recommended reading

FBI Says iPhone Hacking Method Will Remain Secret

FBI Director James Comey

FBI Director James Comey // Manuel Balce Ceneta/AP

The FBI doesn’t own the technique used to unlock the San Bernardino iPhone, so it can’t reveal the method to Apple even if it wanted to, Reuters reported, citing unnamed White House sources.

The Washington Post reported yesterday, citing unnamed sources, that the FBI had paid a hacker a one-time fee to use a piece of hardware that allowed it to access the iPhone 5c belonging to one of the San Bernardino, California assailants.

The vendor that supplied the hack is a non-U.S. company, according to Reuters. But according to The Post report, it is not the Israeli firm Cellebrite, which had previously been named.

In an email to Quartz, the FBI did not confirm or deny The Post’s report about a hacker breaking into the phone, referring us instead to public statements and congressional testimony.

The FBI would require the vendor’s cooperation in order to submit the technique it used to Vulnerabilities Equities Process, a mechanism that allows the government to consider whether it should disclose security flaws to manufacturers. It’s a move that mirrors Apple’s own efforts to create security systems on its phones that even it wouldn’t be able to crack, meaning it can’t comply with a government order to hand over user data even if it wanted to.

It’s unclear whether the FBI has acquired exclusive use of the hack. If the Reuters report is accurate, it would appear that the FBI doesn’t have sole use of the security bypass technique. When contacted, the FBI would not comment on the vendor it used.

James Comey, the FBI director, has said that he is “confident” the technique will be “closely protected” and used lawfully.

“The people we bought this from I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours,” according to a statement the FBI provided us, citing remarks Comey made at Kenyon College April 6.

The black market for hacks, or so-called “zero days,” to Apple’s mobile devices is a high-priced one. A 2015 leak of emails belonging to the security vendor Hacking Team revealed that the going rate for iOS zero-days was between $250,000 and $500,000. The leak revealed that government agencies were among the customers who could afford these expensive exploits.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.