Rumor: Hackers helped FBI with zero-day leak to crack iPhone
The FBI reportedly received the help not from an Israeli company to unlock the iPhone of the man who committed an attack in San Bernardino, but from so-called ‘gray hat’ hackers. They would have provided a zero-day leak for a one-time payment.
It would be “at least one zero-day leak,” writes The Washington Post, citing sources familiar with the investigation. The vulnerabilities allowed the FBI to write software to circumvent the security. At the end of March, an Israeli newspaper wrote that security company Cellebrite provided the method, but according to The Washington Post this is not correct.
There are a number of companies worldwide that trade in zero-day exploits. A well-known company is, for example, the French Vupen. A lot of money can be made by trading in vulnerabilities that have not yet been patched. Other names include Netragard, ReVuln, Auriemma and EndGame. It is suspected that states also regularly knock on their door to use vulnerabilities in building espionage tools.
Last week, an FBI chief said the agency is unsure whether the vulnerability should be released to Apple so that the company can close it. The method would not work on iPhone models newer than the 5C.