A zero-day software flaw is the kind of security issue tech companies fear most. These are unknown bugs that hackers can use to enter devices, websites, computer networks, and other internet services and products, for malicious purposes. It appears that one such attack was used recently to hack the San Bernardino iPhone, a new report shows. In fact, it looks like everything we thought we knew about the way the FBI breached the iPhone, without requiring Apple’s assistance, may be inaccurate.
While Israeli forensics company Cellebrite was the principal suspect for unlocking the San Bernardino iPhone, the Washington Post says that the FBI paid professional hackers a one-time fee to get into the iPhone. It appears that Cellebrite wasn’t needed for this hack, though circumstantial evidence suggested the firm was responsible for the achievement.
These unknown hackers discovered at least one previously unknown software flaw, or zero-day, and brought it to the attention of the Bureau.
The flaw was used to create a piece of hardware that helped the agency crack the four-digit iPhone PIN without triggering the security feature that could have erased everything on the device.
At least one of the people who helped the FBI crack the iPhone is known as a “grey hat” hacker, the kind of security researcher who would sell zero-day hacks to governments or companies.
The U.S. government has not decided whether to disclose the hack to Apple, and a decision would be probably made by the White House.
The FBI said the tool it used has a limited scope, as it only works on a small number of devices, and does not apply to the iPhone 5s or newer handsets. The intelligence agency is still pursuing a similar case against Apple, where an iPhone 5s belonging to a drug trafficker is involved.