The Guardian is reporting that...
On Wednesday, the FBI confirmed it wouldn't tell Apple about the security flaw it exploited to break inside the iPhone 5C of San Bernardino gunman Syed Farook in part, because the bureau says it didn't buy the rights to the technical details of the hacking tool.
"Currently we do not have enough technical information about any vulnerability that would permit any meaningful review," said Amy Hess, the FBI's executive assistant director for science and technology.
$1.3m and no source code?
Related Stories
Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":
Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.
The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.
California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.
Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring
The FBI will not have to disclose the name of the vendor that it paid to hack into an iPhone used by one of the San Bernardino terrorists:
A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone SE of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.
The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone's security system. Three news organizations — the Associated Press, Vice News, and USA Today — filed a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.
Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Related: FBI Resists Revealing its Tor User Identification Methods in Court
Apple Denies FBI Request to Unlock Shooter's iPhone:
Apple once again is drawing the line at breaking into a password-protected iPhone for a criminal investigation, refusing a request by the Federal Bureau of Investigation (FBI) to help unlock the iPhones of a shooter responsible for an attack in Florida.
The company late Monday said it won't help the FBI crack two iPhones belonging to Mohammed Saeed Alshamrani, a Saudi-born Air Force cadet and suspect in a shooting that killed three people in December at the Naval Air Station in Pensacola, Fla.
The decision is reminiscent of a scenario that happened during the investigation of a 2015 California shooting, and could pit federal law enforcement against Apple in court once again to argue over data privacy in the case of criminal investigations.
While Apple said it's helping in the FBI's investigation of the Pensacola shooting—refuting criticism to the contrary—the company said it won't help the FBI unlock two phones the agency said belonged to Alshamrani.
"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement emailed to Threatpost. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."
[...] The FBI sent a letter to Apple's general counsel last week asking the company to help the agency crack the iPhones, as their attempts until that point to guess the "relevant passcodes" had been unsuccessful, according to the letter, which was obtained by NBC News.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @08:25AM
"$1.3m and no source code?"
No worries bro. It was someone else's money they spent. (You know, taxpayers.)
(Score: 0) by Anonymous Coward on Friday April 29 2016, @10:41AM
And they probably paid more to not get the details so they can say this and keep exploiting the hole ad nauseam...
(Score: 0) by Anonymous Coward on Friday April 29 2016, @01:51PM
so you're paying from your safe for them to make lock-pick for your .. uhm .. safe?
(Score: 0) by Anonymous Coward on Friday April 29 2016, @09:12AM
Their response should be "ha ha fuck you", and not a single word more. Letting the world know that they can't do it again instantly was very weak.
(Score: 3, Informative) by maxwell demon on Friday April 29 2016, @09:16AM
They didn't say they can't do it again, they only say they can't tell how it works.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1) by hopp on Friday April 29 2016, @04:38PM
If they can't tell how it works, how can they prove they did it?
(Score: 2) by maxwell demon on Friday April 29 2016, @07:47PM
They got the data?
I don't know how decoding mp3s works. And yet I can usually tell whether a program decoded an mp3 correctly.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by urza9814 on Friday April 29 2016, @08:41PM
They got *some* data. If they don't know how it works, they have no way to be certain that data wasn't completely fabricated. If you decode an MP3 and you get white noise, but you don't know what the MP3 was supposed to contain, is it decoded wrong or is it just a recording of white noise?
(Score: 2) by KiloByte on Friday April 29 2016, @09:42PM
They already had that data before -- the phone was unlocked when the FBI got it. It was only them carelessly (or perhaps even purposefully) messing with it that caused it to lock.
The whole "locked phone" brouchacha was carefully tailored to produce a "werewolf case" -- it's hard to find a case with more public support than investigating a terrorist.
Ceterum censeo systemd esse delendam.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @11:28AM
Or you know, they *can* do it again, but "improvements" made on devices newer than the 5c make it much easier.
If that were the case, one would expect they would make a statement like, "We can't do this on newer devices, everybody please upgrade to a newer iPhone, you'll be safe lolz."
(Score: 3, Interesting) by Gravis on Friday April 29 2016, @09:32AM
how does the FBI expect anyone to take it seriously if 80% of the things they say are lies?
(Score: 0) by Anonymous Coward on Friday April 29 2016, @10:48AM
80% lies is poor gamesmanship. You're best off believing the opposite. 50% lies is optimal play.
(Score: 1) by dak664 on Friday April 29 2016, @11:18AM
or 100% half-truths
(Score: 2) by CHK6 on Friday April 29 2016, @01:33PM
Don't worry all of the lies were exposed in the hit tv series X-Files. Now go back into the basement.
(Score: 3, Insightful) by choose another one on Friday April 29 2016, @10:07AM
$1.3m and no source code?
Don't worry, I'm sure the information they got off the phone was worth a lot more than that... and indeed, they'd tell us, but the info is valuable it's classified see...
(Score: 0) by Anonymous Coward on Friday April 29 2016, @02:22PM
Am I the only one who thinks it would be hilarious if what the information they got was absolutely nothing?
Like nothing but unimportant shit and angry birds?
(Score: 0) by Anonymous Coward on Friday April 29 2016, @03:15PM
It was a work phone so it didn't even have Angry Birds on it.
(Score: 2, Insightful) by Anonymous Coward on Friday April 29 2016, @11:10AM
And how do we know the data is not fabricated then?
(Score: 4, Insightful) by looorg on Friday April 29 2016, @12:14PM
That is what I'm wondering to. If they have no clue how the "hack" happened how can they trust the information received? Doesn't this also then break the chain of custody?
(Score: 0) by Anonymous Coward on Friday April 29 2016, @08:19PM
Because we don't know if they were given data from the phone or if they were given "the PIN to unlock this phone is xxxx, go nuts"
(Score: 2) by opinionated_science on Friday April 29 2016, @11:54AM
So which of the directors got a new boat?
(Score: 0) by Anonymous Coward on Friday April 29 2016, @01:50PM
So they can have plausible deniability when they are asked how they did it. Kind of lick how the government is using private companies to facilitate spying on Americans[Prism,etc.]
Encrypt everything, everywhere, now.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @01:58PM
Does the FBI care about public relations or are they just above that? This story is so weird.
1) they failed to detect the attack despite conspiracy theory level surveillance.
2) they reset the password on the attackers phone, thus locking themselves out.
3) They paid money to some group to get access to the phone, but without figuring out how it was done.
This paints a picture of institutionalized incompetence and/or corruption. I am NOT saying that is what is going on, just that I do not understand what is pressuring the people at the FBI to behave in this way.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @02:05PM
Local and state police forces have some colorful nicknames for the FBI. On the more polite end of the scale, Fan Belt Inspectors or Feebes. On the less polite end of the scale, Fucking Big Idiots.
This isn't solely due to jurisdictional rivalries...
(Score: 2) by choose another one on Friday April 29 2016, @03:48PM
Don't forget the bit where they spent a bunch of lawyer (and maybe judge) buying money in court to try and compel Apple to do something that they claimed only Apple could do.
And then they did it anyway without Apple.
Not just incompetence but potentially perjury, at best deliberately misleading the court for whatever (probably political) their reasons were...
(Score: 2) by Nollij on Friday April 29 2016, @09:45PM
That actually could be significant - Next time the feds make that claim (and there will be many next times), that could become a noteworthy counter-argument.