Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Grey Hat Hackers Helped FBI Hack iPhone: Report

The FBI announced recently that it managed to hack the iPhone belonging to the San Bernardino shooter without Apple’s help and all signs pointed to Cellebrite being the mysterious outside party. However, people familiar with the matter said it was actually professional hackers who aided the agency in breaking into the Islamic terrorist’s smartphone.

The FBI announced recently that it managed to hack the iPhone belonging to the San Bernardino shooter without Apple’s help and all signs pointed to Cellebrite being the mysterious outside party. However, people familiar with the matter said it was actually professional hackers who aided the agency in breaking into the Islamic terrorist’s smartphone.

According to The Washington Post, at least one of the people who helped the FBI access the information on the San Bernardino shooter’s phone without triggering Apple’s protections is a grey hat hacker who provided the law enforcement agency a previously undisclosed software vulnerability.

The zero-day, for which the hacker was reportedly paid a one-time flat fee, was used by the FBI to create a piece of hardware that could crack the iPhone’s passcode.

When it convinced a judge to order Apple to help it hack into the phone of Syed Rizwan Farook, the terrorist behind the San Bernardino shooting, the agency requested a solution that would allow it to bypass or disable the “Erase Data” function that makes iOS devices erase all data stored on them after 10 failed passcode attempts, and disable the delays between password entry attempts. The FBI estimated that with these security features disabled, it could brute-force Farook’s password in 26 minutes.

While it’s unclear who provided the FBI with the exploit, there are companies that openly advertise the sale of zero-days to governments and corporations. One example is Zerodium, which has been offering up to $500,000 for zero-day flaws in Apple’s iOS operating system. The famous hacker Kevin Mitnick has also been running an exclusive brokerage service through which interested parties can buy and sell premium zero-days.

Companies such as Italian spyware maker Hacking Team are also known to possess numerous valuable zero-day exploits, as demonstrated by the data leaked online after the firm’s systems were breached last year.

FBI Director James Comey said the solution used by the agency to hack Farook’s phone only works on iPhone 5C running iOS 9. The government is still considering whether or not it should disclose the vulnerability to Apple, and the tech giant said it will not take any legal steps to get the government to hand it over.

“That the FBI paid vulnerability researchers to help them break into the San Bernardino shooter’s iPhone is probably not much of a surprise to anyone in the information security community. Many high profile security professionals, most notably John McAfee who offered to help the FBI unlock the phone ‘for free’, commented that they felt an unknown security vulnerability would be the most likely method for the FBI to gain access,” Nathan Wenzler, executive director of security at Thycotic, told SecurityWeek.

“What is, perhaps, more troublesome though is the uncertainty surrounding whether the federal government will follow a responsible disclosure process to share what the vulnerability is with Apple. This debate about whether the FBI should keep the vulnerability secret in order to further its intelligence goals, or to share the information so as to allow Apple to fix the vulnerability and thus, secure and protect millions of users worldwide is contrary to the usual rhetoric the government provides to other hackers and security researchers to always share this information,” Wenzler added.

iOS forensics expert Jonathan Zdziarski, whose tools and expertise have helped law enforcement agencies numerous times, posted a blog post last month describing how a software exploit could have been used to hack Farook’s iPhone. Zdziarski warned about the implications of not disclosing the exploit to Apple, and so have many other industry professionals.

As for the Israel-based mobile forensics firm Cellebrite, while it might not have aided the FBI in this case, the company appears to have the resources needed to unlock iPhones. CNN reported on Tuesday that the company has offered to help a man access the content stored on his dead son’s iPhone 6, which should be even more secure than Farook’s device.

While the FBI may have backed down in the San Bernardino shooter’s case, the U.S. government is keeping the encryption battle with Apple alive. Prosecutors want Apple to help them hack an iPhone involved in a drug case in New York, where the defendant has already pleaded guilty and is set to be sentenced. Apple is determined to maintain its stance, arguing that complying with such requests sets a dangerous precedent.

Related Reading: Draft Encryption Bill Criticized by Experts

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.