FBI generously rewarded hackers for exploiting for iPhone
The Wired and The Hacker News editions are full of subject headings. The current director of the FBI decided to amuse the public, hinting at the approximate amount that was paid to the hackers for the exploit for iPhone 5c. Recall that it was used to pick up the unlock code of the terrorist terrorist San Bernardino’s smartphone. This code is used by iOS to generate a key when encrypting data on the device. In other words, even if you try to unlock a device without selecting an unlock code for it, you will not have access to the data, since they are encrypted.
In general, the amount is significant, and even more than Zerodium offered for a remote root exploit for iOS 9. The approximate cost is estimated at $ 1.3 million. Other details of this sensational case are still a little bit. Earlier we wrote about the first public information on this case: Cellebrite had no relation to it, like the previously proposed NAND Mirroring method for obtaining the correct passcode.
')
When selecting the unlock code, hackers needed to bypass the mechanism of automatic data destruction on it after several unsuccessful attempts to enter it. In addition, it was necessary to bypass the mechanism of increasing the delay between unsuccessful attempts to enter the passcode, which is used by the iOS security system to block bruteforce attempts to unlock the code. As we have already indicated, an exploit or a bunch of them, together with a special device, helped to pick up a 4-digit passcode to a terrorist device in 26 minutes.
The FBI was forced to turn "sideways" after Apple refused to provide the security services with an automatic tool for unlocking devices running iOS, which would make life easier for the security services, but would hit Apple's reputation most.
Summing up:
For more information, see our previous posts.
habrahabr.ru/company/eset/blog/281573
habrahabr.ru/company/eset/blog/279971
habrahabr.ru/company/eset/blog/278053
In general, the amount is significant, and even more than Zerodium offered for a remote root exploit for iOS 9. The approximate cost is estimated at $ 1.3 million. Other details of this sensational case are still a little bit. Earlier we wrote about the first public information on this case: Cellebrite had no relation to it, like the previously proposed NAND Mirroring method for obtaining the correct passcode.
')
When selecting the unlock code, hackers needed to bypass the mechanism of automatic data destruction on it after several unsuccessful attempts to enter it. In addition, it was necessary to bypass the mechanism of increasing the delay between unsuccessful attempts to enter the passcode, which is used by the iOS security system to block bruteforce attempts to unlock the code. As we have already indicated, an exploit or a bunch of them, together with a special device, helped to pick up a 4-digit passcode to a terrorist device in 26 minutes.
The FBI was forced to turn "sideways" after Apple refused to provide the security services with an automatic tool for unlocking devices running iOS, which would make life easier for the security services, but would hit Apple's reputation most.
Summing up:
- FBI and Apple conflict resolution postponed until “better times”;
- hackers got a good profit and incentive to further search for vulnerabilities in iOS;
- The FBI has decrypted a terrorist's iPhone 5c exploit that only works for iPhone 5c running iOS 9;
- Having paid more than $ 1 million for the exploit, the FBI did not find anything of value on the terrorist’s smartphone.
For more information, see our previous posts.
habrahabr.ru/company/eset/blog/281573
habrahabr.ru/company/eset/blog/279971
habrahabr.ru/company/eset/blog/278053
Source: https://habr.com/ru/post/282227/
All Articles