After hinting that it maybe didn’t need Apple’s help after all, last month the FBI managed to break into the iPhone of San Bernardino shooter Syed Farook and mine it for as-yet-unreleased data. The FBI has so far refused to reveal its secret method (although it has offered its phone-hacking services to local law enforcement), but a source “familiar with the matter” told the Washington Post that the bureau paid a team of professional hackers a one-time fee to work its magic.
According to the Post, the hackers approached the FBI with knowledge of at least one previously unknown flaw in the iPhone’s software. The information was used to create a mysterious piece of hardware, which allowed officials to crack the phone’s four-digit password without setting off a security feature that would’ve erased all its data.
Guessing the PIN, said the FBI, would’ve taken about 26 minutes — the hard part was making sure the phone didn’t wipe itself due to repeated erroneous attempts.
The hackers responsible for the job (which were not from the Israeli firm Cellebrite, as had been previously reported) “keep a low profile” and are known for identifying vulnerabilities in software for the purpose of selling the information to developers and, in some cases, the U.S. government. The FBI paid them a one-time flat fee.
Now, the FBI must decide whether to share its knowledge of the software flaw with Apple. Director James Comey has said the hack only works on iPhone 5Cs running the iOS 9 operating system, so it has limited application; he’s also expressed concern that if Apple fixes the flaw, the bureau would be “back where [it] started from.” Apple has said it won’t sue to discover the flaw — a statement which, given this whole mess, can be considered taking the high road.
