Report Claims FBI Paid Hackers One-Time Fee To Crack San Bernardino iPhone With Zero-Day Exploit

The situation that played out between the FBI and Apple over a locked iPhone 5c model has been like a Soap Opera with plenty of drama and unexpected twists and turns. In case you thought it was coming to an end, think again—the latest plot twist is that Israeli security outfit Cellebrite supposedly wasn't the one that helped the FBI crack the iPhone in question.

Up to this point, there have been several reports saying that Cellebrite helped the FBI extract the contents from the iPhone 5c handset that once belonged to Syed Farook, one of the terrorists in the San Bernardino shooting. There was even a plausible theory making the rounds as to how it might have been done, one that involved de-soldering the iPhone's NAND flash memory chip.

iPhone 5c

Forget all that, because if The Washington Post's unnamed sources are correct, then Cellebrite had nothing to do with cracking the iPhone. Instead, it's been put out there that the FBI paid a group of researchers a one-time fee to hack the handset.

As the story goes, the researchers like to keep a low profile. They also specialize in finding vulnerabilities, exploiting them, and sometimes selling those exploits to the U.S. government. In fact, "people familiar with the matter" say this same group brought the FBI a discovered security flaw on at least one prior occasion.

Details surrounding the hack still aren't known, though it's said to have involved a custom made hardware device that took advantage of a security flaw. The device allowed the government to guess the iPhone's four-digit passcode without fear of the data being wiped after ten failed guesses. Using the device, it took the government less than 30 minutes to crack the code.

One thing that hasn't changed is the newfound belief that the iPhone's security scheme isn't perhaps as strong as many though it was. Whether it was Cellebrite or a team of researchers that cracked the iPhone, the bottom line is that someone did it without Apple's help.

Show comments blog comments powered by Disqus