Cops are going to hack. As encryption and anonymity technologies continue to proliferate, the FBI and other law enforcement agencies are increasingly using hacking tools to aid their investigations or identify criminals.
With that in mind, researchers at Carnegie Mellon University's (CMU) Software Engineering Institute (SEI) discovered an iPhone vulnerability that a government agency used in a high profile terrorism case, a source told Motherboard. It is not clear which terrorism case this referred to, nor how useful the iPhone vulnerability proved in the case.
SEI is a federally funded research and development center (FFRDC), a public-private partnership that conducts work for the US government, and is sponsored by the Department of Defense.
According to SEI's website, tools, technologies, and practices developed by the research organization can help the DoD and other government agencies meet mission goals.
In 2014, researchers from SEI carried out work on the Tor network that obtained users' real IP addresses, as well as those of hidden services such as Silk Road 2. As Motherboard confirmed last year, the FBI subpoenaed SEI for the collected IP addresses, and then used this information to prosecute a number of dark web criminals.
Spokespeople for SEI, Apple, and the Department of Defense acknowledged requests for comment but did not provide a response. The FBI declined to comment.
The so-called Going Dark phenomenon, in which law enforcement agencies say they are losing access to key intelligence because of the spread of encryption, has pushed the idea of legal hacking into the mainstream. During a congressional hearing, Amy Hess, then head of the FBI's Operational Technology Division, said on the topic of hacking tools, "I think that we really need the cooperation of industry, we need the cooperation of academia, we need the cooperation of the private sector in order to come up with solutions."
In early 2016, the FBI tried to force Apple to develop a custom operating system that would allow the agency to unlock an encrypted iPhone 5C used by one of the San Bernardino terrorists. Apple declined, fighting back against a court order to access the phone, saying it would undermine the security of iOS devices more generally. After an intense legal battle, the FBI said an outside party had unlocked the device instead. Despite earlier indications that the third party had been Israeli phone cracking company Cellebrite, The Washington Post reported that the FBI paid a one-off fee to other researchers who had discovered a previously unknown software vulnerability.
It is unclear if the iPhone vulnerability found by CMU researchers and described to Motherboard was connected to the San Bernardino case, but it is technically possible.
In a Freedom of Information lawsuit brought by the Associated Press, VICE Media, and the parent company of USA Today, the FBI released nearly 100 pages of records related to the San Bernardino exploit sale. Many of the sections were redacted, however.
Apple iPhones continue to be an illustrious target for both government hackers and the groups or companies that hunt out vulnerabilities affecting the devices. When agencies need to turn to leading researchers to compromise consumer phones, that's a testament to how secure everyday products have become.
Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.