FBI Can't Reveal Exploit Used to Unlock San Bernardino Shooter's iPhone

[MacRumors]

The unidentified group that assisted the FBI in unlocking the San Bernardino shooter's iPhone has sole legal ownership of the exploit, making it highly unlikely to be shared with Apple, U.S. administration sources have revealed.

According to a report published by Reuters yesterday, the White House routinely reviews technology security flaws as part of its Vulnerabilities Equities Process to decide which ones should be made public, but it does not reveal flaws discovered or owned by private organizations without their explicit cooperation.

Initial rumors had suggested the FBI received assistance from Israeli mobile forensics firm Cellebrite to hack the phone, but more recent information suggests the group involved consisted of "professional hackers" who sell flaws to governments, black market groups, or companies that create surveillance tools.

The FBI itself likely does not know the details of the technique, only simply that it worked, according to government sources and Rob Knake, who managed the Vulnerabilities Equities Process before leaving the White House last year.

The news is being seen as a blow to Apple, which has sought information regarding the exploit used by the FBI to unlock suspected terrorist Syed Farook's iPhone in the hope of fixing it before it can be used by criminals. Previously FBI director James Comey had said the government was contemplating the pros and cons of looping Apple in on the situation.

In a separate report published by CBS News yesterday, a law enforcement source revealed that the data successfully extracted from Farook's iPhone has yet to reveal any information relevant to the FBI investigation. However, the source stressed that the bureau continues to analyze the extracted data in the hope that something of significance will yet be discovered.

After a very public legal battle in which the FBI obtained a court order demanding Apple help the government unlock the iPhone used by Farook, the Justice Department dropped the lawsuit after announcing it had found an alternate method to gain access to the phone's data.

Comey has since said the exploit only works on a "narrow slice of phones", which does not include models of the iPhone 5s and after.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: FBI Can't Reveal Exploit Used to Unlock San Bernardino Shooter's iPhone

 

[markfc]

All those teenagers with iPhone 5c's must be crapping themselves ;-)

 

[soupcan]

Surprise surprise.

 

[0007776]

The FBI itself likely does not know the details of the technique, only simply that it worked, according to government sources and Rob Knake, who managed the Vulnerabilities Equities Process before leaving the White House last year.

If it is true that they were briefing senators on the technique then they know how to do it. And as for not revealing the technique I can't imagine that a competent defense lawyer can't force them to reveal it to prove that incriminating data wasn't added to the phone in the process if it is ever used in a case that comes to trial. Also I would think if they try to force Apple to create a backdoor again Apple could get a judge to make them reveal the technique so their engineers can be sure that it doesn't work on whatever version of the phone they want a backdoor to.

 

[tito2020]

Will be patched when it gets out

 

[Stella]

FBI are under no obligation to reveal how the phone was hacked. Also it's in their best interest not to either so the vulnerability remains for as long as possible.

 

[apolloa]

So stating the blindingly obvious on this topic is now front page news? This news bot or whatever this site is using is rubbish, I've read loads of other Apple stories that were never on this site elsewhere.

 

[JosephAW]

This is just a smoke screen. They figured out the guys password. It was password.

 

[Dilster3k]

Something seems so off about this whole thing. The way the trial got delayed and then cancelled, how the method is kept under wraps, and even more reports saying that the content on the phone has been deemed irrelevant as well, apparently. As far as we know they may have not even gotten into the phone and it's all just a bluff.

 

[Gymgenius]

How can someone have legal ownership of an exploit?

That's like me saying I have legal ownership of 'smashing a window with a hammer to break it'.

 

[Porco]

"Can't"

or

'FBI *Chooses Not to* Reveal Exploit Used to Unlock San Bernardino Shooter's iPhone'

?

 

[2010mini]

How can someone have legal ownership of an exploit?

That's like me saying I have legal ownership of 'smashing a window with a hammer to break it'.

Because it's unique

 

[ChristianVirtual]

Apple can ask nicely but I would not expect any answer. That's eventually Apples job to think how it was done and patch it.

