Hacking Startup 'Azimuth Security' Unlocked the San Bernardino iPhone

Motherboard can confirm a Washington Post report that said Azimuth Security developed the tool used on the San Bernardino iPhone.
Apple store
Image: John Smith/VIEWpress
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The group of hackers that provided the U.S. government with the capability to unlock an iPhone at the center of the San Bernardino terrorist attack investigation was Azimuth Security, a small firm in Australia that develops high-end hacking tools for governments, The Washington Post reported on Wednesday. Motherboard confirmed Azimuth's involvement with a source with knowledge of the company's operations. Motherboard granted the source anonymity as they weren't authorized to speak publicly about the case.


The news provides clarity to one of the most closely watched episodes in the so-called Going Dark debate, where the U.S. government has tried to find legal and technical mechanisms to circumvent the encryption offered on popular consumer devices, including those made by Apple. In 2017 a dramatic legal tussle between the Department of Justice and Apple came to a sudden and mysterious end. As the Department of Justice tried to force Apple to unlock the encrypted iPhone of one of the dead San Bernardino terrorists, a group approached the FBI and provided a technical solution. 

The Washington Post reported that David Wang, a researcher who developed the exploit, dubbed it Condor. Motherboard's source, who provided the information several years ago, also said the "one-off" tool developed by Azimuth was called Condor.

Do you work for Azimuth or did you used to? Do you work for another exploit and capability firm? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on, or email


The FBI, Azimuth Security, Linchpin Labs, and L3Harris did not respond to a previous request for comment in March from Motherboard when asked about Azimuth's involvement. Apple declined to comment. Thom Mrozek, the director of media relations at the United States Attorney's Office for the Central District of California told Motherboard in an email "We have no comment."

Azimuth sits in the high-end tier of the exploit industry. Whereas other companies which develop hacking tools may sell them to as many governments as possible, Azimuth and other small shops typically provide them to democratic governments. In February 2018, Motherboard revealed that Azimuth has previously provided exploits—through a partner firm run by ex-spies called Linchpin Labs—to the FBI, Australia’s intelligence services, as well as the UK and Canada. As Motherboard reported, the FBI obtained an exploit for the Tor Browser from Azimuth. 

Contracting giant L3Harris later acquired Azimuth and Linchpin Labs in April 2018.

Multiple news outlets sued the FBI for information on who provided the iPhone hack. In 2017 the Department of Justice turned over nearly 100 pages of heavily redacted documents, but which contained nothing on the possible identity of the hackers.

Shortly after the FBI successfully accessed the phone, rumours circulated, originating with a single Israeli press report, that established phone-cracking company Cellebrite was behind the hack. Those reports were unsubstantiated, though. 

After unlocking the device, the FBI found no previously unknown message data or contacts.