FBI won’t be forced to reveal San Bernardino iPhone hacking tool

The Associated Press, USA Today and Vice News have failed in their attempt to reveal the hacking tool the FBI used to access San Bernardino terrorist Syed Farook’s iPhone. Judge Tanya Chutkan denied their request in a summary judgment ruling issued late on September 30th, arguing that the risks involved in naming the vendor (and thus the tool) or the price paid are too serious to honor a Freedom of Information Act request. It would make the company a target for retaliatory hacks and exploits that it likely couldn’t withstand, Judge Chutkan said, while the price would tell “adversaries” how readily the FBI can use the tool in the future.

She also rejected the argument that former FBI director James Comey’s mention of a “very high” price equated to official disclosure that compelled a wider release. The information had to be more specific than that, according to the ruling. And while Comey noted that the tool was only effective against an iPhone 5c running iOS 9, the FBI could theoretically find a way to expand its usefulness or ask the developer to build a similar implementation. If the vendor is exposed, Judge Chutkan said, this could “hurt the FBI’s future efforts to protect national security.”

This isn’t going to please privacy advocates concerned that the FBI has such power, especially as it might be maintaining this power solely through obscurity — it might get into your phone only because an outside security researcher hasn’t discovered the flaw yet. And is the theoretical future usefulness of the tool a good enough excuse to keep it under wraps? At the same time, it’s hard to ignore the likelihood that any public disclosure would likely invite some kind of retaliation. The judge had to strike a difficult balance, and it’s not necessarily clear that it’s the right balance.

Source: ZDNet, DocumentCloud

Engadget RSS Feed

Senator confirms FBI paid $900,000 to unlock San Bernardino iPhone

In early 2016, Apple was embroiled in a battle with the FBI over privacy, specifically whether it could (or would) crack an iPhone 5C following the San Bernardino terrorist attack. Apple refused to specifically create a backdoor piece of software that would circumvent the security protections built into iOS, citing concerns for the privacy of the other millions of people out there using iPhones and iPads. Ultimately, it became a moot point: the FBI purchased software to crack the iPhone in question. The agency refused to say how much it spent, but now Senator Dianne Feinstein has revealed that it cost $ 900,000 to break into the shooter’s phone.

That’s less than the $ 1.3 million that was estimated before, though that estimate was a back-of-the-napkin calculation based on a statement from FBI director James Comey. He said that the cost to the FBI was greater than what he’d make in the seven years and four months leading up to his retirement. Reuters did the math based on his salary, but it looks like the figure wasn’t quite accurate.

Senator Feinstein noted the $ 900,000 figure this past Wednesday while questioning Comey at a Senate Judiciary Committee oversight hearing. “I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $ 900,000 to hack it open,” Feinstein said (as reported by the AP). She would know — she’s the top the Democrat on the Senate committee that oversees the FBI.

Until this statement, the FBI has refused to disclose either how much it spent to break into the San Bernardino iPhone; it also has protected the identity of the individual or company that broke into the phone. The agency has said both of those pieces of information are classified.

Via: Popular Mechanics

Source: Associated Press / CNBC

Engadget RSS Feed

India wants the tech used to unlock the San Bernardino iPhone

Israeli forensics company Cellebrite helped the FBI access the contents of a suspect’s iPhone 5c following the shooting in San Bernardino last year. Now India is in talks to buy the company’s tech that will allow it to unlock phones and other devices. The Economic Times reports that India’s Forensic Science Laboratory (FSL) is purchasing the tool and should have it in hand within a month. What’s more, the FSL says India will be “a global hub for cases where law enforcement is unable to break into phones.” In other words, the India government will lend a hand to other countries that need to crack encrypted devices.

The Economic Times reports that the Indian government has already enlisted help from Cellebrite in “a few cases,” but now it will have the encryption cracking tech on hand to use as needed. Details are scarce on if the country will be the exclusive owner of the technology or under what circumstances it will make the resource available to other governments around the world. It’s also not a done deal yet, but FSL officials seem confident the government will complete the purchase soon. There’s no word on how much the transaction will cost, but the FBI paid Cellebrite over $ 1 million for its services in the San Bernardino case.

Via: 9to5Mac

Source: The Economic Times

Engadget RSS Feed