FBI Director James Comey said Tuesday that the agency was still studying how a third party was able to access a locked iPhone used by one of the attackers in San Bernardino. She said that process, known as the vulnerabilities exploit process, “cannot perform its function without significant details about the nature and extent of a vulnerability”.
Advertisement
The FBI successfully unlocked the San Bernardino County-issued cell phone belonging to Syed Rizwan Farouk, one of the two attackers in the December rampage, following a drawn-out legal battle with Apple pertaining to the tech company’s obligation to aid law enforcement.
After failing to crack the security codes itself and seeking a court order that required iPhone-maker Apple to write new software to disable the phone’s passcode protection, officials last month paid an outside firm more than $1.3 million to gain access.
Following the successful data mining from the terrorist’s iPhone 5C, in accordance to the controversial Vulnerability Equities Process, FBI is required to share its method in hacking the iPhone.
Hess went on to explain that the agency now does not “have enough technical information about any vulnerability that would permit any meaningful review” under the Vulnerability Equities Process.
According to several United States government sources, the Federal Bureau of Investigation contractor that unlocked the shooter’s phone was a foreign entity and did not give U.S. authorities details of the mechanism. “If the method is viable, it should eliminate the need for the assistance from Apple…set forth in the All Writs Act Order in this case”.
“As we have said previously, these cases have never been about setting a court precedent”, Pierce said in a statement after the DOJ abandoned the Brooklyn case last week.
“If the government can circumvent the process merely by buying vulnerabilities, then the process becomes a farce”, Christopher Soghoian, chief technologist at the American Civil Liberties Union, told the WSJ.
Nojeim added that he was disappointed with the FBI’s handling of the case, which indicated the agency failed the obtain the rights necessary to disclose the vulnerability.
The FBI has notified the Obama administration of its decision, Ms. Hess said.
If you want the safety of your devices to be better than Apple and FBI’s relationship, you should update to the latest version (if you can) and make sure you’re not in that 20 percent of vulnerable devices.
Advertisement
Though one can imagine a scenario in which the Federal Bureau of Investigation would hold onto its secret for “a little while”, vulnerabilities generally should be reported to the company so they have an opportunity to patch them, said Susan Landau, a cybersecurity policy professor at Worcester Polytechnic Institute.