As a Jedi would say: "Use the source, Luke"

 

[b0nd18t]

So the FBI is essentially turning apples own defense tactic against them. Saying they "don't know" how to access the phone so their hands are tied. Well played FBI.

 

[Aluminum213]

Apple didn't cooperate with FBI, FBI now won't cooperate with Apple


Shocking

 

[NT1440]

FBI won't say anything, purely because it would cast sunshine on the grey industry of shopping around exploits in common software (windows/Mac/iOS/Android/etc.) to private companies and law enforcement/regimes around the world.

 

[peterh988]

So the FBI is essentially turning apples own defense tactic against them. Saying they "don't know" how to access the phone so their hands are tied. Well played FBI.

Or, a smart move, knowing they wouldn't get any help from the FBI, they have ammunition the next time they come calling saying, "You wouldn't help us, why should we help you?"

 

[TonyC28]

This sounds like something from an episode of The Blacklist. They say these groups "sell" the flaws they find but a more appropriate way to put it would be that they hold them for ransom. I'm curious to know how much taxpayer money was used by our government to support this criminal group.

 

[JM]

This is just a smoke screen. They figured out the guys password. It was password.

Busy terrorists have to make a quick password: 0000
[doublepost=1460637326][/doublepost]

How can someone have legal ownership of an exploit?

That's like me saying I have legal ownership of 'smashing a window with a hammer to break it'.

Depends on what kind of hammer you're using. Rock hammer.... Carpenter's hammer...... MC hammer.....
[doublepost=1460637431][/doublepost]

Apple can ask nicely but I would not expect any answer. That's eventually Apples job to think how it was done and patch it.

As a Jedi would say: "Use the source, Luke"

What movie did you watch?

 

[teslo]

i remember hearing how the FBI would be compelled by federal law to provide the info based on requirements for evidence.. so that's not the case here?? i mean, apple's T&Cs probably won't cut it against our government's orwellian position as 'untouchable' regarding anything 'terrorism' related, but one would figure there's something in place which the FBI would have to push back against...

if they DON'T provide the methods used, how would the evidence hold up in court? just trusting a screen readout or printed version of the contents of the phone? who else gets to physically look in this phone, just the DA/Judge?

 

[bstpierre]

i remember hearing how the FBI would be compelled by federal law to provide the info based on requirements for evidence.. so that's not the case here?? i mean, apple's T&Cs probably won't cut it against our government's orwellian position as 'untouchable' regarding anything 'terrorism' related, but one would figure there's something in place which the FBI would have to push back against...

if they DON'T provide the methods used, how would the evidence hold up in court? just trusting a screen readout or printed version of the contents of the phone? who else gets to physically look in this phone, just the DA/Judge?

The defendants are dead. There is no court proceedings against them. The FBI is looking for possible links to co-conspiritors. If they find any they have two options: (1) Use the evidence found on the phone (if it is strong enough) and then it will be subject to court scrutiny or (2) Look for other evidence related to the identified co-conspiritors and use that evidence in court.

 

[Tech198]

whats so "legal" rights about an exploit ?

Somene may have come up with it, but this isn't exactly a programming language here... its an exploit.... They shouldn't be kept to themselves...

Now, be a good boy wittle boy and hand it over.

 

[tennisproha]

How can someone have legal ownership of an exploit?

That's like me saying I have legal ownership of 'smashing a window with a hammer to break it'.

Except smashing a window sets off the alarm. They broke in without any sign of entry, which would be a proprietary method.
[doublepost=1460650559][/doublepost]It's likely Apple has some idea of the vulnerabilities of that device and could probably take a guess to within a ballpark on how they broke in. They made the device for crying out loud, it's not likely Apple would be clueless.

 

[Gasu E.]

This is just a smoke screen. They figured out the guys password. It was password.

Actually, it was "tErr0r!st1234".

 

[PinkyMacGodess]

I find it rather distressing to think that you government is siding with hackers and, in far too many cases, using 'zero day' exploits on US, We The People.

The FBI used contracted malware to spy on an 'animal welfare group'.

Which friends like them...