering".
"They are designed to manipulate the court into making a ruling for the FBI, and in my opinion are egregious enough that Ramos should be held in contempt just for filing what amounts to a crazy apocalypse story," he wrote in a blog post.
"In information security, we have many widely accepted terms for network based threats," he continued. "These include worms, viruses, backdoors; we have penetration tools, fuzzers, scanners, sniffers, etc. These are all very specific terms and they have a general consensus about their meaning. We don't use dramatic and generalised terms like 'pathogen', and most people in information security even hate the term 'cyber'.
"In fact, CSI: Cyber is not even bold enough to use wildly non-existent terms like 'cyber pathogen' in their scripts. Why? Because terms like this have no technical substance whatsoever, and will incite either fear or eye rolling - often the latter." He added: "So what of Ramos's comments of a 'lying dormant cyber pathogen' on the device? Well, he's right about the lying part, but the rest sounds entirely made up."