Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

FBI Can Keep Details of iPhone Hack Secret: Judge

A federal judge ruled last week that the U.S. Federal Bureau of Investigation (FBI) is not obligated to disclose the details of a hacking tool used to access data stored on an iPhone belonging to the man behind the 2015 mass shooting in San Bernardino, California.

A federal judge ruled last week that the U.S. Federal Bureau of Investigation (FBI) is not obligated to disclose the details of a hacking tool used to access data stored on an iPhone belonging to the man behind the 2015 mass shooting in San Bernardino, California.

USA Today, The Associated Press and Vice Media filed Freedom of Information Act (FOIA) requests in an effort to find out who helped the law enforcement agency hack the iPhone and how much it cost. The FBI refused to provide the information and a judge has agreed with the agency.

The FBI has managed to convince United States District Court Judge Tanya Chutkan that it should not be forced to disclose the information due to national security concerns.

The agency argued that releasing the vendor’s identity could allow adversaries to study that company’s publicly available products in an effort to find weaknesses and create better encryption technology that would prevent future attempts to use the iPhone hacking tool.

The FBI is also concerned that releasing the vendor’s name would subject the company to cyberattacks.

“Since the vendor is not as well equipped to guard against these types of attacks as is the FBI, revealing the vendor’s identity ‘risks disclosure, exploitation, and circumvention of a classified intelligence source and method’,” Judge Chutkan said in her ruling.

As for the price of hacking the San Bernardino terrorist’s iPhone, statements made by James Comey, former director of the FBI, and U.S. Senator Dianne Feinstein suggest that the agency paid roughly $1 million to have the phone unlocked.

However, the FBI did not want to disclose the exact amount, arguing that “revealing the price paid for the tool would allow adversaries to determine its usefulness and assess its nature, and would reveal where the FBI concentrates its resources in national security investigations.”

“Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilize the technology to access their encrypted devices,” the judge said.

Hacking the iPhone of the San Bernardino shooter

In December 2015, Syed Rizwan Farook and his wife, Tashfeen Malik, killed 14 people in a mass shooting in San Bernardino, California. The attackers were later killed in a shootout with police.

Investigators believed at the time that Farook’s work-issued iPhone 5c could contain important evidence, but they could not access the data stored on it because the device was protected by a passcode and the security mechanisms implemented by Apple prevented brute-force attacks.

The FBI tried to convince a judge to force Apple to create a backdoor to the iPhone, but the tech giant refused, arguing that it would create a dangerous precedent. In the end, the law enforcement agency managed to hack Farook’s iPhone with the help of an unidentified “outside party.”

While the FBI reportedly paid roughly $1 million for the tool, which is said to work only for an iPhone 5c running iOS 9, experts later demonstrated that it could have been done via a relatively inexpensive hardware hacking technique called NAND mirroring, which the FBI dismissed in the early stages of the investigation.

Activists asked the FBI to disclose the methods used to crack the phone, but the agency said it had not obtained technical information on how the attack worked or what vulnerabilities it exploited.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...