FBI director James Comey has a couple revelations about the San Bernardino shooter's iPhone unlock hack. The first is that it doesn't work on phones newer than the iPhone 5c, and the second is that he doesn't want Apple to fix the exploit they used to get in.
The FBI says the big iPhone exploit it bought is safe, so they don't need to tell Apple about it
In a CNN Money interview, Mr. Comey said the iPhone 5c was hacked with a "tool" the FBI purchased from an unnamed party. News of the unspecified tool first surfaced when the FBI put on hold its legal fight with Apple over a court order to create a hackable version of iOS. The FBI later dropped its fight after finding an alternate way into the iPhone.
Mr. Comey said, "Litigation between the government and Apple over the San Bernardino phone has ended, because the government has purchased, from a private party, a way to get into that phone, 5c, running iOS 9."
While he wouldn't elaborate on what the tool is, he did say it isn't universal. Instead, it works on what he called a "narrow slice" of iPhone models that doesn't include the iPhone 5s or newer, which all include the Secure Enclave security feature.
The iPhone in question was issued to Syed Farook by his employer, San Bernardino County's Public Health Department, and was recovered after he was killed in a shootout with police following a shooting spree where he killed 14 of his coworkers and injured 22 others. Mr. Farook's wife, Tashfeen Malik, was involved in the mass shooting, too, and was killed along side him.
Now that the FBI has a way to hack into at least some iPhone models Mr. Comey doesn't want to tell Apple how the hack works. "We tell Apple, then they're going to fix it, then we're back where we started from," he said.
That's concerning because now the whole world knows there's a big iPhone security exploit and hackers, criminals, and foreign governments would love to get their hands on it. Considering people in the FBI, the parties that made the hack, and now select members of Congress know what it is, at some point the exploit will leak—and when it does, Apple will have to scramble to get a fix in place.
Director Comey thinks those concerns are unwarranted and that the hack will stay safe. "The people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours," he said.
That sounds well and good, but secrets don't like to stay secret, and a hack like this is worth big money. Mr. Comey may think this secret is safe, but he shouldn't ever underestimate the power of greed.
Put enough zeroes on a check and someone will spill the beans, and when that happens the FBI, Director Comey, and the Department of Justice will have knowingly compromised the safety and security of thousands of iPhones around the world. That's a big price to pay for a hack that doesn't look like it will net any useful information from Syed Farook's iPhone.