FBI cyber-investigators reportedly paid professional hackers to help access the locked iPhone 5C formerly owned by an Islamic State-inspired terrorist – and not digital forensics firm Cellebrite, as initially reported.
The hackers – whose identity remains elusive – allegedly used a previously undisclosed 'zero-day' exploit to crack open the Apple device in question. This, sources close to the matter told The Washington Post, circumvented the four-digit encryption code without triggering a built-in auto-erase feature, which would have scrubbed all data on the device if tampered with.
Despite previous reports indicating that Cellebrite, an Israeli security firm that specialises in surveillance and tech-cracking equipment, was embroiled in the controversial iPhone unlocking, the anonymous sources said this was not the case. Instead, the hackers were in possession of an Apple smartphone exploit and were paid a 'one-time fee' for their services. The exact amount awarded remains unknown. IBTimes UK contacted the FBI for further clarification, but had received no reply at the time of publication.
Zero-day vulnerabilities are security bugs that are unknown to even the programmers of software. If uncovered, they can be exploited by hackers or cyber criminals to launch attacks without warning. These security flaws also bolster an increasingly lucrative underground hacking industry – with one recent Apple zero-day alone being purchased by a security firm for a whopping $1m. Following the Edward Snowden revelations in 2013, it was discovered that global intelligence agencies, including the National Security Agency (NSA), were hoarding a substantial amount of these vulnerabilities for their own uses.
Previously, FBI director James Comey claimed the encryption-blasting solution used by his agency only works on a "narrow slice" of iPhones – a statement consistent with a zero-day unique to one model. "The world has moved onto [iPhone] 6s and this doesn't work on 6s or on iPhone 5Ss," he said during an address Ohio's Kenyon College last week.
Comey also confirmed the FBI had "bought a tool from a third-party" to aid in its investigation, which meant it could halt its ongoing legal dispute with Apple. However, the director made no mention of paying hackers – or forensics firms – in his speech. For its part, the FBI is yet to say publicly how exactly it unlocked the smartphone or even if any data was able to be recovered. Now, the agency is debating whether to even inform Apple of the flaw. "We're having discussions within government about it [...] if we tell Apple they're going to fix it and we're back to where we started," Comey added.
In light of this, many in the security industry have called on the US government to disclose the zero-day. If it is left open to exploitation, it is argued, the general public is also at increased risk of attack. "We have to worry about that exploit or vulnerability leaking," Mikko Hyppönen, computer security expert at FSecure, told IBTimes UK in an interview. "The FBI has information that puts everybody's data at risk on iOS devices and they are not telling Apple. Think about that. They are a law enforcement agency and they are supposed to protect people."
The initial dispute between the FBI and Apple related to an iPhone 5C recovered from the possessions of terrorist shooter Syed Rizwan Farook – who, alongside his wife Tashfeen Malik, was responsible for the deaths of over a dozen people in San Bernardino, California, on 2 December last year.