New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

FBI Plans to Keep iPhone Hacking Method Secret [Update: Confirmed]

The United States Federal Bureau of Investigation will keep the method that it used to hack into the iPhone used by San Bernardino shooter Syed Farook a secret, reports The Wall Street Journal. Citing sources with knowledge of the FBI's plans, the report suggests the FBI will tell the White House that an internal government review does not make sense because it "knows so little" about the hacking tool that was employed.

A government review under the U.S. Vulnerabilities Equities Process, which allows federal agencies to determine whether or not critical security flaws should be shared with companies, would potentially lead to an order to disclose the security vulnerability to Apple. Without a review, Apple may not find out how the iPhone was breached.

applefbi
The decision, and the technical and bureaucratic justification behind it, would likely keep Apple in the dark about whatever security gap exists on certain models of the company's phones, according to people familiar with the discussions.
The Wall Street Journal's report comes following a statement made by FBI Director James Comey at a cybersecurity event in Washington D.C., which was shared by Reuters. According to Comey, the FBI is still in the process of determining whether or not a government review should move forward.
"We are in the midst of trying to sort that out," Comey said. "The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?"

"We are close to a resolution," he added at a cybersecurity event at Georgetown University in Washington, D.C.
Sources that spoke to Reuters say the Vulnerabilities Equities Process is not set up to handle flaws that are discovered and owned by private companies, with Comey's statement suggesting the FBI does not own the method used to hack the iPhone.

To break into Farook's iPhone 5c, the FBI employed the help of "professional hackers," paying upwards of $1.3 million for a tool exploiting a security vulnerability. While Apple would like details on the flaw so a fix can be implemented, the FBI can keep using the vulnerability so long as it remains unpatched.

The FBI has said the method used to break into the iPhone 5c does not work on the iPhone 5s and later, but it can be used to access iPhone 5c devices running iOS 9.

Update 4/27: In a statement shared by The New York Times, the FBI has confirmed that it will not give Apple details on the hacking method used to break into the iPhone.
"The F.B.I. purchased the method from an outside party so that we could unlock the San Bernardino device," Amy S. Hess, executive assistant director for science and technology, said in a statement.

"We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review" by the White House examiners, she said.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)

46 months ago
I see they are following the playbook once again.
Rule Number One; Do as I say, not as I do...
Rating: 10 Votes
46 months ago
Translation: we realised that all we had to do was swipe to the right. There was no passcode.
Rating: 9 Votes
46 months ago

Agree, the whole thing was mishandled and primarily by Apple. Coupled with a possible quarterly revenue decline for the first time in what seems like forever, this suspicion of Apple not knowing how the FBI cracked the phone is bad news in Cupertino.

I think Apple has handled this situation fine.

The US Government now has access to a vulnerability in an older model iPhone that Apple no longer sells. Apple "failed" to make this device safe from being hacked in this way. But their failure was something they did years ago, and not something they could have fixed on this particular phone. On top of that Apple already knew that the architecture of this phone's hardware was vulnerable. Newer iPhones have a different security architecture.

From my perspective, Apple's goal in this case was not to keep the FBI out of the iPhone 5C. If the vulnerability existed, no amount of press conferences, interviews, or even furious coding on Apple's part would have made a difference.

Apple's goal in this case was to prevent the government from legally forcing Apple to find and exploit the vulnerability. So far, the government has backed down.

Apple's primary ongoing security goal is to keep Apple's customers' data safe from attack, even by experts who know the system. They are continuing along that path.

The longer Apple can keep the government from getting a legal precedent that keeps Apple from pursuing its primary security goal, the safer Apple's customers' data will be.
Rating: 7 Votes
46 months ago
Fbi is a joke. They try to make a point and it means nothing. Salut
Rating: 7 Votes
46 months ago
The FBI will keep it secret... the same FBI from an administration that said we could keep our doctors and health care plans... look how well that worked...
Rating: 5 Votes
46 months ago
Their plans will fail. The hack will become public at some point.
Rating: 4 Votes
46 months ago
It doesn't matter, A7 and up isn't vulnerable anyway.
Rating: 3 Votes
46 months ago

Their plans will fail. The hack will become public at some point.


Had Apple helped, they'd always know where the hole was and could do things to patch it. Now all they know is there's a hole in the ecosystem and no telling if it'll ever be revealed until there's another "fappening" times 10


It doesn't matter, A7 and up isn't vulnerable anyway.


You don't believe that....
Rating: 3 Votes
46 months ago

At least after the lawsuit from 2010. Prior to then Apple didn't care one jot if apps sent or sold customer data without their knowledge or consent. Apple still only cares about how it can profit from your data. That's all it cares about. Otherwise Apple would have done something about that "flaw" in the first place, Apple is so full of geniuses it seems impossible they could overlook something so obvious, surely?

I agree, for the first few years of iPhone, Apple was focused more on functionality than security.

I for one will never buy another iPhone 3G again.
Rating: 3 Votes
46 months ago
Jerks.
Rating: 3 Votes

[ Read All Comments ]