The FBI paid professional hackers to unlock the suspected San Bernardino shooter's iPhone after a months-long unsuccessful attempt to force Apple to create decryption software, the Washington Post reported on Tuesday.
The hackers reportedly discovered and alerted the bureau to at least one previously unknown security flaw in the phone's software, which they then used to create hardware that helped the FBI crack the phone's passcode.
Previous speculation on who would help the FBI in lieu of Apple had pointed to the Israeli security firm Cellebrite, but the bureau apparently turned to a different service in this case, the Post noted.
Reporter Ellen Nakashima writes:
Some hackers, known as "white hats," disclose the vulnerabilities to the firms responsible for the software or to the public so they can be fixed and are generally regarded as ethical. Others, called "black hats," use the information to hack network and steal people's personal information.
At least one of the people who helped the FBI in the San Bernardino case falls into a third category, often considered ethically murky: researchers who sell flaws—for instance, to governments or to companies that make surveillance tools.
This last group, dubbed "gray hats," can be controversial. Critics say they might be helping governments spy on their own citizens.
"Some of the most admired tech experts/hackers are those who find vulnerabilities/exploits & sell them to the US govt," tweeted journalist Glenn Greenwald.
The government must now decide whether to disclose the security flaws to Apple, Nakashima wrote, "a decision that probably will be made by a White House-led group."
FBI director James Comey has previously expressed hesitation at sharing the information, positing last week that Apple would "fix it and then we're back where we started from." He said the hack only works on iPhone 5C models running the iOS 9 operating system.
But as experts have long noted, there is more at stake than just one case or one phone, and new risks are raised through this development. Whistleblower Edward Snowden said Wednesday on Twitter, "Prediction: FBI's refusal to disclose security holes found during iPhone hack will result in attack being globally available by year's end."
Andrew Crocker, staff attorney with the digital rights group Electronic Frontier Foundation, added:
✅ paid for
✅ a previously unknown
✅ flaw in iOS
✅ used it to hack phone
❌ Didn't consider disclosing to Applehttps://t.co/Yx1L28KGTT
— Andrew Crocker (@agcrocker) April 13, 2016