FBI reveals iPhone hacking method to senators behind anti-encryption bill

© Stephen Lam
The FBI has revealed the secret method it used to hack into the San Bernardino terrorist’s iPhone – but only to a select few anti-encryption senators. Agency chief James Comey said publicly, however, that the method won’t work on the iPhone 6 or 5S.

The National Journal reported on Wednesday that the FBI had briefed Senator Diane Feinstein (D-California) on the method used to open an iPhone without the help of Apple. Senator Bill Burr (D-North Carolina) is also scheduled to receive information about the technique in the coming days.

The two senators are currently drafting a bill that would limit the use of encryption technology and force companies to comply with government requests for access to their devices and services.

“I don’t believe the government has any obligation to Apple,” Feinstein told the National Journal. “No company or individual is above the law, and I’m dismayed that anyone would refuse to help the government in a major terrorism investigation.”

Apple refused to comply with a court order requiring it to assist the FBI in creating a backdoor to the phone used by Syed Farook, one of the terrorists that killed 14 people in San Bernardino in December. This rejection resulted in a high-profile legal battle that Apple was willing to take to the Supreme Court, saying that their customers’ privacy and security would be put at risk if they fulfilled the request. The litigation abruptly ended in late March, however, when the FBI announced that it had cracked the phone without the tech giant’s help.

The FBI’s technique was developed by a third-party security firm contracted by the agency. While the firm’s identity has not been revealed, it is rumored to be Cellebrite, an Israeli company that specializes in data extraction.

Though Apple has a vested interest in patching security holes, the company is as in the dark about the FBI’s hacking method as everyone else.

“We’re having discussions within the government about, OK, so should we tell Apple what the flaw is that was found. That’s an interesting conversation, because we tell Apple, they’re going to fix it, and then we’re back where we started from,” Comey said.

“As silly as that may sound, we may end up there, we just haven’t decided yet.”

Meanwhile, Comey divulged some limitations of the agency’s technique while speaking at Kenyon University on Wednesday night.

READ MORE: WhatsApp rolls out end-to-end encryption for its billion users

“It’s a bit of a technological corner case, because the world has moved on to sixes,” Comey said in answering a question. “This doesn’t work on sixes, doesn’t work on a 5s. So we have a tool that works on a narrow slice of phones.”

Comey didn’t disclose any additional information, but did say that he is “pretty confident,” though he “can never be completely confident,” that newer iPhones aren’t vulnerable.

Comey assured the audience that the third-party company from which the FBI bought the solution would be responsible with it, promising that the FBI wouldn’t let the software fall into the wrong hands.

“The FBI is very good at keeping secrets,” he said.