The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):
The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.
Related Stories
Phone-Hacking Tool Law Agencies Use Cost Just $100 on eBay
When smartphone companies refuse to help law enforcement agencies access encrypted devices, investigators often turn to companies like Cellebrite, which offers its Universal Forensic Extraction Device (UFED) to help them hack the phone in question to access secure data The problem? This week, Forbes reported that UFEDs--which normally cost between $5,000 and $15,000--can now be bought on eBay for as little as $100.
In addition to letting anyone with a likeness of Benjamin Franklin break into other people's devices, these used UFEDs were also found to contain data from previous investigations.
Forbes said Hacker House co-founder Matthew Hickey bought a dozen UFEDs to see what secrets they might contain. He reportedly found that the "secondhand kit contained information on what devices were searched, when they were searched and what kinds of data were removed," as well as the searched phones' IMEI (international mobile equipment identity) codes.
Related: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
BBC technology correspondent Rory Cellan-Jones has met with representatives of the Israeli company Cellebrite, which helps police forces gain access to the data on the mobile phones of suspected criminals. They were rumoured to have aided the FBI in gaining access to the iPhone used by the San Bernardino shooter (though some reports contradict this). From the article:
It's an Israeli company that helps police forces gain access to data on the mobile phones of suspected criminals.
Cellebrite was in the headlines earlier this year when it was rumoured to have helped the FBI to crack an iPhone used by the San Bernardino shooter.
Now the company has told the BBC that it can get through the defences of just about any modern smartphone. But the firm refuses to say whether it supplies its technology to the police forces of repressive regimes.
[...] Mr Ben-Moshe claimed that his firm could access data on "the largest number of devices that are out there in the industry".
Even Apple's new iPhone 7?
"We can definitely extract data from an iPhone 7 as well - the question is what data."
He said that Cellebrite had the biggest research and development team in the sector, constantly working to catch up with the new technology.
He was cagey about how much data could be extracted from services such as WhatsApp - "It's not a black/white yes/no answer" - but indicated that criminals might be fooling themselves if they thought any form of mobile communication was totally secure.
James Comey has been asked by President Trump to stay on as Director of the Federal Bureau of Investigation. Comey is three years into a ten-year term.
News at NYT (which broke the story), USA Today, Washington Post, CNN, and The Hill.
Here's the bulk of our extensive past coverage of FBI Director Comey's career (oldest first):
2014:
FBI Director Concerned about Encryption on Smartphones
F.B.I. Director Calls "Dark" Devices a Hindrance to Crime Solving
To FBI Director Comey: You Reap What You Sow!
2015:
F.B.I. Has No Doubt that North Korea Attacked Sony, says Director
FBI Chief Links Video Scrutiny of Police to Rise in Violent Crime
2016:
Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone
FBI Unable to Decrypt California Terrorists' Cell Phone
FBI vs. Apple Encryption Fight Continues
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
Apple Lawyer and FBI Director Appear Before Congress
FBI Error Locked San Bernardino Attacker's iPhone
FBI's iPhone Hack Only Works on 5C and Older
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Director Blames 'Viral Video Effect' for Spike in Violent Crime
FBI Recommends No Prosecution for Clinton
FBI Chief Calls for National Talk Over Encryption vs. Safety
Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":
Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.
The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.
California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.
Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring
The FBI will not have to disclose the name of the vendor that it paid to hack into an iPhone used by one of the San Bernardino terrorists:
A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone SE of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.
The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone's security system. Three news organizations — the Associated Press, Vice News, and USA Today — filed a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.
Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Related: FBI Resists Revealing its Tor User Identification Methods in Court
(Score: 5, Insightful) by Anonymous Coward on Wednesday April 13 2016, @07:39PM
When someone has to assure you that they are not "that thing", then most likely they are exactly that thing. All of their actions point towards bad intent, weakening and breaking the security of everyone.
Once law enforcement views the average citizen as innocent and upstanding, and treat them accordingly, THEN I will stop viewing them as demons out to destroy society. Whether they realize it or not, treating a population as criminals by default is probably one of the fastest ways to fracture a society.
Are you a suspect for one reason or another? Prepare to have your rights violated in every way imagined by Hollywood, the "tough" cops will bring their weight down on you simply out of suspicion, and if you're innocent you won't even get an apology. YMMV per department, but as a general trend that seems to be the case in the US at least.
(Score: 0) by Anonymous Coward on Wednesday April 13 2016, @07:49PM
Because they're the police, not the IA department. Why are the FBI the bad guys here, or, why are they the only bad guys here? Not disclosing the info isn't making the iPhones any more vulnerable. It isn't like they know about this technique that is in the wild and suddenly all these phones are at risk. And if you need to build special hardware to implement it, what's Apple going to do about that? Recall all the phones?
Why do the grey hats get a pass? They make a living finding vulnerabilities and selling them. Why aren't we shitting on them for not finding vulnerabilities and giving them away out of the goodness of their hearts?
Why does Apple get a pass as the aggrieved victim? Why don't they purchase all the secrets the grey hats have found and fix them all?
