25 April 2016

iPhone hack cost more than a million dollars

The BBC has an article about the FBI and the iPhone:

The FBI paid at least $1.3 million dollars to hack into the iPhone used by one of the San Bernardino, California killers, it has been estimated.
The figure was calculated based on comments by FBI director James Comey (photo), who said that the agency had paid more to get into the phone than he "will make in the remaining seven years" in his post. That would make it the largest publicized fee for a hacking job. Comey added that it was "worth it".
The calculation was based on a projection of Comey's annual salary which, in January of 2015, was $183,300. This has been multiplied over the next seven years and four months that he will remain in his job. The figure does not factor in pay rises or bonuses.
The FBI has never named the security firm or group of hackers that helped unlock the phone but, whoever it was, provided either software or hardware that helped crack the four-digit identification number without triggering a security feature that would have erased all data after ten incorrect guesses. Comey said that the same method could be used on other 5C iPhones running IOS 9 software.
According to research firm IHS Technology, there are about sixteen million such phones in use in the US and more than eighty percent of them run iOS 9 software, according to Apple.
The case has been hugely controversial, largely because of the spat with Apple, which had been resisting a court order requiring it to write new software to allow officials to access Syed Rizwan Farook's phone, who, with his wife and his wife killed fourteen people in San Bernardino in December of 2015. Both were shot dead by police.
The FBI argued that it needed access to the phone's data to determine if the attackers worked with or were supported by other people and were planning other targets.
It is unclear how much information has been gleaned since the phone was opened. Some news outlets have reported that, so far, the FBI has not found anything of interest on the device. The case has raised the debate over whether technology firms' use of encryption is a good thing for consumer privacy, or damaging to public safety.
There is big money to be made from helping the authorities to find bugs in software.
Last year, Zerodium, a firm that negotiates bug bounties, offered a million dollars for a web-based exploit against iOS 9, and that bounty was subsequently claimed.
