FBI reportedly paid less than $1M for San Bernardino iPhone exploit

Posted:
in General Discussion edited April 2016
A report on Thursday claims the U.S. Federal Bureau of investigation spent less than $1 million on an exploit used to access an iPhone tied to last year's San Bernardino terror attack, far below a previously estimated sum of more than $1.3 million.




Citing government sources familiar with the matter, Reuters reports the one-time payment came in exchange for a zero-day vulnerability capable of bypassing the passcode lock on a target iPhone 5c running iOS 9. The device was used by San Bernardino terror suspect Syed Rizwan Farook, and sat centerstage in a contentious court battle between the FBI and Apple.

Previous estimates put the purchase at more than $1.3 million based on a quote from FBI Director James Comey. Last week, Comey said his agency paid an outside group "more than I will make in the remainder of this job" for access to the exploit, prompting media outlets to calculate the director's remaining tenure and current salary.

Officials have not identified the contractor, and media reports read like speculation. Depending on the source, the party is either established security firm Cellebrite or a clandestine cadre of gray-hat hackers.

Sources told Reuters that even Comey doesn't know who his agency contracted for the job.

The third party's identity, and its workaround, will likely remain secret. The FBI this week said it will not submit the vulnerability for review under the Vulnerabilities Equities Process, a system designed to determine whether or not discovered digital vulnerabilities should be disclosed to private manufacturers. The agency claims it cannot provide technical details on the matter because legal rights to those techniques are still owned by the contractor.

For its part, Apple said it has no intention of filing suit against the government to force the hack's disclosure as the exploit likely has a short shelf life.

Comments

  • Reply 1 of 13
    buckalecbuckalec Posts: 192member
    No tax on that special service I guess. 3 arrests today, kids would have more maturity.
  • Reply 2 of 13
    phone-ui-guyphone-ui-guy Posts: 1,018member
    So Comey cannot do simple math either... Shocker!
    nouserjony0
  • Reply 3 of 13
    cpsrocpsro Posts: 2,460member
    It sounded like a good deal, until shipping and handling was added.
    jony0
  • Reply 4 of 13
    quinneyquinney Posts: 2,525member

    Sources told Reuters that even Comey doesn't know who his agency contracted for the job. 





    Yet somehow they were able to pay them a lot of money.
    nouser
  • Reply 5 of 13
    Rayz2016Rayz2016 Posts: 4,591member
    Since there was nothing on the phone, and everyone else except the FBI knew there was nothing on the phone, then $1 was too much to pay for the hack.

    baconstangnouserbadmonkjony0
  • Reply 6 of 13
    wonkothesanewonkothesane Posts: 1,364member
    It was really making me concerned when I read that supposedly they paid more than a million. What a relief to know now that it was less than a million..... And their mathematical skills appear to be on par with their public appearance of honesty and trustworthiness. 

    Oh, wait....
    nouserbadmonk
  • Reply 7 of 13
    foggyhillfoggyhill Posts: 4,767member
    This thing is turning into a comedy.
    dewme
  • Reply 8 of 13
    lkrupplkrupp Posts: 7,062member
    The White Hat hackers inform Apple when they discover a security flaw and give Apple some time to correct it before releasing the exploit publicly. The government apparently decides to keep certain vulnerabilities from companies because it intends to exploit them. Thats makes the government one of the black hats and a threat to public security. Meanwhile TSA agents across the country regularly steal valuable items from the very public they were hired to protect. Ain’t America “wunnerful?” 
    nouser
  • Reply 9 of 13
    rob53rob53 Posts: 2,028member
    Another website states it's a crime to hack into someone else's phone, therefore, no matter who the FBI used to perform this service, it was illegal (even if the court ordered it, which means the court ordered something illegal). If all of this is actually valid, then why can't Apple's attorneys file charges against the hackers in court, including the FBI as a co-conspirator in the illegal act? I've read Apple doesn't want to sue the FBI but suing and bringing criminal charges against hackers, including hacking companies, is totally different. Apple users deserve to know what hack was used to insist Apple fix it, even if Apple says it's already fixed. These users include enterprise and government users, who should already be making these demands.

    As for paying $1M or even $1000 for this hack, it upsets me because everyone knows there wasn't going to be anything on that iPhone and since the FBI used taxpayers money, we have a right to be upset. It's a total waste of money and the FBI knows it.
    edited April 2016 nouserbadmonk
  • Reply 10 of 13
    lkrupplkrupp Posts: 7,062member

    For its part, Apple said it has no intention of filing suit against the government to force the hack's disclosure as the exploit likely has a short shelf life.
    That’s because Apple probably already knows how they did it. Hackers in general have egos the size of Mount Everest and can’t resist blowing their own horns and thumping their chests like King Kong. I’m absolutely sure whatever was done made its way onto the underground blogs of the black hats and Apple’s own security professionals (previous black, white, gray hats) have contacts in that murky realm.
    nouser
  • Reply 11 of 13
    CMA102DLCMA102DL Posts: 121member
    Rayz2016 said:
    Since there was nothing on the phone, and everyone else except the FBI knew there was nothing on the phone, then $1 was too much to pay for the hack.

    that's not how the FBI thinks. If they can pay 1 million USD for something that costs $1, they will pay the 1 million and ask Congress for more money to beef up their annual budgets and justify their own existence.
    nouser
  • Reply 12 of 13
    icoco3icoco3 Posts: 1,459member
    CMA102DL said:
    Rayz2016 said:
    Since there was nothing on the phone, and everyone else except the FBI knew there was nothing on the phone, then $1 was too much to pay for the hack.

    that's not how the FBI thinks. If they can pay 1 million USD for something that costs $1, they will pay the 1 million and ask Congress for more money to beef up their annual budgets and justify their own existence.
    They paid the money, the exploit worked, then they found out a simple search on Google would have given them the same information for free.  No refunds as they paid in Bitcoins !!!!  B)
  • Reply 13 of 13
    CMA102DLCMA102DL Posts: 121member
    icoco3 said:
    CMA102DL said:
    that's not how the FBI thinks. If they can pay 1 million USD for something that costs $1, they will pay the 1 million and ask Congress for more money to beef up their annual budgets and justify their own existence.
    They paid the money, the exploit worked, then they found out a simple search on Google would have given them the same information for free.  No refunds as they paid in Bitcoins !!!!  B)
    Everyone knew that there was no relevant info in this phone. Only an idiot would use a work phone to plan a terrorist attack after destroying his personal phone to cover his tracks.
    badmonk
Sign In or Register to comment.