You are using an outdated browser. Please upgrade your browser to improve your experience.

FBI used 'pro hackers' to get into the San Bernardino iPhone 5c

One member of the group sells security flaws on the black market, as well as to other groups
April 13, 2016

Before now, we'd heard that the FBI had called on an Israeli firm called Cellebrite to hack into the San Bernardino suspect's iPhone 5c (the one Apple refused to create an iOS backdoor for). However, according to a recent report, the U.S. government instead called on a group of “professional hackers” in order to compromise the handset.

The news comes from The Washington Post, which explains that according to people “familiar with the matter,” the group of pro hackers were indeed called on by the FBI, and brought the bureau “at least one previously unknown security flaw.”

The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

These individuals were paid “a one-time flat fee” for the solution, the article adds.

This isn't an ethically sound solution, mind you. As The Washington Post adds, at least one of the group of hackers employed by the FBI is a so-called “gray hat” hacker. This group of individuals are made up of researchers who sell flaws to governments or companies to make surveillance tools. These tools might be used to track down criminals, or, on the other hand, they could be used by a government to spy on its own people.

At present, Apple doesn't know about the security flaw uncovered by the FBI. And Cupertino has added that it's not going to sue the bureau to gain the information, either. Instead, it's leaving the decision up to the FBI: the bureau needs to decide if it'd like to share the security flaw with Apple in order for it to be corrected through a software release, or hold on to the flaw and leave Apple in the dark.

Of course, iPhone 5c handsets remain at risk until this security risk has been patched. We'll keep you posted with further information as we receive it.