FBI reportedly hacked San Bernardino iPhone using zero-day exploit revealed by professional hackers

midian182

midian182

Posts: 9,734   +121
Staff member

After several weeks of demands, and on the eve of the trial, the FBI said it no longer required Apple’s help to crack the San Bernardino iPhone last month after the government firm was aided by a “third-party.”

According to the Isreali media, this unnamed entity was Cellebrite, a mobile forensic company based in the Middle Eastern country. But according to a report from the Washington Post, this wasn’t the case.

The site claims that the FBI paid a group of professional hackers for providing information regarding a previously unknown security flaw that helped the government agency break into Syed Rizwan Farook’s iPhone.

The Post claims that the hacking group, which hasn't been identified, brought the government agency “at least one” zero-day exploit capable of circumventing the iPhone’s brute-force protection features: the automatic wipe function that activates after 10 failed pin entries, and the gradual increase in the delay between pin attempts.

It appears that the vulnerability was specific to the iPhone 5c when running iOS 9, and wouldn’t have worked on later models/operating systems. We don’t know the exact nature of the vulnerability, and the government is still debating whether to reveal it to Apple.

Once the FBI had the new information, it was able to use custom-built hardware to brute-force the four-digit password and access the contents of the phone without the risk of triggering the security measures.

Permalink to story.

https://www.techspot.com/news/64434-fbi-reportedly-hacked-san-bernardino-iphone-using-zero.html

 
The FBI are really beating their chests about their 'accomplishment' but haven't muttered a word about what was on the device. Nothing of any real value would be my guess and it wouldn't surprise me at all.
 
  • Like
Reactions: Mandark and Hexic
Skidmarksdeluxe said:
The FBI are really beating their chests about their 'accomplishment' but haven't muttered a word about what was on the device. Nothing of any real value would be my guess and it wouldn't surprise me at all.
Click to expand...

It's a terrorism case, no one without a TS clearance and/or those working on the case will see what was on the phone for some time - that's how it works.

Potentually sensitive information posted to the public is also viewable by those who helped perpetuate the attack. OpSec is everything in a case like this until they clear and de-classify it for the general public.
 
Yeah, I know, that's the way it works but will it ever be declassified? Probably after a good few years and (just about) everybody has forgotten about it.
 
It's actually a huge achievement for them, they stick it in against all that were against them by saying "your device is not really safe, at all". After all the controversy this request from the FBI to Apple, it's kind of a big deal.
 
If they didn't have a court order that makes them just as criminal as anyone else using the exploit. They are sticking it to themselves not Apple. Which we all knew this would happen. Apple even predicted this, which is why Apple made their stand and why the FBI dropped their charges.
 
  • Like
Reactions: Mandark
Only fools believe that the FBI hasn't already been using zero day hacks to access all manner of devices. Do you really think they just now hired some company to figure it out for them? I don't buy that for a second. Especially when you consider that these kinds of "professional hacking companies" have been around and selling their exploits to governments for years. When Egypt fell during the arab spring it was discovered that their government was using these exploits to spy on their own citizens. Are we to believe that the fbi has been sitting on their hands this entire time? Oh woe is me! If only Apple would help us unlock this terrorist's iphone. BS! They've likely possessed the ability to crack into phones, and remotely hack phones for years. I have a hard time believing that there aren't already backdoors into all the big platforms if not entire divisions of these companies dedicated to helping the government. Do you really think the FBI is going to court to seek a signature from a judge, then sending a cordial email to Facebook for permission to access a user's profile? I don't. I think they tap right into the system because they have their own spigot.
 
cliffordcooley said:
I've not read the article but, as long as they have a court order I don't have an issue.
Click to expand...

If you only knew how many lies and half-truths were in those sworn applications for warrants, I bet you would have an issue. A whole line of cases stem from U.S. v. Franks. Oh what LEOs think is OK when they are chasing "bad guys"!
 
Kibaruk said:
It's actually a huge achievement for them, they stick it in against all that were against them by saying "your device is not really safe, at all". After all the controversy this request from the FBI to Apple, it's kind of a big deal.
Click to expand...
This isn't an achievement for anyone else but the guys who found the exploit. I believe that the security argument was Apple's, not the FBI's. This isn't really that big of a deal either, but it does show how seemingly easily modern-day encryption can be cracked.
 
This sends a message, independentlly on what or who got it. If you don't get that, good for you...
 
seefizzle said:
Only fools believe that the FBI hasn't already been using zero day hacks to access all manner of devices. Do you really think they just now hired some company to figure it out for them? I don't buy that for a second. Especially when you consider that these kinds of "professional hacking companies" have been around and selling their exploits to governments for years. When Egypt fell during the arab spring it was discovered that their government was using these exploits to spy on their own citizens. Are we to believe that the fbi has been sitting on their hands this entire time? Oh woe is me! If only Apple would help us unlock this terrorist's iphone. BS! They've likely possessed the ability to crack into phones, and remotely hack phones for years. I have a hard time believing that there aren't already backdoors into all the big platforms if not entire divisions of these companies dedicated to helping the government. Do you really think the FBI is going to court to seek a signature from a judge, then sending a cordial email to Facebook for permission to access a user's profile? I don't. I think they tap right into the system because they have their own spigot.
Click to expand...

Plus they can always count on friends at NSA, which is even worse
 
You must log in or register to reply here.

Similar threads

E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
219
p51d007
p51d007
Shawn Knight
Apple iPhone SE 4 specs point to large OLED display, A16 SoC, according to leaks
Replies
10
Views
128
daffy duck
D
D
Apple iPhone 17 Pro could be the first phone with TSMC's 2nm chip
Replies
8
Views
128
daffy duck
D

Latest posts

Back