The Slatest

FBI Paid Hackers to Expose Unknown Apple Vulnerability to Crack San Bernardino iPhone

The FBI went to the dark side for help; now it’s not so sure it want to tell Apple what it found.

Spencer Platt/Getty Images

After the FBI’s brief legal standoff with Apple over access to one of the San Bernardino shooters’ iPhones, the FBI managed to finagle its way into the locked phone and get the data it needed without Apple’s help. But how did it manage to do it? FBI Director James Comey has publicly hinted in the vaguest possible terms how the agency managed to get into Syed Farook’s phone. On Tuesday, the Washington Post filled in a number of the blanks, reporting the FBI hired professional hackers on a fee-for-service basis who exploited a previously unknown software flaw.

Here’s more from the Post:

The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said… Cracking the four-digit PIN, which the FBI had estimated would take 26 minutes, was not the hard part for the bureau. The challenge from the beginning was disabling a feature on the phone that wipes data stored on the device after 10 incorrect tries at guessing the code. A second feature also steadily increases the time allowed between attempts.

“The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group,” according to the Post. “Apple said last week that it would not sue the government to gain access to the solution.” Part of the reason for that, presumably, is that the vulnerability has restricted reach and increasingly diminishing returns; it can only be used on iPhone 5Cs running the iOS 9 operating system. Either way, it is slightly unsettling to know that the U.S. government would rather you get hacked than give up the secret sauce so it can reserve the right to hack you too, if need be. We’re all digital piñatas really.