FBI Paid Hackers To Crack iPhone Encryption, Report Claims - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

FBI Paid Hackers To Crack iPhone Encryption, Report Claims

Gray hat hackers, not Israel-based Cellebrite, ultimately provided a way into Syed Farook's encrypted iPhone, according to the Washington Post.

iPhone Encryption: 5 Ways It's Changed Over Time
iPhone Encryption: 5 Ways It's Changed Over Time
(Click image for larger view and slideshow.)

The "outside party" that helped the FBI to access data on the encrypted iPhone of San Bernardino terrorist Syed Farook wasn't the Israeli company Cellebrite, as many expected, but rather a group of hackers, the Washington Post reported April 12.

The hackers brought to the bureau's attention a previously unknown security flaw in the iOS 9 operating system, which the bureau was able to use to crack the iPhone's four-digit personal identification number without triggering security features that would delete the data or expand the time required between guesses, according to the Post.

"They were paid a one-time flat fee for the solution," according to the story.

The report also noted that at least one of the hackers is a so-called "gray hat."

While white hats share vulnerabilities with the company responsible for a software so that it can be fixed, and black hats use discovered vulnerabilities to hack into networks and steal information, gray hats sell discovered vulnerabilities for a profit.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

The found vulnerability, in this case, is only applicable to iPhone 5c models running iOS 9.

Cellebrite, which has worked with the FBI client before the San Bernardino case, did help with it, according to report from Bloomberg. But apparently it didn't solve the matter.

The FBI's desire to access the smartphone's data led to a Feb. 16 court order against Apple and kicked off global debates, after Apple pushed back and appealed to the public to consider the matter as one with lasting consequences requiring public discussion.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

After numerous court filings from both parties, leading up to a March 22 court day, the FBI dropped the case March 21, stating that an outside party had provided a method that could enable it to unlock the iPhone without Apple's assistance.

"The government has now successfully accessed the data stored on Farook's iPhone," the FBI said in the March 21 status report.

A legal ruling has yet to be made regarding how and to what extent technology companies are required to assist law enforcement, as new encryption technologies create spaces that are locked off to all but their owners. The concept bucks the American legal principle that, with good reason and appropriate oversight, law enforcement is allowed into private spaces.

FBI Director James Comey, during an April 6 speech at Kenyon College, urged all parties to continue probing the issue, even though the case has been dropped.

"Litigation is a terrible place to have any kind of discussion about a complicated policy issue. Especially one that touches on our values … So it is a good thing that the litigation is over. But it would be a bad thing if the conversation ended," Comey said.

Added to that conversation now is the matter of whether the FBI should or will share the discovered vulnerability with Apple.

To the FBI, the risk is that it shares with Apple, which will then, appropriately, address the vulnerability. "And then we're back where we started from," Comey said during his Kenyon talk.

However, disclosure -- at some point -- is likely.

In the White House, there's a "strong bias towards disclosure," Michael Daniel, the White House cyber-security coordinator, said during an October 2014 interview discovered by the Post.

It's also the common practice in the white hat hacker community.

"It's something that we in the hacker community call 'responsible disclosure,'" Nico Sell, cofounder of secure communications company Wickr, said during a March 29 television interview on Bloomberg.

"It's something we do every day to protect all of us."

Still another unknown that the FBI has yet to disclose: Whether it actually found any information of use on the newly unlocked iPhone.

Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
4/20/2016 | 12:15:23 PM
What I like everyone else is concerned about our privacy we all know that in times when national security is involved privacy becomes an issue . I understand the concern that Apple had however since we were discussing the technology of the known terrorist I feel that there unwillingness to help is not understandable . When lives are at stake we need to act quickly . If every raid an investigation in Europe underwent this type of scrutiny and masterminds of the Paris attacks in Brussels attacks may still be walking the streets . These are unusual times and we need to treat them as such .
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll