2 min read

FBI paid over $1.3 million to hack into San Bernadino iPhone that contained 'nothing of real significance'

Graham CLULEY

April 22, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI paid over $1.3 million to hack into San Bernadino iPhone that contained 'nothing of real significance'

Speaking at the Aspen Security Forum in London, FBI Director James Comey has suggested that the agency paid over $1.3 million in order to unlock the iPhone 5C used by Syed Farook Rizwan, one of the terrorists behind last December’s attack in San Bernardino, California.

farook-iphone-600

Comey didn’t come out in plain sight and state the cost of purchasing the exploit from gray-hat hackers, but an answer he gave to a journalist’s question helped quick-witted folks at Reuters do the calculation for themselves.

Comey was asked how much had been paid. His response?

“A lot. More than I will make in the remainder of this job, which is seven years and four months for sure. But it was, in my view, worth it.”

Reuters took that response, and compared it to Comey’s salary (a matter of public record):

“According to figures from the FBI and the U.S. Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.”

“That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.”

Despite online speculation, it is still unknown who helped the FBI crack into the iPhone (I think we can probably exclude anti-virus veteran John McAfee…), but we do know that in the past controverisal vulnerability broking firms such as Zerodium have offered huge amounts of money for iOS zero-day exploits that they can then sell on to intelligence agencies and other interested parties.

Of course, the most expensive exploits are those which can be used remotely, without physical access to the device that is being attacked, and work on the latest and greatest devices – not the San Bernardino iPhone 5C that was in the possession of FBI investigators.

Whether you think the amount of money paid by the FBI for the ability – without the help of Apple – to crack into the iPhone used by Syed Farook Rizwan is appropriate or not is up to you.

But what we do know is that, according to the FBI themselves, ‘nothing of real significance’ was found on the device.

Apple`s security engineers have worked tirelessly for years, strengthening the iOS operating system from attacks, and things have measurably improved since the iPhone 5C was first launched.

However, the FBI has not disclosed to Apple details of how the iPhone 5C was broken into. Which means that potentially anyone who owns an iPhone 5C, including US government employees, remains at risk.

I think it’s good that Apple wasn’t forced to create a new vulnerability to allow the FBI to break into the San Bernardino iPhone 5C, and am pleased that an existing exploit was used instead. However, I remain concerned that the security hole remains present, and that others could still exploit it.

Unpatched vulnerabilities put the security and privacy of all of us at risk.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read