TechSpot

FBI reportedly hacked San Bernardino iPhone using zero-day exploit revealed by professional hackers

By midian182
Apr 13, 2016
Post New Reply
  1. After several weeks of demands, and on the eve of the trial, the FBI said it no longer required Apple’s help to crack the San Bernardino iPhone last month after the government firm was aided by a “third-party.”

    According to the Isreali media, this unnamed entity was Cellebrite, a mobile forensic company based in the Middle Eastern country. But according to a report from the Washington Post, this wasn’t the case.

    The site claims that the FBI paid a group of professional hackers for providing information regarding a previously unknown security flaw that helped the government agency break into Syed Rizwan Farook’s iPhone.

    The Post claims that the hacking group, which hasn't been identified, brought the government agency “at least one” zero-day exploit capable of circumventing the iPhone’s brute-force protection features: the automatic wipe function that activates after 10 failed pin entries, and the gradual increase in the delay between pin attempts.

    It appears that the vulnerability was specific to the iPhone 5c when running iOS 9, and wouldn’t have worked on later models/operating systems. We don’t know the exact nature of the vulnerability, and the government is still debating whether to reveal it to Apple.

    Once the FBI had the new information, it was able to use custom-built hardware to brute-force the four-digit password and access the contents of the phone without the risk of triggering the security measures.

    Permalink to story.

     
  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,498   +2,051

    The FBI are really beating their chests about their 'accomplishment' but haven't muttered a word about what was on the device. Nothing of any real value would be my guess and it wouldn't surprise me at all.
     
    Mandark and Hexic like this.
  3. Hexic

    Hexic TS Addict Posts: 283   +132

    It's a terrorism case, no one without a TS clearance and/or those working on the case will see what was on the phone for some time - that's how it works.

    Potentually sensitive information posted to the public is also viewable by those who helped perpetuate the attack. OpSec is everything in a case like this until they clear and de-classify it for the general public.
     
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,498   +2,051

    Yeah, I know, that's the way it works but will it ever be declassified? Probably after a good few years and (just about) everybody has forgotten about it.
     
  5. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +501

    It's actually a huge achievement for them, they stick it in against all that were against them by saying "your device is not really safe, at all". After all the controversy this request from the FBI to Apple, it's kind of a big deal.
     
  6. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,555   +2,898

    I've not read the article but, as long as they have a court order I don't have an issue.
     
  7. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +501

    It was thanks to an exploit by a 3rd party, nothing to do with the court nor apple, the FBI literally stick it to Apple.
     
  8. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,555   +2,898

    If they didn't have a court order that makes them just as criminal as anyone else using the exploit. They are sticking it to themselves not Apple. Which we all knew this would happen. Apple even predicted this, which is why Apple made their stand and why the FBI dropped their charges.
     
    Mandark likes this.
  9. seefizzle

    seefizzle TS Addict Posts: 278   +142

    Only fools believe that the FBI hasn't already been using zero day hacks to access all manner of devices. Do you really think they just now hired some company to figure it out for them? I don't buy that for a second. Especially when you consider that these kinds of "professional hacking companies" have been around and selling their exploits to governments for years. When Egypt fell during the arab spring it was discovered that their government was using these exploits to spy on their own citizens. Are we to believe that the fbi has been sitting on their hands this entire time? Oh woe is me! If only Apple would help us unlock this terrorist's iphone. BS! They've likely possessed the ability to crack into phones, and remotely hack phones for years. I have a hard time believing that there aren't already backdoors into all the big platforms if not entire divisions of these companies dedicated to helping the government. Do you really think the FBI is going to court to seek a signature from a judge, then sending a cordial email to Facebook for permission to access a user's profile? I don't. I think they tap right into the system because they have their own spigot.
     
  10. Alexa

    Alexa TS Rookie

    If you only knew how many lies and half-truths were in those sworn applications for warrants, I bet you would have an issue. A whole line of cases stem from U.S. v. Franks. Oh what LEOs think is OK when they are chasing "bad guys"!
     
  11. Tosikko

    Tosikko TS Booster Posts: 24   +25

    This isn't an achievement for anyone else but the guys who found the exploit. I believe that the security argument was Apple's, not the FBI's. This isn't really that big of a deal either, but it does show how seemingly easily modern-day encryption can be cracked.
     
  12. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +501

    This sends a message, independentlly on what or who got it. If you don't get that, good for you...
     
  13. Mandark

    Mandark TS Booster Posts: 76   +22

    Plus they can always count on friends at NSA, which is even worse
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...