FBI Bought $1M iPhone 5C Hack, But Doesn't Know How It Works

An anonymous reader writes: The FBI has no idea how the hack used in unlocking the San Bernardino shooter's iPhone 5C works, but it paid a sum less than $1m for the mechanism, according to a report. Reuters, citing several U.S. government sources, note that the government intelligence agency didn't pay a value over $1.3m for purchasing the hack from professional hackers, as previously reported by many outlets. The technique can also be used as many times as needed without further payments, the report adds. The FBI director, James Comey, said last week that the agency paid more to get into the iPhone 5C than he will make in the remaining seven years and four months he has in his job, suggesting the hack cost more than $1.3m, based on his annual salary.

Re:Restored from iCloud

[Lab Rat Jason]

Sure you're being funny, but that actually is a serious concern here: On one hand, is it forensically legitimate if they can't explain how they got the evidence? (and for that matter does the FBI even CARE about keeping it legal anymore), and on the other hand, does the FBI even know if the wool is being pulled over their eyes if they don't know how it works???

Finally, I seriously doubt they took the phone outside of an FBI facility to perform the hack, which implies that someone was brought in to the FBI facility to perform the hack... do you really think they let that person walk out without explaining how they did it? You're telling me they didn't search the hackers laptop?

It all sounds a little too implausible for me.

Re:

[gtall]

"I seriously doubt they took the phone outside of an FBI facility to perform the hack, which implies that someone was brought in to the FBI facility to perform the hack"

So, you failed Logic 101, eh?

Re:

[Bartles]

The FBI claims it doesn't know how it works (or it deliberately avoided asking or learning how it works) so it can avoid all FOIA requests pertaining to that information. This is the age of Obama and Clinton. That's how it works now.

Re:

[AK Marc]

Did you forget that the Republicans ran an alzheimer's sufferer for president so "I do not recall" would be backed by medical evidence? Clinton and Obama didn't do anything that wasn't already done by Nixon and Reagan. That's why the Republicans are so mad. Using their own tactics against them isn't fair.

Re: Restored from iCloud

[Bartles]

No they didn't. He wasn't diagnosed until 1994. And as far as I know, he never testified under oath.

Re:

[Bartles]

OK, I'll add the qualifier. He never testified under oath as POTUS.

Re:

[AK Marc]

Yeah, and I was never diagnosed with dyslexia, I just had a qualified person tell me that I should never get tested, because I have all the symptoms and if I were diagnosed with it, I'd end up in special ed with the people who can't dress or feed themselves (hey, it was before the enlightened times).

And plenty of people claim the symptoms were obvious, despite the cover-up of it while he was serving as president.

An did you need another link to him being sworn in? Or can we consider that issue covered?

Re:

[Plus1Entropy]

He wasn't diagnosed until 1994.

That doesn't mean he didn't have it before that.

Re:

[Bartles]

Sure. There's nothing that says he wasn't a space alien as well.

Re:

[Plus1Entropy]

Nice strawman. Alzheimer's often goes undiagnosed until it enters the later stages and becomes more obvious. That's even true today, with much more awareness, research, and technology to help, let alone 20+ years ago.

Re:

[Obfuscant]

There's nothing that says he wasn't a space alien as well.

Nice strawman.

This entire sub-thread is a straw man and irrelevant to start with. Reagan has nothing to do with the iPhone hack or the FBI.

Alzheimer's often goes undiagnosed

And space aliens have yet to be identified despite decades of living amongst us. At least that's what the space aliens would claim. And we have a lot more awareness and technology to help us detect them today, let alone 20+ years ago. So, there's nothing to say he wasn't a space alien, either. It's just mud-slinging to make such accusations so long after the fact and without any medic

Re:

[mrchaotica]

NDAs do not and cannot be allowed to trump FOIA requests!

NDA and FOIA

[Anonymous Coward]

Actually, material under NDA is specifically exempted from FOIA. Otherwise nobody would ever send proprietary information (like a proposal responding to a Request for Proposals) to the government.

Re:

[rtb61]

The FBI are trapped, either they were stupid in their investment in failing to pay for open access to the method to ensure legal requirements when evidence is presented as being gained by this method or they are lying. The reason for the lie, they would be criminally negligent for failing to inform citizens seeking to ensure security and generate revenue by that provision of security, of the methods by which that security is broken. This also extends to individuals citizens should their phone be illegally

Re:

[Obfuscant]

On one hand, is it forensically legitimate if they can't explain how they got the evidence?

