A new report claims that a group of professional hackers – not Cellebrite, as we previously thought – were hired by the FBI to help unlock the San Bernardino iPhone.
According to The Washington Post, this group of researchers managed to exploit a flaw in iOS which even Apple doesn’t know about, disabling password security to the extent that a “brute force” hack from the FBI was possible without losing the data on the iPhone.
Previous rumors suggested that Israeli forensics firm Cellebrite helped the FBI in this case, as the company offers iPhone-unlocking services on its website. However, it now looks as though Cellebrite weren’t involved at all.
The unnamed team involved are known as ‘gray-hat’ hackers – researchers who look for flaws and vulnerabilities in pieces of software, in order to sell the information to the companies involved, or the government. In this instance the team reportedly charged a one-time flat fee to help the FBI crack the iPhone 5s in question. The exploit only works on a small subset of devices: namely, any iPhone 5c running iOS 9, but it’s still a little worrying from a security standpoint.
Apple will want to know more about the flaw(s) exploited in this case, in order to improve security. It’s possible that the FBI will disclose the details of the flaw so the vulnerability can be fixed in a future update, though chances are equally strong that the FBI will want to keep the details quiet so they could potentially hack into more iPhones in future. In which case, the gray-hat hackers may well decide to sell their knowledge straight to Apple. Either way, we wouldn’t expect the flaw to go unfound for long.