Firm that unlocked San Bernardino shooter's iPhone for FBI is revealed

Posted:
in iPhone edited April 14
Even Apple could not find out which firm the FBI used to unlock one of the San Bernardino shooters' iPhones -- but a new report claims to know the secret company that did the work.

Tim Cook had wanted Apple's dispute with the FBI to go to trial
Tim Cook had wanted Apple's dispute with the FBI to go to trial


Despite much speculation in 2016 that the FBI hired Cellebrite to unlock the shooter's iPhone 5C, it's only now that the real company has been named. It's an Australian defense contractor called Azimuth Security, now part of L3Harris Technologies.

According to The Washington Post, Azimuth is a "publicity-shy" firm, but it has been known to be involved in producing hacking tools for the US, Canadian, and UK governments. Apple has been suing Azimuth over its selling of virtual iPhones to government agencies attempting to unlock the devices.

Nonetheless, Apple did not determine that it was Azimuth that had aided the FBI. The San Bernardino iPhone it ultimately unlocked became the center of a high-profile dispute between Apple and the FBI.

Prior to the San Bernardino incident, the FBI had been consistently pressing for technology firms to let law enforcement bypass end-to-end encryption. The 2015 shooting, in which 14 people were killed and 22 others seriously injured, was also seen as a way to get public opinion on the FBI's side.

Apple was ordered by a US magistrate judge to comply with the FBI's requests to extract data from one shooter's iPhone. Apple argued that it had already done "everything that's both within our power and within the law to help this case," and refused to create a security backdoor for the authorities.

"As individuals and as a company, we have no tolerance or sympathy for terrorists," Tim Cook told Apple employees in a memo. "When they commit unspeakable acts like the tragic attacks in San Bernardino, we work to help the authorities pursue justice for the victims. And that's exactly what we did."

"Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user's passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure," he continued. "We all know that turning back the clock on that progress would be a terrible idea."

Cook later said that he had wanted the dispute to go to court, but the argument ended with the successfully unlocking.

Credit: Corellium
In suing Corellium, Apple was unknowingly close to learning the name of the firm that helped the FBI. Credit: Corellium


Now it's revealed that two Azimuth hackers approached the FBI with a series of iOS vulnerabilities, or exploits, that in combination allowed them to unlock the iPhone. Reportedly, Azimuth was paid $900,000 for the unlocking, though it led to no actionable intelligence being recovered from the phone.

According to The Washington Post, Apple's subsequent and separate 2019 suing of Corellium could have uncovered that the firm had been behind the unlocking. Corellium co-founder David Wang and Apple's requests for disclosure ought to have revealed the information, but the Department of Justice intervened on national security grounds.

The suit against Corellium concerned the company's creation of virtual iPhones which can then be used in hacking research. Apple's suit was dismissed, although it can yet appeal.

According to The Washington Post, Corellium argues that Apple's legal efforts are an attempt to put the firm out of business. Reportedly, Apple had tried to buy Corellium, and separately it had tried to hire David Wang before he co-founded the company.




Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 9
    lkrupplkrupp Posts: 9,026member
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    mwhiteJaiOh81
  • Reply 2 of 9
    MurvelMurvel Posts: 17member
    So is it Azimuth or Correllium?
    watto_cobra
  • Reply 3 of 9
    Murvel said:
    So is it Azimuth or Correllium?
    Azimuth.  From the post:
    "Now it's revealed that two Azimuth hackers approached the FBI with a series of iOS vulnerabilities, or exploits, that in combination allowed them to unlock the iPhone. Reportedly, Azimuth was paid $900,000 for the unlocking, though it led to no actionable intelligence being recovered from the phone."

    Your question is understandable though.  Outside of a cursory mention of Correllium in conjunction with iPhone virtualization, this entire section rehashes an unrelated lawsuit and only serves to confuse:

    According to The Washington Post, Apple's subsequent and separate 2019 suing of Corellium could have uncovered that the firm had been behind the unlocking. Corellium co-founder David Wang and Apple's requests for disclosure ought to have revealed the information, but the Department of Justice intervened on national security grounds.
    The suit against Corellium concerned the company's creation of virtual iPhones which can then be used in hacking research. Apple's suit was dismissed, although it can yet appeal.
    According to The Washington PostCorellium argues that Apple's legal efforts are an attempt to put the firm out of business. Reportedly, Apple had tried to buy Corellium, and separately it had tried to hire David Wang before he co-founded the company.


    applguy
  • Reply 4 of 9
    StrangeDaysStrangeDays Posts: 11,173member
    lkrupp said:
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    Is just last month recent enough for ya? FBI Director Christopher Wray asked the Senate Judiciary Committee yet again. 

