Hackers may have cracked San Bernardino terrorist's iPhone for FBI

Law enforcement officials used a previously unknown software flaw discovered by paid hackers to crack the phone, sources tell the Washington Post.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
James Martin/CNET

The FBI may have gotten help in cracking into an iPhone used by one of the San Bernardino terrorists from an unusual ally: professional hackers.

The iPhone was cracked after hackers brought a previously unknown software flaw to the attention of the FBI, according to a report Tuesday by the Washington Post. The flaw was then used to fashion hardware that the FBI used to unlock the iPhone 5C used by Syed Farook without activating its auto-erase feature, sources described as close to the matter told the Post.

The hackers were paid a one-time fee for the information, according to the report, which did not describe the nature of the flaw identified by the hackers.

Apple and FBI representatives did not immediately respond to requests for comment.

The report comes about three weeks after the US Department of Justice said it had -- with the help of a third party -- successfully accessed data on a phone used by a terrorist in December's deadly attack in San Bernardino, California. The Justice Department's revelation came as part of a lawsuit it had filed against Apple to force the iPhone maker into helping it create software to defeat the device's security feature.

The help that the FBI received comes from a community most commonly associated with crimes the FBI itself investigates -- security breaches designed to steal sensitive data or wreak havoc on the Internet. But others, known as "white hats," are professional researchers hired by companies to seek out flaws in their network, system or software. Facebook, Google and Microsoft are just some of the companies who have used such an arrangement to secure their products.

The Justice Department has not publicly disclosed the flaw it leveraged to hack the phone or whom the mysterious third party is but has briefed members of Congress on the method. After the FBI indicated in an earlier filing it might not need Apple's help after all, some reports identified Cellebrite, a privately held Israeli company that specializes in transferring or extracting data from phones, as the third party. Cellebrite declined to comment on the reports at the time.

Technology companies and rights groups argue that strong encryption, which scrambles data so it can be read only by the right person, is needed to keep people safe and protect privacy. Law enforcement argues it can't fight crimes unless it has access to information on mobile devices. The standoff between Apple and the FBI brought more attention to the encryption battle, which is sure to keep going.