Professional “Grey-Hat” Hackers Reportedly used zero-day to hack iPhone 5c belonging to San Bernardino shooter for FBI
According to a report this week, the FBI reportedly paid professional hackers for a piece of hardware that enabled investigators to access an iPhone 5c used by one of the San Bernardino terrorists.
The Washington Post today reports that it was able to, with the help of professional hackers exploit a security flaw in the iPhone that was previously unknown, and then used it to access the device linked to terror suspect Syed Rizwan Farook. It is reported that the unnamed group of hackers was given a one-off fee to break into the iPhone. Neither the nature of the exploit is unknown, nor the financials involved.
The hackers were able to access the data on the phone by using a ‘new’ security weakness in the iPhone that could bypass the iOS passcode counter, in what is called a zero-day exploit. In this case, it appears that the exploit was specific to the iPhone 5c, and that the attack vector used to get the data from the phone wouldn’t have worked on current-generation phones.
Farook died in a gun battle with police alongside his wife after the couple killed 14 people at a county office building last Dec. 2.
Despite earlier reports in the Israeli media, The Washington Post said investigators had not used the services of Israeli mobile forensics firm Cellebrite to crack the device. Earlier this month, CNN and Bloomberg claimed the Justice Department contacted the security subsidiary of Japanese firm Sun Corporation a day before federal prosecutors were to meet Apple in court over the issue. Neither the Department of Justice nor Cellebrite have commented on the matter.
Details of the hackers’ identities were not immediately available, but the Post said at least one of them was considered a so-called “gray hat” hacker. The term refers to a hacker or security researcher who sells information about software flaws to third parties, including government who are working on surveillance projects. By contrast, a “white hat” hacker informs the public or firms responsible for the software so the flaws can be fixed, while a “black hat” hacker exploits the flaws to hack networks and steal people’s information. The third “gray hat” group are perhaps in morally murky waters because the information they provide can be used to create surveillance and forensics tools.
Officials have not revealed whether any useful information has been recovered from Farook’s phone. While the security vulnerability identified by the hackers likely only affects a small group of iPhone users, it still raises questions about the security of Apple’s products.
However, it seems that the FBI does not plan to share information regarding the exploit with Apple, as it expects the Silicon Valley giant to find the flaw and keep the law enforcement away from accessing iPhone 5c and older devices. On the other hand, Apple said it will not take action against the FBI to learn the vulnerability, mentioning that the FBI’s method perhaps has a short shelf life.
