If you’re the FBI, and Apple refuses to assist you, how do you crack open a locked iPhone? Apparently, the same way as everyone else (provided you have sufficient funds): You pay professional hackers to do it.
According to a report by the Washington Post, published Tuesday, the agency managed to crack open the iPhone 5C that was used by San Bernardino gunman Syed Farook by paying a one-time fee to an unnamed group of hackers.
The hackers defeated the device’s security by using a previously undiscovered security flaw in the iPhone’s software. This flaw was then used to create a hardware device that helped open the iPhone without triggering the security feature that erases all of its data after too many unsuccessful login attempts.
While the hackers aren’t identified in the report, people familiar with the matter told theWashington Post it was not the Israeli firm Cellebrite, as previous reports have claimed.
Furthermore, at least one of the hackers involved is considered to be a “gray hat,” a somewhat vague term which denominates hackers who tread the fine line between ethical and unethical hacking.
The vulnerability used to crack open the iPhone 5C probably works only on that model, and only if it’s running the iOS 9 version of Apple’s mobile platform, making it a fairly limited security issue for users.
While that solves FBI’s problem in this case, the question remains: Should the agency now publicly disclose the nature of the security flaw used to hack into the iPhone? According to FBI Director James Comey, who addressed the issue in a speech on Encryption and Surveillance at Kenyon College last Wednesday, the agency is “considering” it.
“It’s an interesting conversation because, we tell Apple, they fix it and then we’re back where we started from,” he said.