Cybersecurity

FBI will not tell Apple how it hacked San Bernardino iPhone

The FBI will not be able to disclose how it broke into an iPhone used by one of the San Bernardino shooters.

Top FBI cyber official Amy Hess on Wednesday said the FBI does not “have enough technical information” about the software vulnerability that allowed it to hack the phone.

{mosads}Without this information, the FBI said it cannot participate in a White House review that would determine whether it should share the technique with Apple.

“The FBI purchased the method from an outside party so that we could unlock the San Bernardino device,” said Hess, the FBI’s executive assistant director for science and technology. “We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate.”

The FBI bought the hacking tool from a third party, which approached the government during its legal standoff with the FBI over cracking into the iPhone used by Syed Rizwan Farook, one of two shooters who killed 14 people in the December terror attacks.

Apple had rebuffed a court order directing it to help investigators unlock the phone.

The FBI later dropped its request after the outside hacking method proved successful.

The decision comes just a day after FBI Director James Comey strongly hinted the bureau would be unable to disclose how it accessed the phone.

“The threshold is, are we aware of the vulnerability, or did we just buy a tool and don’t have sufficient knowledge of the vulnerability to implicate the process?” he said, referring to a little-known White House review panel created in 2010 to decide whether to tell companies about security flaws the government discovers.

The FBI has been under considerable pressure from Silicon Valley and privacy advocates to tell Apple engineers about the defect it exploited to open up Farook’s phone.

These proponents argue that keeping the knowledge under wraps leaves millions of iPhones potentially exposed to malicious hackers who could discover and manipulate the same vulnerability.

Many in the tech community pushed for the FBI to submit its hacking method — which carried a $1.3 million price tag — to the White House review panel, known as the Vulnerabilities Equities Process (VEP).

But the FBI said it simply doesn’t know enough to go through the process.

“That process requires significant technical insight into a vulnerability,” Hess said. “The VEP cannot perform its function without sufficient detail about the nature and extent of a vulnerability.”

Wednesday’s decision is likely to further frustrate disclosure advocates, who worry that the FBI is simply retaining the knowledge so it can successfully hack iPhones in other criminal cases.

Federal and local law enforcement officials have already acknowledged they have hundreds of seized iPhones they would like to open.

But Comey has cautioned that the San Bernardino hacking method only works on a “narrow slice of phones.” While it worked on Farook’s iPhone 5c, the agency has said the tool does not work on the iPhone 5s or on the iPhone 6.

— This post was updated at 1:44 p.m.