As a response to Apple’s resistance towards creating software that would allow the FBI to hack into any iPhone, the federal borough of investigation has bought similar software from a third party hacker.
The US government paid $1m for the mechanism to unlock the phone of the Sanberardino shooter as part of their investigation. The unlocking mechanism has been reported to have worked on the shooter’s iPhone 5C.
Insecurity is being voiced about the ethics of the FBI having such a tool and raises the question, could your phone be hacked as well? As far as we know, the hack is able to unlock any iPhone 5C running IOS 9 or older.
Apple has said that creating a backdoor into the data stored on iPhones would jeopardize security by making it much easier for cyber criminals to access your iPhone’s data.
The FBI has clarified that the hack cannot be used to break into iPhones running newer versions of IOS such as iPohne 5S or newer. This does, however, mean that all iPhone 5C, iPhone 5, 4S, and older are susceptible to the FBI’s hacking software.
The architects of the hacking software are said to be professional security experts. This undisclosed third party locates software vulnerabilities by probing so-called zero-day flaws in the iPhone’s security. From there they were able to create a mechanism that exploits these weaknesses which were then bought by the FBI.
This hacking process allows the FBI to circumvent the iPhone’s lock screen and automatic data wipe feature that normally engages after 10 incorrect passcode entries.
The security exploits which were used to create the FBI’s hacking mechanism have not been publicly disclosed. The FBI also claim to have no knowledge of the specifics of how the hacking mechanism works to gain access to the phone’s data. However, there has been no definitive evidence on whether this hacking mechanism has also been sold to parties other than the FBI.
We do know that the specifics of the hacking mechanism have not been disclosed to Apple because that would render the mechanism obsolete after Apple software developers fix the zero-day flaw. However, that information may become public if required in a criminal case under the rules of discovery.