The FBI accessed the contents of a San Bernardino terrorist’s phone after receiving help from professional hackers who “discovered and brought to the bureau at least one previously unknown software flaw,” the Washington Post was first to report today.
The Israeli firm Cellebrite didn't have anything to do with it, Ellen Nakashima reported in the paper.
Cracking the older iPhone's 4-digit PIN wasn't the FBI's problem–they needed help overriding a feature on that generation of the device that wipes stored data after 10 failed passcode guesses.
The government doesn't appear to be very enthusiastic about sharing the security vulnerability with Apple, despite the fact that it places the security of an untold number of Americans at risk. A group led by the White House will likely decide whether to keep the taxpayer-funded hack secret, or whether it should be shared at least with Apple, if not with the American public. In a widely reported court battle, the Department of Justice sought to compel Apple to essentially write a government-mandated backdoor into its own product.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
Apple recently said it does not plan to sue the government to force it to share the solution the FBI bought from the so-called 'gray hat' hackers, whose identities have not been disclosed. The Washington Post cites only anonymous sources. At the time of this blog post, no other news organizations have verified the identity of the hackers for hire whom the Post characterizes as "ethically murky."
"FBI paid professional hackers one-time fee to crack San Bernardino iPhone" [washington post]
And below, what does Snowden know about this that we don't? Hmmm… perhaps it means we're likely to find out what happened at one of the two big U.S. hacker cons, DEF CON or Black Hat.
Prediction: @FBI's refusal to close security holes found during iPhone hack will result in attack being globally available by year's end.
— Edward Snowden (@Snowden) April 13, 2016
FBI:
✅ paid for
✅ a previously unknown
✅ flaw in iOS
✅ used it to hack phone
❌ Didn't consider disclosing to Applehttps://t.co/Yx1L28KGTT— Andrew Crocker (@agcrocker) April 13, 2016
Personally, I think we'll see it by the end of August.
— Edward Snowden (@Snowden) April 13, 2016