A new report by the Washington Post reveals that the FBI has partnered with an Australian security firm called Azimuth Security to unlock the iPhone linked to the 2015 San Bernardino shooting.
The methods used by the FBI to unlock the iPhone throughout this period remained secret, and the confirmed information was that Apple was not involved in the process.
The company refused to build a” back door “in the phone, software that allows it to access users’ phones without their knowledge and is exploited by hackers to carry out their attacks, setting off a legal battle that ended after the FBI successfully hacked the phone without Apple’s help.
The phone at the scene of the conflict was confiscated after its owner, Syed Rizwan Farouk, carried out an attack that killed 14 people. The FBI tried to access the phone, but was unable to do so due to an iOS 9 feature that would erase the phone after a certain number of failed password attempts.
Apple has tried to help the FBI in other ways, but has refused to build a passcode bypass system for its phones, saying such a backdoor would permanently reduce the security of its phones.
After the FBI announced that it had gained access to the phone, there were fears that the security of iPhone phones could be seriously compromised.
The method is simple
But according to the newspaper, the hack was simple and did not affect the security system, azimuth found a way to guess the passcode as many times as you want without the possibility of scanning the phone, allowing the office to access the phone in a matter of hours.
On the technical details of how to bypass the Auto-Scan feature, the actual hack was done by two azimuth employees who were able to access the phone by exploiting a vulnerability in the main software module written by Mozilla.
This programming from Mozilla has reportedly been used by Apple in iPhone devices, to enable the use of existing accessories software on iPhone.
Once the hackers gained initial access, they were able to connect two other services in the machine, giving them full control over the main processor, which allowed them to run their own code.
After that they got the strength, they managed to write and test programs that guessed each set of passcodes, ignoring any other systems that will lock the phone or erase it.
This method of penetration, which used the “Lightning” port in the iPhone to control the processor, was named Condor.
Mozilla fixed this vulnerability that exploits the Lightning port a month or two later, as part of a routine update of its software, which was then adopted by companies that use its software, including Apple.
In the end, these efforts yielded little, the FBI did not get any useful information from the phone, and the bureau was never able to set a legal precedent on whether the government could force companies to compromise on the security of their devices.
A judge ruled in 2017 that the FBI did not have to disclose how it accessed an iPhone, or who helped it, because of concern that the Australian company would face cyber attacks as a backlash for helping the FBI.