FBI Went to 'Gray Hat Hackers' for Zero-Day Exploit to Open San Bernardino iPhone

[dgstorm]

The truth has finally been revealed regarding how the FBI was able to crack into the San Bernardino shooter's iPhone C. Apparently, the DOJ (Department of Justice) found some "Gray Hat" hackers who sold them a zero-day exploit to break into the device.

This exploit basically allowed the FBI to create a piece of hardware that took advantage of a security vulnerability. This newly created hardware let the FBI guess the passcode through multiple attempts without erasing the iPhone. This solution only works on older Apple devices. Apple devices starting with the iPhone 5S and newer are not affected by this vulnerability.

The DOJ is weighing whether or not it will share this exploit with Apple. Here's a quote with a few more details,

"If the government shares data on the flaws with Apple, “they’re going to fix it and then we’re back where we started from,” Comey said last week in a discussion at Ohio’s Kenyon College. Nonetheless, he said Monday in Miami, “we’re considering whether to make that disclosure or not.”

The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find. It could be weeks before the FBI’s case is reviewed, officials said. The policy calls for a flaw to be submitted to the process for consideration if it is “newly discovered and not publicly known.”

“When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White House cybersecurity coordinator Michael Daniel said in an October 2014 interview, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”

But, he added, “we do have an intelligence and national security mission that we have to carry out. That is a factor that we weigh in making our decisions.” ~ Washington Post

According to additional reports, Apple has decided not to sue the DOJ to obtain the details of the exploit. More than likely, Apple already knows about it, and doesn't consider it worth pursing since it only affects older iPhones.

A better question is... how do you feel about the government specifically paying for help from a "gray hat" hacker?

 

[xeene]

Not the first time and not the last time. Doesn't bother me one bit, I don't plan on going on a killing spree any time soon.

 

[IIGood]

There will always be a way around things. With every new "patch" it's just gonna make the hackers work harder.

 

[wicked]

Not the first time and not the last time. Doesn't bother me one bit, I don't plan on going on a killing spree any time soon.

Exactly.

 

[mountainbikermark]

I've always believed those that make the viruses and stuff are the same ones that make the fixes and patches so it's nothing new in my tin hat world.
What I do find disturbing is the possibility of not sharing the exploit with Apple. What no federal employees , mistresses of federal employees, etc use older Apple phones ? Who they gonna blame if something of national security importance shows up publicly because they didn't give Apple a chance to patch it up?

Support Our Troops!!!
Beast Mode 4
<><

 

[Mustang02]

There will always be a way around things. With every new "patch" it's just gonna make the hackers work harder.

Not really. When developers fix one exploit they usually create another. Comes with the territory.

Sent from my Nexus 5X using Tapatalk

 

[IIGood]

Not really. When developers fix one exploit they usually create another. Comes with the territory.

Yeah, that's pretty much what I was getting at. You said it more clearly.

 

[johnomaz]

So like one of these things? IP-BOX APPLE iPAD & iPHONE 2G 3G 4 4S 5 5C 5S iOS8.1 PASSWORD UNLOCK TOOL IPBOX They've been around a while.

 

[chevycam94]

If they share it with Apple, then they lose their backdoor when they DO need it. That's like shooting themselves in the face. If it were impossible to get into criminals phones, especially when it comes to national security, then your really just LETTING the criminals win. You need to have a way to get information from those people that commit crimes (and hence, give up their rights).

 

[mountainbikermark]

If they share it with Apple, then they lose their backdoor when they DO need it. That's like shooting themselves in the face. If it were impossible to get into criminals phones, especially when it comes to national security, then your really just LETTING the criminals win. You need to have a way to get information from those people that commit crimes (and hence, give up their rights).

While I agree with you in the "it'd protect criminals" sense it still goes back to the government deciding what freedoms are allowed in an atmosphere where the government has shown its willing bias as to the definition of freedom.

Support Our Troops!!!
Beast Mode 4
<><

 

[chevycam94]

There's has to be control somewhere. Some of you might not like it, but it is necessary. Can you imagine what would happen if there were no control, and criminals could get away with keeping all their secrets?

 

[cr6]

There's has to be control somewhere. Some of you might not like it, but it is necessary.

That goes both ways. Govt agencies have a terrible track record of abusing their power.



S5 tap'n

 

[Efin]

That goes both ways. Govt agencies have a terrible track record of abusing their power.



S5 tap'n

You mean they're not honest with us?...

There will be no honest resolution from the Gov't, and some OS patch in the future will or has fixed the vulnerability.

Sent from my SM-G920V using Tapatalk

 

[chevycam94]

Just because some of the non-government people complain, does make what the government does, completely wrong. People might not like it, but it rely is for their own safety and protection.

 

[mountainbikermark]

Support Our Troops!!!
Beast Mode 4
<><