How Did FBI Crack That Phone? They Paid Hackers
'Gray hats' discovered iPhone security hole
By Rob Quinn,  Newser Staff
Posted Apr 13, 2016 1:04 AM CDT
Updated Apr 13, 2016 5:03 AM CDT
A man holds out his iPhone during a rally in support of data privacy outside the Apple store in San Francisco earlier this year.   (AP Photo/Eric Risberg)
camera-icon View 1 more image

(Newser) – To get into the locked iPhone of San Bernardino gunman Syed Rizwan Farook, the FBI apparently did something Apple never does: give money to hackers. Sources tell the Washington Post that the agency avoided a legal battle with Apple by paying a group of so-called "gray hat" hackers who had discovered a previously unknown software flaw. The sources say the hackers, who were paid a one-off fee for their help, supplied information that allowed the FBI to disable a security feature that would have wiped data from the phone after 10 incorrect attempts to guess the four-digit PIN. The Israeli firm Cellebrite was not involved, contrary to earlier reports, the sources say.

Disabling the security feature is a big deal because a four-digit PIN alone could be cracked within hours by trying all 10,000 possible combinations, TechCrunch notes. The security hole, known as a "zero-day exploit," only works on iPhone 5Cs running IOS9, according to FBI Director James Comey. Apple has said it isn't going to sue the FBI to try to discover the vulnerability. Comey says the FBI is still considering whether to disclose the flaw to Apple, which he admits would leave the agency "back where we started from." Federal officials say that as in similar cases, the security hole will go through a review process while disclosure is considered. (The FBI has agreed to hack an iPhone involved in an Arkansas murder case.)