FBI Used Security Flaw Found by Professional Hackers to Crack Shooter’s iPhone 5c

Shortly after the FBI’s surprise announcement that it had managed to crack the iPhone 5c used by one of the San Bernardino shooters, reports suggested it was Cellebrite who had bypassed the iPhone’s security. Sources speaking with The Washington Post say, however, that the FBI cracked the iPhone used by Syed Farook with the help of “professional hackers” dubbed as “grey hats”, who uncovered and “brought to the bureau at least one previously unknown software flaw.”

The information was used to create hardware to help the FBI bypass iOS’ built-in security without erasing all the data on the iPhone. These researchers typically keep a low profile and specialize in hunting for vulnerabilities in software and, in certain scenarios, sell them to the US government. For this specific case, they were paid a one-time flat fee, according to The Washington Post’s sources.

This report shifts media attention from Cellebrite, whose parent company, the Japanese Sun, has seen its stock price rise after the FBI’s announcement and surrounding media reports, with the majority pointing to them as the service provider who solved the issue. The bureau did not need Cellebrite’s services in this case.

The government has yet to decide whether it will disclose the security flaw it used to crack iOS’ security open, but, as FBI director James Comey said in an earlier interview with CNN, the tool used in this specific case works only on a “narrow slice of phones.”