Washington Post: Who the FBI got to unlock the San Bernardino shooter’s iPhone

Written by

Washington Post:

The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.

At the time, the general consensus was that the FBI was using an Israeli security firm, well known for this sort of smartphone break-in.

Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter.

And:

The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning of Azimuth’s role — through a different court case, one that has nothing to do with unlocking a terrorist’s device.

And:

Apple has a tense relationship with security research firms. Wilder said the company believes researchers should disclose all vulnerabilities to Apple so that the company can more quickly fix them. Doing so would help preserve its reputation as having secure devices.

And:

But many security researchers say it’s legitimate to sell these flaws to democratic governments. And the ability of government agencies to unlock iPhones has also spared Apple from direct conflict with these governments. For instance, by unlocking the terrorist’s iPhone, some say, Azimuth came to Apple’s rescue by ending a case that could have led to a court-ordered back door to the iPhone.

I do think it’s true that this solution took the heat off Apple, turned down the dial on Congress’ efforts to force Apple to create a backdoor to the iPhone. But as has been proven time and time again, there’s just no way a back door created for law enforcement would not end up in the hands of black hat hackers.

I do agree with Apple’s take, that researchers should disclose all vulnerabilities to Apple so they can release patches.

The Washington Post story is a fascinating read. Here’s a link to the Apple News version of the article.