FBI says San Bernardino iPhone hack won't be submitted to review group for possible disclosure

Posted:
in iPhone
The FBI will not be submitting the exploit used to hack into the iPhone of San Bernardino shooter Syed Rizwan Farook to a review process that could clear it for sharing with outside parties, a report said on Wednesday.




When the FBI paid a third party to help unlock the phone, it didn't acquire the rights to the technical details involved in the process, said the FBI's executive assistant director for science and technology, Amy Hess, according to Reuters. As a result, Hess said the agency doesn't "have enough technical information about any vulnerability" that could be considered for release.

Just yesterday, FBI director James Comey said that the agency was still deciding whether it could submit the exploit. The review group, associated with the White House, exists to decide whether cybersecurity flaws uncovered by U.S. government agencies should be shared with entities like corporations or even other internal organizations.

Hess' statement may support one set of rumors pointing to the third party being a dedicated forensics firm, possibly Cellebrite. One report suggested it was a hacker group, in which case the FBI might simply have paid for knowledge of a zero-day exploit.

Apple has previously asked for details on the exploit, but today's decision likely means the information will remain secret, unless the company can devise a legal challenge.

Regardless, any threat to the public may be minimal. Farook owned an iPhone 5c, one of the last major iOS devices without Touch ID. Products with that technology are believed to be immune to the technique the FBI employed, thanks to their Secure Enclaves.

Comments

  • Reply 1 of 10
    wood1208wood1208 Posts: 1,875member
    What's wrong with American intelligence agencies to spit out everything they doing related to terrorism ? Learn from Chinese, Mosad and others. Don't need to say anything in media about what you doing to go after terrorists. Just Do It.
    edited April 2016 buzdots
  • Reply 2 of 10
    eightzeroeightzero Posts: 2,291member
    A change to the Apple ToS in 3...2...1...

  • Reply 3 of 10
    rob53rob53 Posts: 2,007member
    wood1208 said:
    What's wrong with American intelligence agencies to spit out everything they doing related to terrorism ? Learn from Chinese, Mosad and others. Don't need to say anything in media about what you doing to go after terrorists. Just Do It.
    Maybe this works in China and other countries but the US is supposed to be a democracy where our government is supposed to be held accountable for the things it does, both good and bad. All you need to do is read this government memorandum, https://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernment, to understand that openness is key to a good government:

    "My Administration is committed to creating an unprecedented level of openness in Government.  We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government. ...Barack Obama"

    You might not agree with things Obama has done but our government is supposed to be open. I know I used "supposed to" a whole lot but that's what's making me mad. The FBI is part of our government and they're hiding behind a technicality. I wonder is the FOI ACT allows someone to request a copy of the procurement order for the services the FBI paid way too money for. 

    As for the supposed terrorists in San Bernardino, the FBI stated (at least initially) that they were not part of a larger terrorist organization. In other words, they were simply a disgruntled employee who killed a lot of fellow employees. For the FBI to use the terrorist tag, which I believe Comey backtracked and ended up calling them terrorists so he could hide what he was doing, is simply a way to get around any demand by the President for openess.

    "It does not appear the two perpetrators of Wednesday’s mass shooting in San Bernardino are part of an organized cell or part of a network, FBI director James Comey said at a news conference this afternoon.

    “We are going through a very large volume of electronic evidence … these killers tried to destroy,” Comey said with Attorney General Loretta Lynch at his side. “There is a lot of evidence that doesn’t quite make sense,” he acknowledged. But “our investigation to date, so far we have no indication these killers are part of a larger organized group or part of a cell. There is no indication they are part of a network,” he maintained."



  • Reply 4 of 10
    quinneyquinney Posts: 2,524member
    They don't want to reveal the foreign hackers they are paying to subvert the security built into products of an American company.
    brucemc
  • Reply 5 of 10
    JohnDeeJohnDee Posts: 29member
    Of course not - how can you share something you don't have ?
    daren_mitchell
  • Reply 6 of 10
    rob53rob53 Posts: 2,007member
    JohnDee said:
    Of course not - how can you share something you don't have ?
    The FBI knows who they used to perform the service. That would be a good start. "Sources" have said it's either one company or some hackers. Time for the FBI to officially say who they used.

  • Reply 7 of 10
    irelandireland Posts: 17,547member
    No way, serious? US agencies above the law? Lie to congress and receive zero punishment. Never.
    edited April 2016
  • Reply 8 of 10
    The FBI is on a nonstop tour talking about the hack it paid for in an attempt to improve its image after damaging its image with the San Bernardino case. The very real realty is the FBI lost the case then lost the New York case. It also lost the Boston case that is not being written about much. With three losses, the FBI is bragging about a hack as a win. The people writing this script are terrible writers. A lot of people are seeing through the performance and not trusting it to be the truth. Hopefully the performance will end soon. 
    robertwalterpscooter63
  • Reply 9 of 10
    "When the FBI paid a third party to help unlock the phone, it didn't acquire the rights to the technical details involved in the process, said the FBI's executive assistant director for science and technology, Amy Hess, according to Reuters. As a result, Hess said the agency doesn't "have enough technical information about any vulnerability" that could be considered for release."

    If you ever saw Amy Hess testify before congress, you might get the impression that she is a lying incompetent who compensates with a dour expression. 

    Absent the possibility that the FBI was looking for a way to get out of the pending unfavorable "non-precedential" ruling they were about to suffer in San Bernadino, and any related  desperation they may have felt to do so, I don't think they would have spent that much money and not demanded all details. It just does not seem plausible. 
  • Reply 10 of 10
    The judge in this case needs to say:

    So, you want to submit this as evidence, but you didn't collect it, you don't know how it was collected, and the third parties that unlocked it for you probably violated other laws in doing so.

    We need a clear chain of custody for this evidence. This stuff is inadmissible without complete information as to how it was unlocked.

    daren_mitchell
Sign In or Register to comment.