    But it’s also true that more police departments are using hacker tools more often.

    https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones
    fastasleepwatto_cobra
  • Reply 5 of 9
    lkrupp said:
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    I have always maintained, on this site and others, the government never really needed backdoors.  What they were actually after was unfettered access, not access in general.  They've pretty much always been able to get in, but there was cost -sometimes considerable- involved.  A backdoor would eliminate the calculus of expense vs actionable intel.  It would also be the end of privacy as we know it.  
    entropysblastdoor
  • Reply 6 of 9
    dewmedewme Posts: 3,536member
    lkrupp said:
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    I have always maintained, on this site and others, the government never really needed backdoors.  What they were actually after was unfettered access, not access in general.  They've pretty much always been able to get in, but there was cost -sometimes considerable- involved.  A backdoor would eliminate the calculus of expense vs actionable intel.  It would also be the end of privacy as we know it.  

    I have to agree to a certain extent. I'd also add that many security systems have a certain level of tolerable leakiness that both sides implicitly agree to leave open -  as a sort of pressure relief valve. If law enforcement were 100% stymied in their ability to get at certain information using sanctioned mechanisms, they would simply resort to non-sanctioned methods. Humans are often the weakest link and can be coerced through many mechanisms, some that reside on the extreme edge of the nastiness scale, to give up enough information to unlock a case without the need for built-in back doors. Nobody wants to go to that extreme, so something must be done to prevent the pressure from building up to a point where the whole system breaks, and things like back doors become a mandate.
    CloudTalkinwatto_cobrablastdoor
  • Reply 7 of 9
    lkrupp said:
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    Not true porcupine. They realized that spending almost a million dollars to get nothing looks bad. They discovered that offering a fraction of that money to the public for information works better. How else did they find so many suspects for the January 6th insurrection? 

    The iPhone is now the conduit and not the source of incriminating evidence. Most of the evidence is being pushed to cloud based storage, some are encrypted and some are not. 
    I’m sure the next hacking opportunity will be to how to unencrypt chats and other data. 
    watto_cobra
  • Reply 8 of 9
    blastdoorblastdoor Posts: 2,363member
    dewme said:
    lkrupp said:
    Notice how we don’t hear much anymore about the government wanting back doors into consumer’s devices? They don’t need to. Case closed.
    I have always maintained, on this site and others, the government never really needed backdoors.  What they were actually after was unfettered access, not access in general.  They've pretty much always been able to get in, but there was cost -sometimes considerable- involved.  A backdoor would eliminate the calculus of expense vs actionable intel.  It would also be the end of privacy as we know it.  

    I have to agree to a certain extent. I'd also add that many security systems have a certain level of tolerable leakiness that both sides implicitly agree to leave open -  as a sort of pressure relief valve. If law enforcement were 100% stymied in their ability to get at certain information using sanctioned mechanisms, they would simply resort to non-sanctioned methods. Humans are often the weakest link and can be coerced through many mechanisms, some that reside on the extreme edge of the nastiness scale, to give up enough information to unlock a case without the need for built-in back doors. Nobody wants to go to that extreme, so something must be done to prevent the pressure from building up to a point where the whole system breaks, and things like back doors become a mandate.
    That all makes sense to me. Furthermore, I wonder if all the publicity about Apple fighting to keep iPhones secure ended up helping the government by giving us all a false sense of security/privacy — especially given that anything that hits iCloud is substantially less secure. 

    I’m not saying it was all planned kabuki theater— more like it was accidental kabuki theater. 
    muthuk_vanalingamwatto_cobra
  • Reply 9 of 9
    Do these virtual iOS instances count towards apples iOS install numbers they release? 
    watto_cobra
Sign In or Register to comment.