(Score: 3, Interesting) by takyon on Wednesday April 13 2016, @07:52PM
Maybe they don't want to set an industry precedent where companies are extorted or else the vulns are sold to the highest bidder.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Gaaark on Wednesday April 13 2016, @07:59PM
Yes, they want to be able to say 'We don't bargain with terrorists, we only pay people, who may, for all we know, be terrorists, a one time fee.'
BRING MR. ROBOT TO LIFE: BRING DOWN WALL STREET!
OCCUPY MY COMPUTER CHAIR SO I CAN LINUX, AND PLAY CIV5!!! :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by Gravis on Wednesday April 13 2016, @08:17PM
ha! we're way past that point.
(Score: 5, Insightful) by edIII on Wednesday April 13 2016, @08:32PM
The FBI are the bad guys, and have been now for over two decades. They've consistently refused to be bound by due process and slowed down by magistrates blocking warrants. I could go on and on about their history with Ma Bell, Congress, the Clipper Chip, Carnivore 1, Carnivore 2, DSCNet, etc.
Yes, they are truly bad people that think of themselves before the rest of us. You're entirely correct though, they're not the only bad guy here.
The sun coming up doesn't heat up the desert, either.
It isn't like this technique may already be in the wild.... or possessed by China, Russia, or shared with the other 4 participants in the Five Eyes. From that point, it is one corrupt official away and one Mosseck Fonseca shell company from being revealed to people that would use it against us.
I agree with you. They should be shot, or at the very least, have every one of their fingers broken permanently. Gray hats are far worse than black hats. At least black hats are honest about their motivations and what they do. A black hat wants to be paid, or use the information to their advantage. A black hat is a criminal.
A gray hat is somebody flirting with the idea that they actually have a little bit of white in there somewhere because they betray the rest of us to government. As if that is any better than betraying us to organized crime syndicates.
Damn right. Those two should be hiding from the rest of us right now, and for good reason.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Wednesday April 13 2016, @09:50PM
What about Apple? You giving them a pass, then?
(Score: 2) by butthurt on Thursday April 14 2016, @01:19AM
A pass for what? Creating a platform that has at least one security hole, or failing to assist the government in an investigation?
(Score: 1, Interesting) by Anonymous Coward on Thursday April 14 2016, @03:43PM
He seems to imply that the FBI is under a moral obligation to report the exploit to Apple. He also implies that grey hats are under moral obligations to either stop doing what they're doing, or to reveal every exploit they find. It would seem consistent with his views that Apple would be under a moral obligation to purchase all the known exploits for sale by grey hats so that they could fix them (regardless of their cost, I would suspect).
Shouldn't Apple be compelled to do this? And if not, why hold the other two up to such high standards?
(Score: 2) by butthurt on Thursday April 14 2016, @11:02PM
He takes [soylentnews.org] the extreme view that grey hat security researchers "should be shot." Assuming the meaning is shot to death, that would forestall the possibility of them selling, or revealing, their discoveries.
Apple have found it profitable to not offer a bug bounty. [nytimes.com] Perhaps they'll reconsider. Compelling them to pay for security research isn't in the cards.
(Score: 2, Interesting) by Arik on Wednesday April 13 2016, @10:42PM
If we designed stuff for security this would be a very different situation. We don't, Apple actually does a better job than most, and they are HORRIBLE at it.
And not just Apple but all their competitors as well *should* be expected to secure their devices at their own expense. Designing it in from the start is expensive, but patching an insecure design later much worse. They go with the latter simply because our legal system, combined with customer ignorance, allows them to externalize the costs of their crappy designs.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 13 2016, @11:23PM
(Score: 2) by edIII on Thursday April 14 2016, @12:24AM
You're entirely correct. The FBI was born bad. Hoover was a true piece of shit in the same mold as McCarthy.
I was limiting my comments specifically to more advanced telecommunication systems that started in the late 80's.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @01:24AM
In those days they were at least trying protect us from the communists and the blacks. What they're doing now is inexcusable.
(Score: 5, Insightful) by stormwyrm on Wednesday April 13 2016, @11:39PM
They have been the bad guys for way, way more than two decades... As long ago as 1945 President Truman already had this to say about the FBI: "We want no Gestapo or secret police. The FBI is tending in that direction. They are dabbling in sex-life scandals and plain blackmail. J. Edgar Hoover would give his right eye to take over, and all congressmen and senators are afraid of him." Have you all forgotten what they did under a program called COINTELPRO [wikipedia.org]? Under that program, among other things, they did surveillance on Martin Luther King and after digging up some sordid details of his private life they actually urged him to commit suicide [wikipedia.org]. I think it's pretty hard to find a time in its history when the FBI were actually the good guys.
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Interesting) by edIII on Thursday April 14 2016, @12:27AM
You are entirely correct, and I was just trying to limit it to the telecoms bullshit that really got going in the late 80's when Ma Bell was standing up to them for it. They were responsible for getting Congress to disband them, for no other reason than to disband the security department in Ma Bell. They were so fucking unreasonable in Ma Bell. Each, and every warrant was inspected and those assholes protected our rights! Yeah, no wonder Ma Bell had to be broken up as a monopoly right?
