San Bernardino iPhone was hacked using a zero-day exploit

54
Source:   —  April 13, 2016, at 9:37 AM

The phone was said to contain relevant information that the FBI really wanted their mitts on, and the WA Post today reports that it was able to, with the assistance of professional hackers using a security flaw in the iPhone that was previously unknown.

San Bernardino iPhone was hacked using a zero-day exploit

When a couple of terrorists attacked and killed fourteen people in San Bernardino, California in December latest year, an iPhone 5c was recovered, and it’s been in the news nearly as much as the terror attack itself. The phone was said to contain relevant information that the FBI really wanted their mitts on, and the WA Post today reports that it was able to, with the assistance of professional hackers using a security flaw in the iPhone that was previously unknown.

We already knew that the FBI had successfully hacked the phone when it postponed and later abandoned a valid case against Apple to unlock the phone, but until now, it remained a mystery how it happened. According to the WA Post, hackers were able to access the data on the phone by using a ‘new’ security weakness in the iPhone, in what's called a zero-day exploit. In this case, it appears that the exploit was specific to the iPhone 5c, and that the attack vector used to obtain the data from the phone wouldn’t have worked on current-generation phones.

It's believed that the hackers were able to discover a way to get round the brute-force protections built into the iPhone. There are two: The first gradually increases the delay between each PIN attempt; you can attempt this on your own iPhone by typing in the 4-digit pin three times. It then makes you wait for a minute. Obtain it incorrect again, and it makes you wait for five minutes. The second security measure is that if the PIN is entered incorrectly ten times, the default is to irrecoverably wipe the device completely.

The reason why this is such a huge deal, is that a 4-digit pin on its own isn’t much of a deterrent: There are only 10.000 different combinations. If you’re able to attempt a combination every second, you’re likely to have opened the phone in below three hours. Even if the hack delayed the process slightly if it takes thirty seconds to enter a password, discover it’s the incorrect one, reset the security measures and attempt again, it'd still only take three days and eleven hours to attempt every possible combination.

The hack enabled the FBI to apparently use a custom-fabricated piece of hardware to brute-force all the possible four-digit passwords, eventually finding the exact PIN, and then accessing the contents on the San Bernardino iPhone.

The FBI reportedly paid an unnamed independent security contractor an one-time fee for the information on the security exploit, which evidently was all it needed to crack the phone.

 

Featured Image: Peter Kaminski/Flickr BELOW A CC BY 2.0 LICENSE (IMAGE HAS BEEN MODIFIED)

READ ALSO
Google Calendar’s newest feature uses machine learning to assistance you actually achieve your goals

Google Calendar’s newest feature uses machine learning to assistance you actually achieve your goals

The feature is presently available for Calendar’s Android and iOS apps. Goals are set up by clicking into a category (which currently comprise Exercise, “Build a Skill,” and “Me Time,” though they can also be customized) and selecting a specific...

65
Indonesian photo-sharing app PicMix scores $3M Series A

Indonesian photo-sharing app PicMix scores $3M Series A

The first near consists of $1 million from Gobi Partners, while the remaining final near of $2 million is from a strategic investor that hasn’t been disclosed yet.

72
Sean Parker is on a mission to solve cancer

Sean Parker is on a mission to solve cancer

Cancer immunotherapy is his following huge bet. The Napster founder and former Facebook president persuaded hundreds of top scientists within various research universities across the U.

91
Toxic Pesticide-Ridden Soil Detected At Site For New Bay Area School

Toxic Pesticide-Ridden Soil Detected At Site For New Bay Area School

Kimberly Beare, a spokeswoman for the Morgan Hill Unified School District, said “we found a no of toxins in the soil actually.&#eight thousand two hundred twenty-one; The Morgan Hill Unified School District made the discovery because that’s where they map to construct...

54