An Australian company helped the FBI crack the San Bernardino iPhone; here’s how

Technology

The question of who cracked the San Bernardino iPhone and how they did it has been shrouded in mystery for years, but a new report has revealed the truth: it was an Australian security firm called Azimuth Security using a Lightning Port exploit.

To recap, the iPhone 5c in question belonged to Syed Rizwan Farook, one of the two shooters from an attack at the Inland Regional Center in San Bernardino, California, on December 2, 2015, in which 14 people died. Both perpetrators were killed by law enforcement, but it was hoped that Farook’s handset would reveal new information, such as a possible third accomplice. Unfortunately, it was locked, and an iOS 9 feature ensured all its data would be erased if the wrong passcode was entered ten times.

The FBI wanted Apple’s help in unlocking the device. The company refused, with Tim Cook highlighting the dangers of creating a backdoor. The situation led to a nationwide privacy vs. security debate and court orders. Eventually, the feds used outside help to break into the phone, which was found to contain no useful information.

It’s long been suspected that Israeli firm Cellebrite was the unnamed helper, but The Washington Post writes that it was actually Azimuth Security. Company founder Mark Dowd discovered a flaw in an open-source upstream software module written by Mozilla, adopted by Apple to enable the use of accessories with the iPhone’s Lightning port.

Azimuth researcher David Wang used the exploit to gain initial access before chaining two more exploits to secure complete control over the processor. It was then a matter of utilizing software to guess multiple passcode combinations without the risk of erasing the data.

Mozilla rolled out an update that fixed the exploit a month or two later, with Apple applying the code to its devices.

In 2017, three news publications—USA Today, the Associated Press, and Vice Media—all sued the FBI under the Freedom of Information act to try and force it to reveal details about the anonymous company and how much it charged to break Apple’s older security features. But U.S. District Court Judge Tanya Chutkan ruled that the information is properly classified national security secrets and therefore exempt from disclosure under the FOIA. It’s believed that the FBI paid $900,000 to access the iPhone.