SoylentNews is people
SoylentNews
The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):
The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.
(Score: 4, Interesting) by Anonymous Coward on Wednesday April 13 2016, @07:57PM
Apple can't sue the FBI for hacking the phone but they should be able to force them to reveal who hacked the phone considering it's a violation of the DMCA. Law enforcement may not have to follow laws but third parties do.
I hope Apple drags the FBI to court to reveal who did it. The third party may have immunity from criminal proceedings - thanks to the FBI - but not civil liabilities.
(Score: 3, Funny) by Nerdfest on Wednesday April 13 2016, @08:56PM
Law enforcement most certainly does have to follow laws.
(Score: 2) by PartTimeZombie on Wednesday April 13 2016, @10:15PM
Law enforcement most certainly does have to follow laws.
Theoretically you're quite right, in practice if an agency or individual has protection, they don't really have to.
The Iran/Contra affair showed that any agency of the US Government is above the law.
(Score: 3, Interesting) by frojack on Thursday April 14 2016, @01:17AM
The third party may have immunity from criminal proceedings - thanks to the FBI - but not civil liabilities.
I suspect the third party is not subject to civil liabilities because the are all Israelis (moon lighting from Cellebrite). Cellebrite has every reason not to become a target of every other hacker group in the world, and a little plausible deniability goes a long way.
But more to the point....
Isn't it interesting that we are talking about how they did it and who helped them, and nobody is saying a word about the fact that they FOUND NOTHING ON THE PHONE. Its like the old Jedi mind trick all over again.
No, you are mistaken. I've always had this sig.
(Score: 1, Interesting) by Anonymous Coward on Thursday April 14 2016, @08:55AM
We all predicted there was nothing on the phone. This was never about "only this one phone" no matter how many times the FBI made that claim in court, in front of Congress or in the press.