According to a report in The Washington Post, the FBI has enlisted the assistance of hackers who deal in previously unreleased vulnerabilities to access the iPhone 5c of the domestic terrorists who killed 14 people in San Bernardino last December.
Zero-day flaws are traded routinely traded by criminal gangs and other nefarious parties. As these flaws are unreported, companies, such as Apple, are unaware that the flaw exists and, therefore, have not released updates to their software that plugs the breach.
The flaw that the FBI is said to have exploited allowed it to build a piece of hardware that let it crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data.
The FBI’s use of this technique signals, in my view, a dangerous escalation in the battle between advocates of privacy and law enforcement.
If the report is true – and it’s important to note that this report has not been confirmed by the FBI at this time – it suggests the FBI is prepared to enlist the assistance of criminals in order to breach the privacy of a closed system.
Law enforcement agencies have long used criminals as informants and, after they have completed jail sentences, as consultants. But if they have enlisted the agency of illegal operatives working on the dark web, in this case, it represents an escalation in their quest to overcome the protections many of us rely on with our personal devices.
According to the report, the US Government now has to decide if it will disclose the flaws to Apple. That call is likely to be made by a White House-led group.