Feds' iPhone-cracking tool takes advantage of a security flaw

A group of 'gray hat' hackers discovered and used the flaw to make the tool the FBI needed.

Kārlis Dambrāns/Flickr

The FBI didn't commission an Israeli firm to unlock the San Bernardino shooter's iPhone 5c like previous reports said. According to The Washington Post, the agency cracked the iPhone's security system with help from a group of professional hackers who actively hunt for software vulnerabilities to sell, sometimes to the US government. The piece, which sheds light on the methods the FBI used, says the group presented the bureau with a previously unknown flaw in either the iPhone 5c or iOS 9. It was then used to create the tool the feds needed.

The hardware they made allowed the agency to crack the phone's four-digit pin without triggering the feature that erases all the device's data after 10 failed attempts. That feature was what prevented the FBI from taking a stab at hacking the phone on their own. With the tool in the feds' possession, they wouldn't have to worry about triggering the feature, so long as they're using it on an iPhone 5c running the same build of iOS 9. It might not work for other, newer devices and OS, since they might not have the same vulnerability. The hackers received a one-time flat fee for their services.

During a privacy conference last week, FBI Director James B. Comey said they're considering whether to disclose that security to flaw to Apple or not. Cupertino will most likely patch it up if and when their engineers find out what it is, but the company announced last week that it will not sue the FBI to gain access to the solution it used.