The FBI reportedly paid a shadowy group of “professional” hackers a one-time fee to unlock the iPhone 5C that belonged to San Bernardino terrorist, Syed Rizwan Farook, according to the latest twist in what is becoming an increasingly murky tale.
The organisation used these ‘grey hat’ hackers to crack Farook’s iPhone, according to sources speaking to The Washington Post, which reported that the hackers had discovered and brought to the FBI at least one previously unknown software flaw with Apple’s iPhone.
The FBI then used this information to “create a piece of hardware” that helped it to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data.
So called ‘white hat’ hackers are responsible security researchers who disclose the vulnerabilities so the flaws can be fixed. ‘Black hat’ hackers are the hackers commonly reported in the media that attack computer systems in order to steal personal data and other valuable information.
In between these two groups sits another classification of hackers, sometimes known as ‘grey hat’ hackers. These hackers are highly controversial, as they are considered ethically dubious at best, because they sell the flaws and vulnerabilities to businesses (and indeed governments) for them to exploit. They do not inform the vendors concerned for example and sometimes even violate laws.
Critics argue these grey hat hackers provide information that governments can use to spy on their citizens, in return for financial gain. These ‘grey hat’ hackers have no allegiance, and could also sell those exploits to rival businesses, or indeed terrorist organisations.
The battle between the FBI and Apple went very public in the middle of February when the Feds used a court order to try and force it to unlock Farook’s iPhone. Apple refused to co-operate, arguing that the FBI essentially wanted it to create a “backdoor” that could allow it to unlock any iPhone in the future.
The FBI thus faced a lengthy legal fight to compel Apple to help, but late last month the agency dropped its case against Apple after it finally managed to unlock the iPhone 5C, reportedly with the help of an unnamed third party.
There was speculation at the time that the FBI had employed the services of Cellebrite, a mobile forensics company based in Israel. That firm is often used by law enforcement around the world. For example it has previously helped the Dutch police decrypt messages on BlackBerry PGP handsets for example.
However FBI director James Comey admitted last week that its secret method of unlocking the iPhone only works on older Apple smartphones. “We have a tool that works on a narrow slice of phones,” Comey said.
Are you a security pro? Try our quiz!