The FBI announced recently that it managed to hack the iPhone belonging to the San Bernardino shooter without Apple’s help and all signs pointed to Cellebrite being the mysterious outside party. However, people familiar with the matter said it was actually professional hackers who aided the agency in breaking into the Islamic terrorist’s smartphone.
According to The Washington Post, at least one of the people who helped the FBI access the information on the San Bernardino shooter’s phone without triggering Apple’s protections is a grey hat hacker who provided the law enforcement agency a previously undisclosed software vulnerability.
The zero-day, for which the hacker was reportedly paid a one-time flat fee, was used by the FBI to create a piece of hardware that could crack the iPhone’s passcode.
When it convinced a judge to order Apple to help it hack into the phone of Syed Rizwan Farook, the terrorist behind the San Bernardino shooting, the agency requested a solution that would allow it to bypass or disable the “Erase Data” function that makes iOS devices erase all data stored on them after 10 failed passcode attempts, and disable the delays between password entry attempts. The FBI estimated that with these security features disabled, it could brute-force Farook’s password in 26 minutes.
While it’s unclear who provided the FBI with the exploit, there are companies that openly advertise the sale of zero-days to governments and corporations. One example is Zerodium, which has been offering up to $500,000 for zero-day flaws in Apple’s iOS operating system. The famous hacker Kevin Mitnick has also been running an exclusive brokerage service through which interested parties can buy and sell premium zero-days.
Companies such as Italian spyware maker Hacking Team are also known to possess numerous valuable zero-day exploits, as demonstrated by the data leaked online after the firm’s systems were breached last year.
FBI Director James Comey said the solution used by the agency to hack Farook’s phone only works on iPhone 5C running iOS 9. The government is still considering whether or not it should disclose the vulnerability to Apple, and the tech giant said it will not take any legal steps to get the government to hand it over.
“That the FBI paid vulnerability researchers to help them break into the San Bernardino shooter’s iPhone is probably not much of a surprise to anyone in the information security community. Many high profile security professionals, most notably John McAfee who offered to help the FBI unlock the phone ‘for free’, commented that they felt an unknown security vulnerability would be the most likely method for the FBI to gain access,” Nathan Wenzler, executive director of security at Thycotic, told SecurityWeek.
“What is, perhaps, more troublesome though is the uncertainty surrounding whether the federal government will follow a responsible disclosure process to share what the vulnerability is with Apple. This debate about whether the FBI should keep the vulnerability secret in order to further its intelligence goals, or to share the information so as to allow Apple to fix the vulnerability and thus, secure and protect millions of users worldwide is contrary to the usual rhetoric the government provides to other hackers and security researchers to always share this information,” Wenzler added.
iOS forensics expert Jonathan Zdziarski, whose tools and expertise have helped law enforcement agencies numerous times, posted a blog post last month describing how a software exploit could have been used to hack Farook’s iPhone. Zdziarski warned about the implications of not disclosing the exploit to Apple, and so have many other industry professionals.
As for the Israel-based mobile forensics firm Cellebrite, while it might not have aided the FBI in this case, the company appears to have the resources needed to unlock iPhones. CNN reported on Tuesday that the company has offered to help a man access the content stored on his dead son’s iPhone 6, which should be even more secure than Farook’s device.
While the FBI may have backed down in the San Bernardino shooter’s case, the U.S. government is keeping the encryption battle with Apple alive. Prosecutors want Apple to help them hack an iPhone involved in a drug case in New York, where the defendant has already pleaded guilty and is set to be sentenced. Apple is determined to maintain its stance, arguing that complying with such requests sets a dangerous precedent.
Related Reading: Draft Encryption Bill Criticized by Experts

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
