FBI reportedly paid 'gray-hat' hackers, not Cellebrite, for zero day exploit in San Bernardino iPho

Posted:
in General Discussion edited April 2016
In the latest development of what appears to be a never-ending guessing game, a report on Tuesday claims FBI officials purchased a zero day exploit from a group of professional security researchers as part of its successful effort in breaking into an iPhone 5c linked to last year's San Bernardino terror attack.




Citing sources familiar with the matter, The Washington Post reports an unnamed group of hackers was paid a one-time fee in return for a previously unknown iPhone exploit, which was subsequently used to access a device tied to terror suspect Syed Rizwan Farook. The exact nature of the vulnerability remains unclear, as do financial specifics, but sources say the agency leveraged a software flaw to create a hardware solution that effectively bypasses Apple's iOS passcode counter.

Today's report runs counter to previous claims pointing to the involvement of Israeli firm Cellebrite. Earlier this month, for example, both Bloomberg and CNN cited sources as saying the Justice Department contracted the security subsidiary of Japan's Sun Corporation just one day before federal prosecutors were scheduled to meet Apple in court over a motion compelling the company's assistance in accessing Farook's device.

Neither Cellebrite nor the Department of Justice has commented on the matter, but Sun Corp.'s stock jumped on the rumors.

As for the identities of the shadowy security group, today's report is light on details, but said at least one individual can be considered a so-called "gray hat," or a researcher who sells discovered software flaws to governments or companies.

Researchers are usually classified into two groups: "white hats" who find and disclose vulnerabilities publicly in an ongoing effort toward to secure consumer devices; and "black hats" who use these exploits for their own gain. Actions of the third group, "gray hats," are ethically questionable as the information they provide can be used to create the surveillance and data forensics tools that sit at the heart of a contentious debate over national security and privacy.

As for the FBI, the agency currently has no plans to share information regarding the exploit with Apple as the company would undoubtedly patch the flaw, shutting off law enforcement access to iPhone 5c devices and older. Apple last week said it will not sue to learn of the vulnerability, saying the FBI's workaround likely has a short shelf life.
«1

Comments

  • Reply 1 of 26
    NY1822NY1822 Posts: 621member
    Not buying it....sorry
    calilkruppjbdragon
  • Reply 2 of 26
    djkfisherdjkfisher Posts: 130member
    The wheels are off :)
    cali
  • Reply 3 of 26
    jdwjdw Posts: 1,324member
    "professional security researchers"???
    cali
  • Reply 4 of 26
    wonkothesanewonkothesane Posts: 1,717member
    This gets more absurd with every day gone by.

    Don't miss our next episode if you want to hear Dr Bob say*: "wow, with this pink unicorn we could retrieve all data in a breeze." ...


    *that's a translation from the German version of the muppet show. For those among us who remember. Not sure it's ex tilt matching the orgiginal, but anyhow.
    cali
  • Reply 5 of 26
    magman1979magman1979 Posts: 1,292member
    To quote a scene from that old comedy Airplane 2,

    "This smells to high heaven of kickback!"
    calibrakkenargonaut
  • Reply 6 of 26
    jkichlinejkichline Posts: 1,369member


    They're back!
    nolamacguyjdwceek74jbdragonargonaut
  • Reply 7 of 26
    quinneyquinney Posts: 2,528member
    The FBI should be protecting Americans from people who develop hacks that compromise security, not subsidizing them.
    califotoformatbrakkenpalominejbdragonargonautbaconstang
  • Reply 8 of 26
    calicali Posts: 3,494member
    quinney said:
    The FBI should be protecting Americans from people who develop hacks that compromise security, not subsidizing them.
    The FBI wants to BE them.
    jbdragonbancho
  • Reply 9 of 26


    He couldn't catch Zorro however the IPhone was child's play

    lkrupp
  • Reply 10 of 26
    NemWanNemWan Posts: 118member
    Why doesn't Apple use its cash pile to make a standing offer to outbid everyone — combined — who buys zero day exploits of Apple products? Make it so anyone who does not sell what they have to Apple would be leaving money on the table.
  • Reply 11 of 26
    davidwdavidw Posts: 2,036member
    If this is true, then it only adds to Apple defense on why they shouldn't create software that hacks into their own iPhones, even if the software is created to only work on just one iPhone. The FBI could have, and most likely would have, "hired" some grey hat hackers to look for zero day exploits, in that software hack, that would allow it to work other (if not all) iPhones. And just knowing how Apple software hack did it, would be a big lead for these professional security hackers to know where to look to find other zero day exploits.
  • Reply 12 of 26
    brakkenbrakken Posts: 687member
    oooooooh gosh O gee I'm so worried that the government will be able to see the pics Ive taken of myself and my friends having fun. Jeeeez grow up and get real. If the FBI and or CIA want to put a camera in my toilet bowl I encourage them. Have guts and be proud of who you are. Too many techies are absolutely spineless and neurotic. Which explains why you snivel behind LED screens so much. Get out and get a life weenies!
    Assuming all government officials have unbreakable security (and ethics and morals) thereby ensuring that our credit card info and home addresses cannot be accessed by nefarious tupes. 

    You're shit still stinks, regardless of who you let place a camera in your toilet bowl, or who gains access to that feed with or without your knowledge or permission. 
  • Reply 13 of 26
    palegolaspalegolas Posts: 1,361member
    The most remarkable information about this whole thing, to me, is that FBI more or less has told the world that they have no in house intelligence. They appear really awkward. I mean, I would have assumed that the FBI had tons of in-house black hats operating for only FBI's own interests. Now they're basically telling the world that the most famous federal Byreau of investigation is incompetent. They've totally lost their iconic status after this. Not very smart...
    anantksundarampalomineargonautbaconstangfirelock
  • Reply 14 of 26
    irelandireland Posts: 17,798member
    The jump in Sun's stock surely cannot be related to this.
  • Reply 15 of 26
    NY1822NY1822 Posts: 621member
    jdw said:
    "professional security researchers"???
    hahaha...I must have glanced over that during my first read....so I guess the drug dealers are called "independent pharmacists"
    lkruppanantksundaramrealjustinlongargonautbaconstang
  • Reply 16 of 26
    ceek74ceek74 Posts: 324member
    Huh, the FBI colluding with a potential terrorist organization.  Huh.
    anantksundaramargonautJinTech
  • Reply 17 of 26
    badmonkbadmonk Posts: 1,285member
    Your tax dollars at work...
    anantksundaram
  • Reply 18 of 26
    F'in Bloody Incompetent. 
  • Reply 19 of 26
    MacProMacPro Posts: 19,718member
    So ... assuming any of this is remotely true ... these 'gray hats' all signed a life long NDA I assume?  /s
  • Reply 20 of 26
    hungeduhungedu Posts: 15member
    Not surprising since many DOJ activities are "ethically questionable".
Sign In or Register to comment.