In the latest development of what
appears to be a never-ending guessing game, a report on Tuesday claims
FBI officials purchased a zero day exploit from a group of professional
security researchers as part of its successful effort in breaking into
an iPhone 5c linked to last year's San Bernardino terror attack.
Citing sources familiar with the matter, The Washington Post reports an unnamed group of hackers was paid a one-time fee
in return for a previously unknown iPhone exploit, which was
subsequently used to access a device tied to terror suspect Syed Rizwan
Farook. The exact nature of the vulnerability remains unclear, as do
financial specifics, but sources say the agency leveraged a software
flaw to create a hardware solution that effectively bypasses Apple's iOS
passcode counter.
Today's report runs counter to previous claims pointing to the involvement of Israeli firm Cellebrite. Earlier this month, for example, both Bloomberg and CNN cited sources as saying the Justice Department contracted the security subsidiary of Japan's Sun Corporation just one day before federal prosecutors were scheduled to meet Apple in court over a motion compelling the company's assistance in accessing Farook's device.
Neither Cellebrite nor the Department of Justice has commented on the matter, but Sun Corp.'s stock jumped on the rumors.
As for the identities of the shadowy security group, today's report is light on details, but said at least one individual can be considered a so-called "gray hat," or a researcher who sells discovered software flaws to governments or companies.
Researchers are usually classified into two groups: "white hats" who find and disclose vulnerabilities publicly in an ongoing effort toward to secure consumer devices; and "black hats" who use these exploits for their own gain. Actions of the third group, "gray hats," are ethically questionable as the information they provide can be used to create the surveillance and data forensics tools that sit at the heart of a contentious debate over national security and privacy.
As for the FBI, the agency currently has no plans to share information regarding the exploit with Apple as the company would undoubtedly patch the flaw, shutting off law enforcement access to iPhone 5c devices and older. Apple last week said it will not sue to learn of the vulnerability, saying the FBI's workaround likely has a short shelf life.
Today's report runs counter to previous claims pointing to the involvement of Israeli firm Cellebrite. Earlier this month, for example, both Bloomberg and CNN cited sources as saying the Justice Department contracted the security subsidiary of Japan's Sun Corporation just one day before federal prosecutors were scheduled to meet Apple in court over a motion compelling the company's assistance in accessing Farook's device.
Neither Cellebrite nor the Department of Justice has commented on the matter, but Sun Corp.'s stock jumped on the rumors.
As for the identities of the shadowy security group, today's report is light on details, but said at least one individual can be considered a so-called "gray hat," or a researcher who sells discovered software flaws to governments or companies.
Researchers are usually classified into two groups: "white hats" who find and disclose vulnerabilities publicly in an ongoing effort toward to secure consumer devices; and "black hats" who use these exploits for their own gain. Actions of the third group, "gray hats," are ethically questionable as the information they provide can be used to create the surveillance and data forensics tools that sit at the heart of a contentious debate over national security and privacy.
As for the FBI, the agency currently has no plans to share information regarding the exploit with Apple as the company would undoubtedly patch the flaw, shutting off law enforcement access to iPhone 5c devices and older. Apple last week said it will not sue to learn of the vulnerability, saying the FBI's workaround likely has a short shelf life.