FBI Went to 'Gray Hat Hackers' for Zero-Day Exploit to Open San Bernardino iPhone

Discussion in 'Android News' started by dgstorm, Apr 13, 2016.

  1. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    [​IMG]

    The truth has finally been revealed regarding how the FBI was able to crack into the San Bernardino shooter's iPhone C. Apparently, the DOJ (Department of Justice) found some "Gray Hat" hackers who sold them a zero-day exploit to break into the device.

    This exploit basically allowed the FBI to create a piece of hardware that took advantage of a security vulnerability. This newly created hardware let the FBI guess the passcode through multiple attempts without erasing the iPhone. This solution only works on older Apple devices. Apple devices starting with the iPhone 5S and newer are not affected by this vulnerability.

    The DOJ is weighing whether or not it will share this exploit with Apple. Here's a quote with a few more details,

    "If the government shares data on the flaws with Apple, “they’re going to fix it and then we’re back where we started from,” Comey said last week in a discussion at Ohio’s Kenyon College. Nonetheless, he said Monday in Miami, “we’re considering whether to make that disclosure or not.”

    The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find. It could be weeks before the FBI’s case is reviewed, officials said. The policy calls for a flaw to be submitted to the process for consideration if it is “newly discovered and not publicly known.”

    “When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White House cybersecurity coordinator Michael Daniel said in an October 2014 interview, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”

    But, he added, “we do have an intelligence and national security mission that we have to carry out. That is a factor that we weigh in making our decisions.” ~ Washington Post

    According to additional reports, Apple has decided not to sue the DOJ to obtain the details of the exploit. More than likely, Apple already knows about it, and doesn't consider it worth pursing since it only affects older iPhones.

    A better question is... how do you feel about the government specifically paying for help from a "gray hat" hacker?
     
  2. xeene

    xeene Gold Member

    Joined:
    Jun 28, 2010
    Messages:
    3,109
    Likes Received:
    907
    Trophy Points:
    208
    Location:
    usa
    Ratings:
    +1,045
    Not the first time and not the last time. Doesn't bother me one bit, I don't plan on going on a killing spree any time soon.
     
    • Like Like x 3
  3. IIGood

    IIGood Silver Member

    Joined:
    Jul 13, 2010
    Messages:
    707
    Likes Received:
    256
    Trophy Points:
    163
    Location:
    Arnold, MD
    Ratings:
    +287
    Current Phone Model:
    Galaxy S6
    There will always be a way around things. With every new "patch" it's just gonna make the hackers work harder.
     
    • Agree Agree x 1
  4. wicked

    wicked Administrator
    Staff Member Premium Member

    Joined:
    Oct 11, 2010
    Messages:
    5,321
    Likes Received:
    1,527
    Trophy Points:
    273
    Location:
    San Jose, CA
    Ratings:
    +1,729
    Current Phone Model:
    Pixel XL
    Twitter:
    @MikeAlvez
    Exactly.
     
    • Like Like x 2
  5. mountainbikermark

    mountainbikermark Super Moderator
    Staff Member Premium Member

    Joined:
    Sep 5, 2010
    Messages:
    7,455
    Likes Received:
    3,886
    Trophy Points:
    1,563
    Ratings:
    +4,348
    I've always believed those that make the viruses and stuff are the same ones that make the fixes and patches so it's nothing new in my tin hat world.
    What I do find disturbing is the possibility of not sharing the exploit with Apple. What no federal employees , mistresses of federal employees, etc use older Apple phones ? Who they gonna blame if something of national security importance shows up publicly because they didn't give Apple a chance to patch it up?

    Support Our Troops!!!
    Beast Mode 4
    <><
     
    • Like Like x 1
  6. Mustang02

    Mustang02 Diamond Member

    Joined:
    Aug 8, 2010
    Messages:
    7,624
    Likes Received:
    5,114
    Trophy Points:
    1,563
    Location:
    Ohio
    Ratings:
    +6,072
    Current Phone Model:
    Nexus 6P/5X
    Not really. When developers fix one exploit they usually create another. Comes with the territory.

    Sent from my Nexus 5X using Tapatalk
     
    • Agree Agree x 1
  7. IIGood

    IIGood Silver Member

    Joined:
    Jul 13, 2010
    Messages:
    707
    Likes Received:
    256
    Trophy Points:
    163
    Location:
    Arnold, MD
    Ratings:
    +287
    Current Phone Model:
    Galaxy S6
    Yeah, that's pretty much what I was getting at. You said it more clearly. :)
     
  8. johnomaz

    johnomaz Silver Member

    Joined:
    Jul 12, 2010
    Messages:
    3,181
    Likes Received:
    633
    Trophy Points:
    178
    Location:
    Central Valley, California
    Ratings:
    +771
    Current Phone Model:
    Google Pixel 2XL
  9. chevycam94

    chevycam94 SteelDroid ROM / Cortex ROM Developer
    Developer

    Joined:
    May 12, 2010
    Messages:
    1,616
    Likes Received:
    196
    Trophy Points:
    108
    Location:
    Central Ohio
    Ratings:
    +222
    Current Phone Model:
    Nexus 6P, VZW Note Edge, D1
    If they share it with Apple, then they lose their backdoor when they DO need it. That's like shooting themselves in the face. If it were impossible to get into criminals phones, especially when it comes to national security, then your really just LETTING the criminals win. You need to have a way to get information from those people that commit crimes (and hence, give up their rights).
     
  10. mountainbikermark

    mountainbikermark Super Moderator
    Staff Member Premium Member

    Joined:
    Sep 5, 2010
    Messages:
    7,455
    Likes Received:
    3,886
    Trophy Points:
    1,563
    Ratings:
    +4,348
    While I agree with you in the "it'd protect criminals" sense it still goes back to the government deciding what freedoms are allowed in an atmosphere where the government has shown its willing bias as to the definition of freedom.

    Support Our Troops!!!
    Beast Mode 4
    <><
     
    • Like Like x 1
  11. chevycam94

    chevycam94 SteelDroid ROM / Cortex ROM Developer
    Developer

    Joined:
    May 12, 2010
    Messages:
    1,616
    Likes Received:
    196
    Trophy Points:
    108
    Location:
    Central Ohio
    Ratings:
    +222
    Current Phone Model:
    Nexus 6P, VZW Note Edge, D1
    There's has to be control somewhere. Some of you might not like it, but it is necessary. Can you imagine what would happen if there were no control, and criminals could get away with keeping all their secrets?
     
  12. cr6

    cr6 Super Moderator
    Staff Member

    Joined:
    Apr 1, 2011
    Messages:
    8,371
    Likes Received:
    5,883
    Trophy Points:
    1,778
    Location:
    NW Rocky Mtn region
    Ratings:
    +6,714
    Current Phone Model:
    Galaxy S7 Edge
    Twitter:
    @dronewolfmedia
    That goes both ways. Govt agencies have a terrible track record of abusing their power.



    S5 tap'n
     
    • Like Like x 3
Search tags for this page

gray hat pic