April 13, 2016 by

FBI Paid Gray Hat Hackers to Crack iPhone

The long-running encryption debate and stand-off between Apple and the FBI finally saw the law enforcement agency figure out its own way to crack the San Bernardino terrorist’s iPhone.

Contrary the earlier assumption that an Israeli security company unlocked the iPhone for the FBI, a new report claims that the agency simply paid grey hat hackers to crack the iPhone.

Sources close to the Washington Post revealed that the FBI cracked the device with the help of grey hats. Typically, grey hat hackers find vulnerabilities to exploit in programs, software and devices and sell their knowledge for personal profit. In this case, sources familiar with FBI’s means to cracking the iPhone revealed that professional hackers discovered the vulnerability and brought it to the bureau.

The new information specifically helped law enforcement to devise a new piece of hardware that directly helped crack the iPhone’s four-digit PIN. The above was accomplished without triggering the auto-erase security feature bundled in with the iPhone.

The report read:

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases, selling them to the U.S. government. They were paid a one-time flat fee for the solution.

The FBI’s biggest challenge was to ensure that the wiping feature enabled on iPhones is disabled, before proceeding to cracking the PIN. The auto-wipe feature is triggered after 10 incorrect attempts at guessing the code.

Once disabled, the FBI was then free to brute-force its way into cracking the four-digit PIN, a feat which the FBI estimated would not exceed 26 minutes altogether.

This solution brought by the grey hats has a limited shelf life, according to the FBI. Bureau director James B. Comey stated that the solution only works on the iOS 9 mobile operating system that is installed on iPhone 5Cs, specifically.

In a twist of irony, the U.S. government will now decide if it is to disclose the flaws exploited by the agency to Apple. The software giant has previously stated that it would not sue the government for breaching the security of the iPhone. Meanwhile, security and privacy experts and advocates are calling on the government to disclose the vulnerability to Apple to ensure that such holes are patched.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Partners Allianz to Offer CyberCrime Insurance Perks

A new partnership between Apple, Cisco and insurance firm Allianz SE will see businesses using...

Read more arrow_forward

Happy New Year: Researcher Drops MacOS Zero-Day Root Access Kernel Exploit

To ring in the new year, a security researcher on New Year’s Day disclosed an unpatched security...

Read more arrow_forward

Apple Pushes Update to Fix Major Mac OS Vulnerability

Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to...

Read more arrow_forward