Phone hack­ers for hire: a peek into the dis­creet, lu­cra­tive business tapped by the FBI

Jonathan Keane finds that many com­pa­nies could hack a phone, but, un­sur­pris­ingly, they don’t ad­ver­tise

PC Advisor - - NEWS: ANALYSIS -

hen the FBI paid some­one to crack the San Bernardino shooter’s iPhone, it didn’t just deftly by­pass Ap­ple’s ob­jec­tions. It also made the pub­lic aware of the business side of hack­ing – a business that is ap­par­ently as lu­cra­tive as it is dis­creet. “The re­cent ar­gu­ment be­tween Ap­ple and the FBI over un­lock­ing an iPhone has likely re­vealed to the pub­lic for the first time that com­pa­nies who spe­cialise in crack­ing mo­bile de­vices even ex­ist,” said Bill An­der­son, chief prod­uct of­fi­cer at Op­tioLabs (op­tiolabs.com), a mo­bile-se­cu­rity de­vel­oper.

Ev­ery­thing we learn about the FBI’s hack­ers makes the sit­u­a­tion more in­trigu­ing. Ini­tial re­ports in­di­cated the agency was us­ing the ser­vices of Is­raeli mo­bile foren­sics firm Cellebrite to crack open Syed Rizwan Fa­rook’s iPhone. Since then, a re­port in the Washington Post claimed the FBI hired in­de­pen­dent pro­fes­sional hack­ers, who used a zero-day ex­ploit (a vul­ner­a­bil­ity

Wun­known to Ap­ple). An­other re­port re­vealed that the FBI is now will­ing to help lo­cal law en­force­ment agen­cies around the coun­try crack iPhones they have in ev­i­dence.

Though the FBI has re­mained quiet on any specifics, a re­cent re­mark by FBI Direc­tor James Comey sug­gested the fee for the hack was well over a mil­lion dol­lars. Most re­cently, the FBI de­clined to di­vulge de­tails to an­other gov­ern­ment pro­gram (the Vul­ner­a­bil­i­ties Eq­ui­ties Process), claim­ing ig­no­rance of how the hack ac­tu­ally worked.

Cellebrite, or who­ever it may be, is just one com­pany that can at­tempt to un­lock a phone in law en­force­ment’s pos­ses­sion, but now we – and profit-minded hack­ers – also know how prof­itable this business can be, pointed out Shane McGee, chief pri­vacy of­fi­cer at cy­ber­se­cu­rity firm FireEye. “That pub­lic­ity is like a bea­con to vul­ner­a­bil­ity re­searchers and se­cu­rity ex­perts that would oth­er­wise show lit­tle in­ter­est in hack­ing iOS,” he told us.

Be­yond one phone

Fa­rook was us­ing an iPhone 5c, so there could be other vul­ner­a­bil­i­ties in this phone and oth­ers that have yet to be found – and pos­si­bly mon­e­tised. “While most re­searchers that dis­cover vul­ner­a­bil­i­ties prac­tice

The ar­gu­ment be­tween Ap­ple and the FBI over un­lock­ing an iPhone has likely re­vealed to the pub­lic that com­pa­nies who spe­cialise in crack­ing mo­bile de­vices even ex­ist

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.