Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

FBI still deciding whether to allow review of San Bernardino iPhone exploit

The FBI has yet to decide whether an exploit used to crack the iPhone of San Bernardino shooter Syed Rizwan Farook will even be reviewed for possible disclosure, agency director James Comey said on Tuesday.

The agency is "in the midst of trying to sort that out," Comey told the audience at an event hosted by Georgetown University, Reuters reported. There is a White House group that reviews flaws discovered by the U.S. government and decides whether they should be shared with the public, but Comey suggested that the exploit used on Farook's phone might not qualify.

"The threshold is, are we aware of the vulnerability," Comey explained, "or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?"

The problem is that the FBI obtained help from a third party, paying over $1.34 million for it. That party has so far been kept secret, though reports have suggested it was either a hacker group or a dedicated forensics firm, Cellebrite.

In the latter case, Cellebrite may have simply provided its software and/or equipment, leaving the FBI ignorant of the actual vulnerability involved. If the agency paid for information, it would be aware of the exploit and possibly in a position to share details. Any use of proprietary private technology would likely force the FBI and/or the White House to keep things secret.

Apple has previously asked for the exploit's details, concerned about potential detours in its security. The technique is not believed to work on more recent iOS devices with Touch ID, however.



4 Comments

rob53 13 Years · 3312 comments

Has anyone said under oath whether Cellebrite was used or a regular hacker? Reuters article says "Sources have told Reuters the technology used to access the phone data was supplied by a non-U.S. company." This doesn't mean anything. As for the doublespeak, I don't care whether Comey feels the flaw should be disclosed or not. He works for the US government and taxpayers pay his salary. As a taxpayer, I demand he at least tell Apple, under oath, how the iPhone was hacked. At Comey has previously said, nobody is above the law, including him and the Justice Department. It's about time Comey is brought before a non-FBI judge and ordered to tell the truth. He can't plead the 5th because this doesn't implicate him, it implicates the FBI. We want transparency, we want the truth, not a bunch of "sources" or anonymous persons or this news bureau says one thing while another says something else. We want it directly from Comey.

VisualSeed 8 Years · 217 comments

I would be interested in knowing (though don't expect to ever) if they had already hacked the phone prior to seeking the warrant. Also in the New York case I could almost imagine they had the password from the friend or family member long ago. I just don't find it credible that they came forward with it in the 11th hour before the case was to proceed. I guess what I'm getting at is, did the FBI lie in order to get the warrants?

MisterKit 8 Years · 514 comments

My first thought is that whatever information the FBI makes public is a smokescreen at best and entrapment for innocent people at worst.

NemWan 8 Years · 118 comments

I suppose nothing is stopping the mercenaries they hired from selling the same hack to U.S. adversaries or criminals? If we're talking about a hack that is in the wild, not a proprietary FBI technique, the FBI's obligation is to protect American iPhone users by helping Apple to patch it.