The iPhone exploit that allowed the FBI to access an iPhone 5c used by terror suspect Syed Farook is unlikely to be shared with Apple, according to a new report. It is thought the flaw was found by a private company that maintains ownership of it.
Apple will be very interested in the flaw since there is a possibility it could be used to hack into other devices. If it has been found once, there’s always a chance it will be found again by bad actors who aren’t looking to help law enforcement agencies.
However, it seems unlikely at this point that Apple will get a chance to fix it, because it probably isn’t going to get any information about it. According to a report from Reuters, the private firm that discovered the flaw maintains ownership of it and will want to keep it that way.
Although there is a White House policy, called the Vulnerabilities Equities Process, which states digital security flaws like this one should be made public so that they can be addressed, it does not cover vulnerabilities discovered by private companies.
As a result, the firm that supplied the FBI with its hack does not have to disclose its methods if it doesn’t want to. And as long as it’s a secret, the firm can continue to sell its information to other agencies, whereas a fix from Apple would obviously prevent that.
The Reuters report contradicts an earlier article from The Washington Post, which claimed the FBI’s hack was provided by a team of “professional hackers,” rather than a security firm. It was initially believed that Israeli firm Cellebrite was behind it, but The Post dismissed that idea.
The FBI confirmed it had gained access to the iPhone used by Farook without Apple’s help in late March, more than a month after the Justice Department ordered the Cupertino company to create a backdoor that would allow entry without a passcode.
The FBI, which has already dropped its case against Apple, revealed this week that it has found no information of any “real significance” on the handset yet.
Apple has stated that it will not sue the FBI for not disclosing its hack because the flaw in iOS will soon be obsolete. It’s thought it is limited to a very small number of devices anyway — specifically the iPhone 5c running a certain version of iOS — and is fixed in later updates.[Reuters via AppleInsider]