FBI hired professional hackers in San Bernardino iPhone cracking case

The hackers were paid a one-time fee for submitting a vulnerability which allowed the bureau to access the iPhone without Apple's help.
Written by Charlie Osborne, Contributing Writer
apple fbi flaw shooter security

The FBI paid professional bug hunters to access a San Bernardino shooter's iPhone rather than pursuing Apple through the courts to break the device for them, according to reports.

A terrorist incident in San Bernardino, California, took place in December 2015. The case revolved around Syed Farook and his wife Tashfeen Malik, who murdered 14 people at a holiday party. As part of the ongoing investigation, the FBI wanted access to Farook's work phone, an iPhone 5C, which was protected by a four-digit passcode.

The case then turned in another direction, as Apple and US law enforcement wound up in court over whether the tech firm could be forced to create software which would bypass its own PIN protection so agents could access the data stored within.

The eyes of technology firms, activists, legal enforcement and the general population as a whole watched as Apple and the FBI butted heads in court. However, the finale was deferred after US law enforcement withdrew its case against the iPad and iPhone maker, claiming the agency no longer needed help accessing the mobile device.

Since then, the media has attempted to find out how -- and who -- was able to bypass Apple's home screen PIN code security feature to access the shooter's iPhone 5C.

According to the Washington Post, people familiar with the matter said that "professional hackers" assisted the FBI in the case by bringing the agency "at least one" zero-day vulnerability inside Apple's iOS software.

This information was then used to develop hardware which was capable of cracking the four-digit PIN code which previously thwarted attempts by law enforcement to access the device.

Unfortunately for the FBI, cracking a PIN code itself is easy, but on an iOS device it is more complicated than a brute-force attack against a four-digit number. Apple devices wipe stored information after 10 wrong codes are submitted to unlock them, and also extend the length of time which needs to pass in between attempts.

The hackers reportedly specialize in finding vulnerabilities -- which is a business in itself due to the emergence of bug bounty programs -- and were paid a one-time fee for giving the government their research.

Contrary to previous reports, Israeli cybersecurity firm Cellebrite was not involved in the process.

It is unknown which method or software vulnerability the group used to bypass Apple's PIN security system and the government has chosen not to disclose the vulnerability to Apple at this stage.

However, FBI Director James Comey has revealed the bypass only works on the iPhone 5C if the device is running the iOS 9 operating system, which is considered a "narrow slice" out of Apple's product range.

Attorneys for Apple speaking on background during a media briefing call on Friday said the method used would likely have a " short shelf life," and as such, the iPad and iPhone maker has no plans to take the FBI to court to reveal how the mobile device was accessed.

See also: Apple won't sue FBI to reveal hack used to unlock seized iPhone

Earlier this week, Comey called the Apple-FBI case the "hardest problem" in his career. Speaking to students at the Catholic University's Columbus School of Law, the director said even though the case was withdrawn against Apple, the legislative issues concerning encryption and policy brought up by the case cannot be solved purely through the court system.

10 steps to learn how to hack

Read on: Top picks

Editorial standards