"Your honor, you see, there's these spinning platters covered with magnetic material. Floating about 2 microns above the surface of these platters are some very very tiny magnetic sensors attached to a moving arm. The arm is controlled by a servo ... NRZ ... bit stuffing ... FFT ... JPEG ... CPU ... RAM ... USB ... PostScript ... photosensitive transfer belt ... toner ... fuser ... [three hours later] ... and that's how we recovered the digital photo of the defendant holding the severed head of his victim

Seriously manishs?

[110010001000]

This is the second dupe in a few hours. Seriously? Do you get paid twice every Friday?

Re: Seriously manishs?

[Namarrgon]

This story wasn't cheap, but it can be used as many times as needed without further payments.

How does it work?

[Laser_iCE]

"I do not recall."

What did yo expect?

[Lead Butthead]

"Your tax dollars at work."

US needs to fund its own hackers.

[BoRegardless]

Given the nature of the millennial shift to electronic everything everywere, IOT, the US had better figure out how to set up its own mega sized hacking teams which aren't limited by USGovt pay grades.

Re:

[Imrik]

If they did that, they'd be required to inform companies of the details of the holes in their security.

Re:

[QuantumLeaper]

Bill never said that, nor did PT Barnum, but it was said about Barnum's customers.

Re:

[LiENUS]

I've read aloud the Gettysburg Address. If you were quoting it would you attribute it to me? or Abraham Lincoln?

Re:

[Imrik]

Depends on my objective in quoting it.

William Gibson was prescient

[mileshigh]

Reminds me of scenes from Gibson's Neuromancer-era books where people could illicitly buy "ice" to penetrate a particular type of target. Ice for hard targets was pricey but very user-friendly: just a particular shape they dropped onto the target in their VR headset and then watched it eat its way in, all without knowing its workings.

Re:

[Tablizer]

How is that different from many patents? The hard part is often experimenting and testing, NOT the construction itself.

For example, Thomas Edison tested thousands of materials before he settled on the best one for his new light bulbs. The actual manufacturing of the filament was relatively mundane.

And as maintenance coders, sometimes we find the solution to a bug is one line of code. Newbie managers then balk at paying so much for changing one line. You then tell them the hard part is finding and knowing wh

He "earned" it

[Tablizer]

director, James Comey, said last week that the agency paid more to get into the iPhone 5C than he will make in the remaining seven years and four months he has in his job, suggesting the hack cost more than $1.3m, based on his annual salary.

Good, he's shown he's not smart enough to deserve more.

Re:

[pr0fessor]

There are over 3000 counties in the US even at $10k each they could make a lot of money off of sheriff departments and state police then rinse and repeat a year from now when an apple update makes it not work anymore.

Maybe the terrorist told the grup the password

[future assassin]

and then they both cashed in on it. I bet it was DirkaDirka

I bought a burger and it was less than $1m.

[fishscene]

It was delicious. ...sorry, I'm feeling super sarcastic today.

Why should we believe him?

[Gravis Zero]

Seriously, the FBI and Comey in particular have flat out lied so many times in the past year that I honestly can't think of a reason why anyone should believe the things they say.

$1M paid by taxpayers not FBI

[schwit1]

The FBI should have to get congressional approval(power of the purse) to spend this kind of money when there is no specific line item in the FBI's budget.

Re:

[chill]

If you think something like "cyber forensic tools" isn't a specific line item in the FBI's budget, you're crazy.

Their total budget for 2015 was just over $8.3 Billion. I'm sure they could find room under their Cyber, Criminal or Intelligence categories to pull $1.3 million from for a tool to hack the phone in a case like this one.

Feds bad at computers

[RightwingNutjob]

News at 11. Duh.

Aiding and abetting the enemy is a Federal Crime

[Sir Holo]

FTA:

FBI Guy says, "The FBI confirmed that it would not tell Apple about the security flaw exploited in the hack, partly because the law enforcement agency does not know how it works." [And they won't tell either, so whatever they do with it is their own business. Wah.]

Thanks for keeping us all safe by violating Federal Law!

Wait, what?!

[wwalker]

Something doesn't quite add up in this story. So, the FBI has this black box that they don't know what it does and how it works. All they know is that you put an iPhone into it, and it produces supposedly decrypted data from the said iPhone? How can they verify that it actually does a complete and accurate job? That it doesn't introduce some random files, or hides some information? Either FBI is lying again, or they bought something that's completely useless, as I don't see how any judge would accept the re

Lol

[Gyuftufy Trutfu68]

They know how it works.. They're doing it to mine now