Cybersecurity

FBI paid professional hackers to access San Bernardino iPhone

The FBI paid professional hackers “a one-time flat fee” for discovering a previously unknown software flaw and tipping off the agency, allowing investigators to crack into one of the San Bernardino shooter’s iPhone without Apple’s help, The Washington Post reported.

The discovery allowed the FBI to create a piece of hardware that could figure out the iPhone’s four-digit personal identification number without triggering a fail-safe security feature that would erase the phone’s data after 10 incorrect password attempts, the Post reported, citing “people familiar with the matter.”

{mosads}The researchers who sold the security flaw to the government were not affiliated with Israeli security firm Cellebrite, as several news outlets had previously reported.

According to the Post, at least one of the researchers is considered a so-called “gray hat” hacker, or a security researcher who discovers and sells software defects to governments or companies to help them make surveillance tools.

These researchers are controversial in the tech community. Many security specialists believe any previously undiscovered flaw should be flagged for the company, so it can close the gap and block nefarious hackers and spies from using that entry point.

The government has been pressed to reveal its tactics to Apple for just this reason, and the Obama administration is currently conducting an internal review to decide whether to do so.

The details shed new light on the mysterious method the FBI used to access the locked iPhone used by Syed Rizwan Farook, one of the two terrorists behind the attack in San Bernardino, Calif.

The bureau’s inability for months to hack the phone led to one of the most high-profile standoffs between the government and tech community in recent history.

When the FBI decided it couldn’t get into the phone, it obtained a court order directing Apple to create software that would disable the failsafe security feature that would have wiped the phone. With that feature removed, the FBI said it could guess the phone’s four-digit PIN in under 30 minutes.

But Apple rebuffed the order, arguing that the government was forcing it to build a dangerous “backdoor” into all iPhones. Complying would also have set a troubling precedent and would allow the government to ask other tech firms to undermine their security, Apple insisted.

Just as the two sides were set to hold their first hearing on the matter, the FBI shocked everyone by announcing it had been shown a method to access the phone.

Days later, the Justice Department dropped its case against Apple, saying investigators had been able to get at the phone’s data.