I was being too gracious.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Informative) by bitstream on Thursday April 14 2016, @01:41PM
Apple has already done the next step that may protect against this. And that is "secure domain" which in essence is a separate microcontroller that communicates only via one communication channel. To defeat that one would need to decap and interface directly with the chip die.
Apple 5 and lower phones have flaws that a determined opponent may exploit without decap.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:19PM
wow, you're some sort of super moron!
(Score: 4, Interesting) by Anonymous Coward on Wednesday April 13 2016, @07:57PM
Apple can't sue the FBI for hacking the phone but they should be able to force them to reveal who hacked the phone considering it's a violation of the DMCA. Law enforcement may not have to follow laws but third parties do.
I hope Apple drags the FBI to court to reveal who did it. The third party may have immunity from criminal proceedings - thanks to the FBI - but not civil liabilities.
(Score: 3, Funny) by Nerdfest on Wednesday April 13 2016, @08:56PM
Law enforcement most certainly does have to follow laws.
(Score: 2) by PartTimeZombie on Wednesday April 13 2016, @10:15PM
Law enforcement most certainly does have to follow laws.
Theoretically you're quite right, in practice if an agency or individual has protection, they don't really have to.
The Iran/Contra affair showed that any agency of the US Government is above the law.
(Score: 3, Interesting) by frojack on Thursday April 14 2016, @01:17AM
The third party may have immunity from criminal proceedings - thanks to the FBI - but not civil liabilities.
I suspect the third party is not subject to civil liabilities because the are all Israelis (moon lighting from Cellebrite). Cellebrite has every reason not to become a target of every other hacker group in the world, and a little plausible deniability goes a long way.
But more to the point....
Isn't it interesting that we are talking about how they did it and who helped them, and nobody is saying a word about the fact that they FOUND NOTHING ON THE PHONE. Its like the old Jedi mind trick all over again.
No, you are mistaken. I've always had this sig.
(Score: 1, Interesting) by Anonymous Coward on Thursday April 14 2016, @08:55AM
We all predicted there was nothing on the phone. This was never about "only this one phone" no matter how many times the FBI made that claim in court, in front of Congress or in the press.
(Score: 5, Informative) by Gravis on Wednesday April 13 2016, @08:20PM
"Apple is not a demon,"
"I hope people don't perceive the FBI as a demon."
notice he didn't actually say that the FBI isn't a demon. (≧∇≦)/
(Score: 1, Informative) by Anonymous Coward on Wednesday April 13 2016, @09:47PM
Of course it's not. The FBI isn't a single entity. It's not a demon, it's a horde of demons.
(Score: 0) by Anonymous Coward on Wednesday April 13 2016, @09:00PM
They totally got that guy from the Die Hard movie to take a break from hacking into the DOD on his laptop and crack this iPhone.
(Score: 1) by evil_spork on Wednesday April 13 2016, @09:01PM
The director should be dragged in on the carpet by congress on the ethics of using hackers at this level. More likely, they bought the hack on the black market or otherwise quietly, and this wasn't the first time they have done so. If they paid them using government funds, let's hope they kept track of the funds used.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @01:30AM
--Jeremy Bentham (inventor of the Panopticon)
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @05:54AM
We're talking about the creations of Hoover and Jobs. No ethics involved whatsoever!
(Score: 2) by inertnet on Wednesday April 13 2016, @10:14PM
The article says that they needed a piece of hardware to take advantage of a software flaw. Could it be that they disabled a memory write line and the software doesn't read back to check if the write was successful? Did they also find a way to disable the timer that adds a delay after a failed attempt? I hope we'll get an answer someday.
(Score: 2) by frojack on Thursday April 14 2016, @01:20AM
THAT'S what you want to ask them?
Nothing about "did you find anything of value on the phone or was this more security theater"?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:28AM
They'll just lie about it:
https://theintercept.com/2014/10/17/draft-two-cases-cited-fbi-dude-dumb-dumb/ [theintercept.com]
https://theintercept.com/2015/09/15/fbi-keeps-telling-purely-theoretical-encryption-horror-stories/ [theintercept.com]
https://theintercept.com/2015/02/26/fbi-manufacture-plots-terrorism-isis-grave-threats/ [theintercept.com]
https://theintercept.com/2015/03/16/howthefbicreatedaterrorist/ [theintercept.com]
(Score: 2) by CirclesInSand on Thursday April 14 2016, @01:20AM
They probably called tech support and pretended to be a housewife who forget who password.
Really though there are several possibilities. All they really need to be able to do is get the raw data off the disk, checking passwords becomes trivial after that. And odds are, they would have probably had a hard time trusting anyone unless that is what they were doing, since it isn't like you get a second chance if you screw up. I wonder whether the hardware supplier for the chips disclosed the VLSI or whatever for it.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:32AM
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon."
FYI, here's the talk this is referring to:
https://www.youtube.com/watch?v=-VL4cDLdP1g [youtube.com]
I haven't watched it yet but it might be neat.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:27PM
the FBI is a terrorist organization and are enemies of the people and should be treated as such.