Azimuth Security cracked the iPhone 5c belonging to one of the San Bernardino gunmen in 2016, The Washington Post found. The FBI wanted to force Apple through the courts to unlock the phone, but dropped the case after it succeeded in cracking the device.
Until now, it was not known how the FBI gained access to the shooter’s iPhone 5c in 2016, but according to research by The Washington Post, they were able to do so with the help of Australia’s Azimuth Security. That is a security company that, in its own words, sells exploits to ‘democratic governments’ and often stays out of the public eye.
Anonymous sources involved in the trial told the paper that two experts from the security firm combined a chain of exploits to gain access to the iPhone 5c. They circumvented the security mechanism Apple introduced in iOS 9 to block PIN guessing with a brute-force attack. The device is completely erased after ten incorrect login attempts.
One of the vulnerabilities used was in Mozilla code, which Apple allegedly used to connect accessories to the Lightning port. Via this first access route, the researchers would have linked two other exploits together, in order to be able to run code on the iPhone, in order to circumvent the security mechanism. The FBI was then able to retrieve the PIN with a brute force attack.
The FBI has reportedly paid $900,000 to Azimuth Security. The vulnerability was discovered by Mozilla a few months after the iPhone was hacked by the FBI and has been fixed. The FBI and Azimuth declined to respond to questions from The Washington Post.
With the help of the security company, the FBI dropped a lawsuit against Apple. A judge had ordered Apple to comply with the request of the American police to develop special firmware to unlock the iPhone. Apple appealed the ruling, and CEO Tim Cook defended the decision in an open letter to consumers.