FBI says San Bernardino iPhone hack won't be submitted to review group for possible disclosure
The FBI will not be submitting the exploit used to hack into the iPhone of San Bernardino shooter Syed Rizwan Farook to a review process that could clear it for sharing with outside parties, a report said on Wednesday.
When the FBI paid a third party to help unlock the phone, it didn't acquire the rights to the technical details involved in the process, said the FBI's executive assistant director for science and technology, Amy Hess, according to Reuters. As a result, Hess said the agency doesn't "have enough technical information about any vulnerability" that could be considered for release.
Just yesterday, FBI director James Comey said that the agency was still deciding whether it could submit the exploit. The review group, associated with the White House, exists to decide whether cybersecurity flaws uncovered by U.S. government agencies should be shared with entities like corporations or even other internal organizations.
Hess' statement may support one set of rumors pointing to the third party being a dedicated forensics firm, possibly Cellebrite. One report suggested it was a hacker group, in which case the FBI might simply have paid for knowledge of a zero-day exploit.
Apple has previously asked for details on the exploit, but today's decision likely means the information will remain secret, unless the company can devise a legal challenge.
Regardless, any threat to the public may be minimal. Farook owned an iPhone 5c, one of the last major iOS devices without Touch ID. Products with that technology are believed to be immune to the technique the FBI employed, thanks to their Secure Enclaves.