SoylentNews is people
SoylentNews
The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):
The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.
(Score: 2) by inertnet on Wednesday April 13 2016, @10:14PM
The article says that they needed a piece of hardware to take advantage of a software flaw. Could it be that they disabled a memory write line and the software doesn't read back to check if the write was successful? Did they also find a way to disable the timer that adds a delay after a failed attempt? I hope we'll get an answer someday.
(Score: 2) by frojack on Thursday April 14 2016, @01:20AM
THAT'S what you want to ask them?
Nothing about "did you find anything of value on the phone or was this more security theater"?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:28AM
They'll just lie about it:
https://theintercept.com/2014/10/17/draft-two-cases-cited-fbi-dude-dumb-dumb/ [theintercept.com]
https://theintercept.com/2015/09/15/fbi-keeps-telling-purely-theoretical-encryption-horror-stories/ [theintercept.com]
https://theintercept.com/2015/02/26/fbi-manufacture-plots-terrorism-isis-grave-threats/ [theintercept.com]
https://theintercept.com/2015/03/16/howthefbicreatedaterrorist/ [theintercept.com]
(Score: 2) by CirclesInSand on Thursday April 14 2016, @01:20AM
They probably called tech support and pretended to be a housewife who forget who password.
Really though there are several possibilities. All they really need to be able to do is get the raw data off the disk, checking passwords becomes trivial after that. And odds are, they would have probably had a hard time trusting anyone unless that is what they were doing, since it isn't like you get a second chance if you screw up. I wonder whether the hardware supplier for the chips disclosed the VLSI or whatever for it.