Court Sides with FBI in iPhone Hacking Tool Disclosure

Court Sides with FBI in iPhone Hacking Tool Disclosure

The FBI has been allowed to keep the identity of the firm that helped it crack a terrorist’s iPhone a secret, despite pressure from the US media, a court has ruled.

Freedom of Information (FOI) requests from various outlets including Associated Press and USA Today sought to find out which firm helped the Feds access the iPhone 5C belonging to notorious San Bernardino shooter Syed Farook.

Along with wife Tashfeen Malik, he murdered 14 people in the Californian town before being killed in a shootout with police.

The FBI then entered into a protracted legal battle with Apple in which it tried to force the tech giant to engineer a backdoor in order to bypass iOS security protections such as auto-erase after 10 failed PIN entry attempts and anti-brute force controls.

Apple won many plaudits for standing firm against the requests, arguing that acceding to the FBI’s demands would undermine security for millions of law-abiding customers and make its position in countries like China particularly difficult.

The FBI abruptly dropped its request in March 2016, apparently after finding a firm to do its bidding.

Ruling in favor of the Feds, federal judge Tanya Chutkan argued (via ZDNet) that revealing the name of the firm that helped the law enforcement agency would make it a target for hackers looking for the same tool.

"The FBI's conclusion that releasing the name of the vendor to the general public could put the vendor's systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one,” she said.

The cost of the tool has also been hotly debated. Media outlets wanted to know whether former director James Comey’s suggestions the amount was around $1m were accurate.

"Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilize the technology to access their encrypted devices," the court responded.

Source: Information Security Magazine