Report Claims FBI Paid Hackers One-Time Fee To Crack San Bernardino iPhone With Zero-Day Exploit
Up to this point, there have been several reports saying that Cellebrite helped the FBI extract the contents from the iPhone 5c handset that once belonged to Syed Farook, one of the terrorists in the San Bernardino shooting. There was even a plausible theory making the rounds as to how it might have been done, one that involved de-soldering the iPhone's NAND flash memory chip.
Forget all that, because if The Washington Post's unnamed sources are correct, then Cellebrite had nothing to do with cracking the iPhone. Instead, it's been put out there that the FBI paid a group of researchers a one-time fee to hack the handset.
As the story goes, the researchers like to keep a low profile. They also specialize in finding vulnerabilities, exploiting them, and sometimes selling those exploits to the U.S. government. In fact, "people familiar with the matter" say this same group brought the FBI a discovered security flaw on at least one prior occasion.
Details surrounding the hack still aren't known, though it's said to have involved a custom made hardware device that took advantage of a security flaw. The device allowed the government to guess the iPhone's four-digit passcode without fear of the data being wiped after ten failed guesses. Using the device, it took the government less than 30 minutes to crack the code.
One thing that hasn't changed is the newfound belief that the iPhone's security scheme isn't perhaps as strong as many though it was. Whether it was Cellebrite or a team of researchers that cracked the iPhone, the bottom line is that someone did it without Apple's help.