The FBI announced recently that it managed to hack the iPhone belonging to the San Bernardino shooter without Apple’s help and all signs pointed to Cellebrite being the mysterious outside party. However, people familiar with the matter said it was actually professional hackers who aided the agency in breaking into the Islamic terrorist’s smartphone.
According to The Washington Post, at least one of the people who helped the FBI access the information on the San Bernardino shooter’s phone without triggering Apple’s protections is a grey hat hacker who provided the law enforcement agency a previously undisclosed software vulnerability.
The zero-day, for which the hacker was reportedly paid a one-time flat fee, was used by the FBI to create a piece of hardware that could crack the iPhone’s passcode.
When it convinced a judge to order Apple to help it hack into the phone of Syed Rizwan Farook, the terrorist behind the San Bernardino shooting, the agency requested a solution that would allow it to bypass or disable the “Erase Data” function that makes iOS devices erase all data stored on them after 10 failed passcode attempts, and disable the delays between password entry attempts. The FBI estimated that with these security features disabled, it could brute-force Farook’s password in 26 minutes.
While it’s unclear who provided the FBI with the exploit, there are companies that openly advertise the sale of zero-days to governments and corporations. One example is Zerodium, which has been offering up to $500,000 for zero-day flaws in Apple’s iOS operating system. The famous hacker Kevin Mitnick has also been running an exclusive brokerage service through which interested parties can buy and sell premium zero-days.
Companies such as Italian spyware maker Hacking Team are also known to possess numerous valuable zero-day exploits, as demonstrated by the data leaked online after the firm’s systems were breached last year.
FBI Director James Comey said the solution used by the agency to hack Farook’s phone only works on iPhone 5C running iOS 9. The government is still considering whether or not it should disclose the vulnerability to Apple, and the tech giant said it will not take any legal steps to get the government to hand it over.
“That the FBI paid vulnerability researchers to help them break into the San Bernardino shooter’s iPhone is probably not much of a surprise to anyone in the information security community. Many high profile security professionals, most notably John McAfee who offered to help the FBI unlock the phone ‘for free’, commented that they felt an unknown security vulnerability would be the most likely method for the FBI to gain access,” Nathan Wenzler, executive director of security at Thycotic, told SecurityWeek.
“What is, perhaps, more troublesome though is the uncertainty surrounding whether the federal government will follow a responsible disclosure process to share what the vulnerability is with Apple. This debate about whether the FBI should keep the vulnerability secret in order to further its intelligence goals, or to share the information so as to allow Apple to fix the vulnerability and thus, secure and protect millions of users worldwide is contrary to the usual rhetoric the government provides to other hackers and security researchers to always share this information,” Wenzler added.
iOS forensics expert Jonathan Zdziarski, whose tools and expertise have helped law enforcement agencies numerous times, posted a blog post last month describing how a software exploit could have been used to hack Farook’s iPhone. Zdziarski warned about the implications of not disclosing the exploit to Apple, and so have many other industry professionals.
As for the Israel-based mobile forensics firm Cellebrite, while it might not have aided the FBI in this case, the company appears to have the resources needed to unlock iPhones. CNN reported on Tuesday that the company has offered to help a man access the content stored on his dead son’s iPhone 6, which should be even more secure than Farook’s device.
While the FBI may have backed down in the San Bernardino shooter’s case, the U.S. government is keeping the encryption battle with Apple alive. Prosecutors want Apple to help them hack an iPhone involved in a drug case in New York, where the defendant has already pleaded guilty and is set to be sentenced. Apple is determined to maintain its stance, arguing that complying with such requests sets a dangerous precedent.
Related Reading: Draft Encryption Bill Criticized by Experts