FBI Paid Hackers To Crack iPhone Encryption, Report Claims - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity

FBI Paid Hackers To Crack iPhone Encryption, Report Claims

Gray hat hackers, not Israel-based Cellebrite, ultimately provided a way into Syed Farook's encrypted iPhone, according to the Washington Post.

iPhone Encryption: 5 Ways It's Changed Over Time
iPhone Encryption: 5 Ways It's Changed Over Time
(Click image for larger view and slideshow.)

The "outside party" that helped the FBI to access data on the encrypted iPhone of San Bernardino terrorist Syed Farook wasn't the Israeli company Cellebrite, as many expected, but rather a group of hackers, the Washington Post reported April 12.

The hackers brought to the bureau's attention a previously unknown security flaw in the iOS 9 operating system, which the bureau was able to use to crack the iPhone's four-digit personal identification number without triggering security features that would delete the data or expand the time required between guesses, according to the Post.

"They were paid a one-time flat fee for the solution," according to the story.

The report also noted that at least one of the hackers is a so-called "gray hat."

While white hats share vulnerabilities with the company responsible for a software so that it can be fixed, and black hats use discovered vulnerabilities to hack into networks and steal information, gray hats sell discovered vulnerabilities for a profit.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

The found vulnerability, in this case, is only applicable to iPhone 5c models running iOS 9.

Cellebrite, which has worked with the FBI client before the San Bernardino case, did help with it, according to report from Bloomberg. But apparently it didn't solve the matter.

The FBI's desire to access the smartphone's data led to a Feb. 16 court order against Apple and kicked off global debates, after Apple pushed back and appealed to the public to consider the matter as one with lasting consequences requiring public discussion.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

After numerous court filings from both parties, leading up to a March 22 court day, the FBI dropped the case March 21, stating that an outside party had provided a method that could enable it to unlock the iPhone without Apple's assistance.

"The government has now successfully accessed the data stored on Farook's iPhone," the FBI said in the March 21 status report.

A legal ruling has yet to be made regarding how and to what extent technology companies are required to assist law enforcement, as new encryption technologies create spaces that are locked off to all but their owners. The concept bucks the American legal principle that, with good reason and appropriate oversight, law enforcement is allowed into private spaces.

FBI Director James Comey, during an April 6 speech at Kenyon College, urged all parties to continue probing the issue, even though the case has been dropped.

"Litigation is a terrible place to have any kind of discussion about a complicated policy issue. Especially one that touches on our values … So it is a good thing that the litigation is over. But it would be a bad thing if the conversation ended," Comey said.

Added to that conversation now is the matter of whether the FBI should or will share the discovered vulnerability with Apple.

To the FBI, the risk is that it shares with Apple, which will then, appropriately, address the vulnerability. "And then we're back where we started from," Comey said during his Kenyon talk.

However, disclosure -- at some point -- is likely.

In the White House, there's a "strong bias towards disclosure," Michael Daniel, the White House cyber-security coordinator, said during an October 2014 interview discovered by the Post.

It's also the common practice in the white hat hacker community.

"It's something that we in the hacker community call 'responsible disclosure,'" Nico Sell, cofounder of secure communications company Wickr, said during a March 29 television interview on Bloomberg.

"It's something we do every day to protect all of us."

Still another unknown that the FBI has yet to disclose: Whether it actually found any information of use on the newly unlocked iPhone.

Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Banacek
0%
100%
Banacek,
User Rank: Ninja
4/14/2016 | 11:15:26 AM
Re: Mixed feelings
" On one hand I am upset that Apple took such a strong stance against the FBI to the point you would think Apple was holding out against the Gestapo."

I'm sorry, but when your government has a history of acting like that, they lose all benefit of the doubt. The government has secret warrants, NSLs, gag orders. They've been found to spy on citizens, collect information in the hopes it will help them. We've got leaders telling us "If you've got nothing to hide, you shouldn't care", which I think would make an authoritarian country groan with a "I've heard that before". The FBI, for decades, kept files and tabs on all sorts of 'subversives' in our country, doing who knows what with the information. (Find out a candidate for president is having an affair, you can control them!). All in the name of 'keeping us safe'.

Here's a sad story. I was listening to an old-time-radio show, This is your FBI, from the early 50s. In this episode, at a break, the narrator went on to tell us about the horrors of communism by retelling a story of someone who escaped from a country under a communist regime. He talked about being imprisoned without trial, about being kept awake for days on end, being bombarded with music and noise, all in an attempt to break him (re-educate, you know). And as he was going on and on about these deplorable acts, I could tick off each and every one of them as being something the US has been caught doing lately under the PATRIOT Act. And you think of everything the government has been exposed doing, and all I can think back to is my days growing up hearing about government surveillance in East Germany and Russia and wondering "How did we let our government turn into the USSR?".

Oh, but they're "terrorists" and it's "war", that's OK then.
Banacek
0%
100%
Banacek,
User Rank: Ninja
4/14/2016 | 11:05:30 AM
Re: ...The End
You won't hear anything because there was no intelligence on that phone to begin with. These people weren't completely stupid and incompetent that they could only use one email address or something, you know. They destroyed two of their phones. Why not this one? Because it was his work phone, not his personal one. What do you think he's doing? "Hey, Osama, send me that critical planning information on my work phone, the one the my employers can track, watch, read, and has access to all the data, because it's too hard to have to grab my other phone to read those messages."

And since terrorist cells work as cells, they're not going to know anything about anything else happening anyways. The best you're going to get is phone numbers. And those they would have already found on their other phones/records, if any.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
4/14/2016 | 8:19:06 AM
Re: ...The End
@Michelle: I don't think you will really hear anything about this for a while. Right now it is probably quiet because the FBI is either acting on the intelligence or still analysing it. You will hear something after a raid, arrest or take down of suspects. If they say something beforehand it will tip off the terrorists. Frankly I wish the FBI did not say anything at all about Apple and about breaking into the phone.
Michelle
50%
50%
Michelle,
User Rank: Ninja
4/13/2016 | 11:42:48 PM
Re: ...The End
@tjgkg I didn't phrase my comment very well. I really only want to know if they found something and hope they act on it. I don't want to know details of an ongoing operation like this. 
tjgkg
0%
100%
tjgkg,
User Rank: Ninja
4/13/2016 | 1:58:44 PM
Re: ...The End
You haven't heard anything because the FBI is analyzing and (hopefully) acting on the intelligence they found on that phone. It makes no sense to publicize what they found and tip off the terrorists.
tjgkg
0%
100%
tjgkg,
User Rank: Ninja
4/13/2016 | 1:57:02 PM
Mixed feelings
I have so many mixed feelings about this story. On one hand I am upset that Apple took such a strong stance against the FBI to the point you would think Apple was holding out against the Gestapo. I understand Apple's feeling of responsibility to its users in terms of privacy and security. But there are times when everyone has to come together for the benefit of the country and ALL its citizens, not just Apple users. Police enter homes with search warrants. The FBI I don't think had that option to enter a locked phone so it had to go through the courts. At the same time they were public about their effort to get into that phone, something an evil agency would not do. I am glad they got into it and hopefully they have uncovered a treasure trove of intelligence that will be used to protect our nation and its citizens. It will be interesting to see how Tim Cook handles the Chinese government should they request a similar service for something far less serious than terrorism.
Michelle
50%
50%
Michelle,
User Rank: Ninja
4/13/2016 | 1:56:58 PM
...The End
This story's end is like a tech-thriller only in real life... I want to know what they found on that phone, if anything. This has been a very public fight for information.
<<   <   Page 2 / 2
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll