FBI Paid Hackers To Crack iPhone Encryption, Report Claims

Gray hat hackers, not Israel-based Cellebrite, ultimately provided a way into Syed Farook's encrypted iPhone, according to the Washington Post.



iPhone Encryption: 5 Ways It's Changed Over Time
iPhone Encryption: 5 Ways It's Changed Over Time
(Click image for larger view and slideshow.)

The "outside party" that helped the FBI to access data on the encrypted iPhone of San Bernardino terrorist Syed Farook wasn't the Israeli company Cellebrite, as many expected, but rather a group of hackers, the Washington Post reported April 12.

The hackers brought to the bureau's attention a previously unknown security flaw in the iOS 9 operating system, which the bureau was able to use to crack the iPhone's four-digit personal identification number without triggering security features that would delete the data or expand the time required between guesses, according to the Post.

"They were paid a one-time flat fee for the solution," according to the story.

The report also noted that at least one of the hackers is a so-called "gray hat."

While white hats share vulnerabilities with the company responsible for a software so that it can be fixed, and black hats use discovered vulnerabilities to hack into networks and steal information, gray hats sell discovered vulnerabilities for a profit.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

The found vulnerability, in this case, is only applicable to iPhone 5c models running iOS 9.

Cellebrite, which has worked with the FBI client before the San Bernardino case, did help with it, according to report from Bloomberg. But apparently it didn't solve the matter.

The FBI's desire to access the smartphone's data led to a Feb. 16 court order against Apple and kicked off global debates, after Apple pushed back and appealed to the public to consider the matter as one with lasting consequences requiring public discussion.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

After numerous court filings from both parties, leading up to a March 22 court day, the FBI dropped the case March 21, stating that an outside party had provided a method that could enable it to unlock the iPhone without Apple's assistance.

"The government has now successfully accessed the data stored on Farook's iPhone," the FBI said in the March 21 status report.

A legal ruling has yet to be made regarding how and to what extent technology companies are required to assist law enforcement, as new encryption technologies create spaces that are locked off to all but their owners. The concept bucks the American legal principle that, with good reason and appropriate oversight, law enforcement is allowed into private spaces.

FBI Director James Comey, during an April 6 speech at Kenyon College, urged all parties to continue probing the issue, even though the case has been dropped.

"Litigation is a terrible place to have any kind of discussion about a complicated policy issue. Especially one that touches on our values … So it is a good thing that the litigation is over. But it would be a bad thing if the conversation ended," Comey said.

Added to that conversation now is the matter of whether the FBI should or will share the discovered vulnerability with Apple.

To the FBI, the risk is that it shares with Apple, which will then, appropriately, address the vulnerability. "And then we're back where we started from," Comey said during his Kenyon talk.

However, disclosure -- at some point -- is likely.

In the White House, there's a "strong bias towards disclosure," Michael Daniel, the White House cyber-security coordinator, said during an October 2014 interview discovered by the Post.

It's also the common practice in the white hat hacker community.

"It's something that we in the hacker community call 'responsible disclosure,'" Nico Sell, cofounder of secure communications company Wickr, said during a March 29 television interview on Bloomberg.

"It's something we do every day to protect all of us."

Still another unknown that the FBI has yet to disclose: Whether it actually found any information of use on the newly unlocked iPhone.

Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service