Firm that unlocked San Bernardino shooter's iPhone for FBI is revealed
Even Apple could not find out which firm the FBI used to unlock one of the San Bernardino shooters' iPhones -- but a new report claims to know the secret company that did the work.
Tim Cook had wanted Apple's dispute with the FBI to go to trial
Despite much speculation in 2016 that the FBI hired Cellebrite to unlock the shooter's iPhone 5C, it's only now that the real company has been named. It's an Australian defense contractor called Azimuth Security, now part of L3Harris Technologies.
According to The Washington Post, Azimuth is a "publicity-shy" firm, but it has been known to be involved in producing hacking tools for the US, Canadian, and UK governments. Apple has been suing Azimuth over its selling of virtual iPhones to government agencies attempting to unlock the devices.
Nonetheless, Apple did not determine that it was Azimuth that had aided the FBI. The San Bernardino iPhone it ultimately unlocked became the center of a high-profile dispute between Apple and the FBI.
Prior to the San Bernardino incident, the FBI had been consistently pressing for technology firms to let law enforcement bypass end-to-end encryption. The 2015 shooting, in which 14 people were killed and 22 others seriously injured, was also seen as a way to get public opinion on the FBI's side.
Apple was ordered by a US magistrate judge to comply with the FBI's requests to extract data from one shooter's iPhone. Apple argued that it had already done "everything that's both within our power and within the law to help this case," and refused to create a security backdoor for the authorities.
"As individuals and as a company, we have no tolerance or sympathy for terrorists," Tim Cook told Apple employees in a memo. "When they commit unspeakable acts like the tragic attacks in San Bernardino, we work to help the authorities pursue justice for the victims. And that's exactly what we did."
"Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user's passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure," he continued. "We all know that turning back the clock on that progress would be a terrible idea."
Cook later said that he had wanted the dispute to go to court, but the argument ended with the successfully unlocking.
In suing Corellium, Apple was unknowingly close to learning the name of the firm that helped the FBI. Credit: Corellium
Now it's revealed that two Azimuth hackers approached the FBI with a series of iOS vulnerabilities, or exploits, that in combination allowed them to unlock the iPhone. Reportedly, Azimuth was paid $900,000 for the unlocking, though it led to no actionable intelligence being recovered from the phone.
According to The Washington Post, Apple's subsequent and separate 2019 suing of Corellium could have uncovered that the firm had been behind the unlocking. Corellium co-founder David Wang and Apple's requests for disclosure ought to have revealed the information, but the Department of Justice intervened on national security grounds.
The suit against Corellium concerned the company's creation of virtual iPhones which can then be used in hacking research. Apple's suit was dismissed, although it can yet appeal.
According to The Washington Post, Corellium argues that Apple's legal efforts are an attempt to put the firm out of business. Reportedly, Apple had tried to buy Corellium, and separately it had tried to hire David Wang before he co-founded the company.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Tim Cook had wanted Apple's dispute with the FBI to go to trial
Despite much speculation in 2016 that the FBI hired Cellebrite to unlock the shooter's iPhone 5C, it's only now that the real company has been named. It's an Australian defense contractor called Azimuth Security, now part of L3Harris Technologies.
According to The Washington Post, Azimuth is a "publicity-shy" firm, but it has been known to be involved in producing hacking tools for the US, Canadian, and UK governments. Apple has been suing Azimuth over its selling of virtual iPhones to government agencies attempting to unlock the devices.
Nonetheless, Apple did not determine that it was Azimuth that had aided the FBI. The San Bernardino iPhone it ultimately unlocked became the center of a high-profile dispute between Apple and the FBI.
Prior to the San Bernardino incident, the FBI had been consistently pressing for technology firms to let law enforcement bypass end-to-end encryption. The 2015 shooting, in which 14 people were killed and 22 others seriously injured, was also seen as a way to get public opinion on the FBI's side.
Apple was ordered by a US magistrate judge to comply with the FBI's requests to extract data from one shooter's iPhone. Apple argued that it had already done "everything that's both within our power and within the law to help this case," and refused to create a security backdoor for the authorities.
"As individuals and as a company, we have no tolerance or sympathy for terrorists," Tim Cook told Apple employees in a memo. "When they commit unspeakable acts like the tragic attacks in San Bernardino, we work to help the authorities pursue justice for the victims. And that's exactly what we did."
"Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user's passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure," he continued. "We all know that turning back the clock on that progress would be a terrible idea."
Cook later said that he had wanted the dispute to go to court, but the argument ended with the successfully unlocking.
In suing Corellium, Apple was unknowingly close to learning the name of the firm that helped the FBI. Credit: Corellium
Now it's revealed that two Azimuth hackers approached the FBI with a series of iOS vulnerabilities, or exploits, that in combination allowed them to unlock the iPhone. Reportedly, Azimuth was paid $900,000 for the unlocking, though it led to no actionable intelligence being recovered from the phone.
According to The Washington Post, Apple's subsequent and separate 2019 suing of Corellium could have uncovered that the firm had been behind the unlocking. Corellium co-founder David Wang and Apple's requests for disclosure ought to have revealed the information, but the Department of Justice intervened on national security grounds.
The suit against Corellium concerned the company's creation of virtual iPhones which can then be used in hacking research. Apple's suit was dismissed, although it can yet appeal.
According to The Washington Post, Corellium argues that Apple's legal efforts are an attempt to put the firm out of business. Reportedly, Apple had tried to buy Corellium, and separately it had tried to hire David Wang before he co-founded the company.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
Your question is understandable though. Outside of a cursory mention of Correllium in conjunction with iPhone virtualization, this entire section rehashes an unrelated lawsuit and only serves to confuse:
But it’s also true that more police departments are using hacker tools more often.
https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones
I have to agree to a certain extent. I'd also add that many security systems have a certain level of tolerable leakiness that both sides implicitly agree to leave open - as a sort of pressure relief valve. If law enforcement were 100% stymied in their ability to get at certain information using sanctioned mechanisms, they would simply resort to non-sanctioned methods. Humans are often the weakest link and can be coerced through many mechanisms, some that reside on the extreme edge of the nastiness scale, to give up enough information to unlock a case without the need for built-in back doors. Nobody wants to go to that extreme, so something must be done to prevent the pressure from building up to a point where the whole system breaks, and things like back doors become a mandate.