Professional hackers used software and hardware to help the FBI unlock the San Bernadino terrorist’s iPhone 5C. Previously Israeli security company Cellebrite was widely assumed to be the source of the unidentified assistance. In the end, however, it was hackers-for-pay who got the job done, according to a report in the Washington Post.
Ordinarily, too many PIN number retries on an iPhone 5C eventually would have trashed all the device’s data. Because a “brute force” effort to try all possible PINs wouldn’t work, another solution was sought. The hired hackers apparently used a two-step process which involved first writing code that defeated the PIN number security features, and then using at least one previously discovered software flaw to create hardware that cracked the phone, allowing the FBI to access the 5C’s data.
“Gray hat“ is the term used to describe professional hackers who sell their discoveries and expertise, typically to government agencies and businesses. The description is midway between “black hats” and “white hats.” Black hats hack illegally, whether for pay, to steal information, to gain access to restricted sites for personal gain or vendetta, or just to cause a ruckus. White hats are hackers who disclose vulnerabilities or solutions as a public service. In this case, gray hats were the ones who helped the FBI.
Wide reports including one from an Israeli newspaper previously suggested Cellebrite was the company that cracked the terrorist’s phone. The U.S. government acknowledged that a number of companies had offered help, but did not disclose who provided the solution that worked.
Still in question is whether the FBI will disclose the procedure it used. The FBI Director has previously said the tricks used are only good for iPhone 5Cs running iOS 9. Apple and other firms have an interest in knowing how the security is defeated, but in this case Apple has stated that it won’t sue the U.S. government for the information. Encryption and personal privacy issues as they affect national security and law enforcement investigations remain major concerns of all parties.