How much is a hack worth that gets you into an iPhone without any useful data on it? If you're the FBI, that'll be at least US$1.3 million. And according to FBI Director James Comey, it was money well spent.
Director Comey said that's how much the government paid for the exploit that got agents into the San Bernardino shooter's iPhone 5c. He said the cost was worth it because the FBI will be able to use the technique to get into more iPhones running iOS 9.
FBI paid over $1 million for San Bernardino iPhone hack
Director Comey didn't say exactly how much the FBI paid for the hack, but when asked at the Aspen Security Forum in London on Thursday he said, "A lot. More than I will make in the remainder of this job, which is seven years and four months for sure."
According to Reuters, his current salary is $183,300 a year. Doing the math, that means the FBI paid at least $1.314 million for the hack.
The iPhone was recovered from Syed Farook and his wife, Tashfeen Malik, after they were killed in a shootout with police. The two opened fire on their San Bernardino county coworkers last December, killing 14 and injuring 22.
Law enforcement wanted Apple to help unlock the iPhone, which had been issued to Mr. Farook as part of his job with the county. Apple said it didn't have any way to access the encrypted data on the device, so the FBI obtained a court order telling Apple to create a version of iOS that didn't include the safeguards preventing brute force attacks on passcodes.
Apple said complying with the order would be inappropriate because the government doesn't have the authority to force companies to create tools to bypass their own security features and encryption. Apple also said complying would set a dangerous precedent where other companies could be forced to do the same, or create backdoors into their own encryption.
The FBI eventually dropped its legal fight after obtaining a hacking tool from an unidentified third party—a tool we now know cost over a million dollars. The agency confirmed this week there wasn't any useful data on the iPhone, which isn't surprising because that's something we already suspected and was leaked to news outlets last week.
That's a lot to pay to get into a device law enforcement already assumed didn't hold any useful information, and that should've been enrolled in the county's mobile device management system—which would've given law enforcement direct access to the iPhone's encrypted content without needing any outside help.
The FBI originally said they only wanted to get into this one iPhone, and that it was a one-off deal. That argument fell apart as similar FBI cases surfaced and other law enforcement agencies said they wanted access to encrypted iPhone data, too. The FBI already made it clear it plans to continue using the exploit it bought, and currently doesn't have any plans to share it with Apple, leaving thousands of phones at risk of attack should anyone else discover how the hack works.
Was the money the FBI shelled out for the hack worth it, even knowing Apple will likely find a way to patch the exploit soon? According to Director Comey, it was.
"It was, in my view, worth it," he said.