dgstorm
Editor in Chief
The truth has finally been revealed regarding how the FBI was able to crack into the San Bernardino shooter's iPhone C. Apparently, the DOJ (Department of Justice) found some "Gray Hat" hackers who sold them a zero-day exploit to break into the device.
This exploit basically allowed the FBI to create a piece of hardware that took advantage of a security vulnerability. This newly created hardware let the FBI guess the passcode through multiple attempts without erasing the iPhone. This solution only works on older Apple devices. Apple devices starting with the iPhone 5S and newer are not affected by this vulnerability.
The DOJ is weighing whether or not it will share this exploit with Apple. Here's a quote with a few more details,
"If the government shares data on the flaws with Apple, “they’re going to fix it and then we’re back where we started from,” Comey said last week in a discussion at Ohio’s Kenyon College. Nonetheless, he said Monday in Miami, “we’re considering whether to make that disclosure or not.”
The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find. It could be weeks before the FBI’s case is reviewed, officials said. The policy calls for a flaw to be submitted to the process for consideration if it is “newly discovered and not publicly known.”
“When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White House cybersecurity coordinator Michael Daniel said in an October 2014 interview, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”
But, he added, “we do have an intelligence and national security mission that we have to carry out. That is a factor that we weigh in making our decisions.” ~ Washington Post
According to additional reports, Apple has decided not to sue the DOJ to obtain the details of the exploit. More than likely, Apple already knows about it, and doesn't consider it worth pursing since it only affects older iPhones.
A better question is... how do you feel about the government specifically paying for help from a "gray hat" hacker?