How the FBI Cracked the San Bernardino Shooter’s iPhone 5C in 2016

Ellen Nakashima and Reed Albergotti, reporting last week for The Washington Post:

Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person. […]

Using the flaw Dowd found, Wang, based in Portland, Ore., created an exploit that enabled initial access to the phone — a foot in the door. Then he hitched it to another exploit that permitted greater maneuverability, according to the people. And then he linked that to a final exploit that another Azimuth researcher had already created for iPhones, giving him full control over the phone’s core processor the brains of the device. From there, he wrote software that rapidly tried all combinations of the passcode, bypassing other features, such as the one that erased data after 10 incorrect tries. […]

From the “Where Are They Now?” department:

Apple sought to recruit Wang to work on security research, according to the people. Instead, in 2017 he co-founded Corellium, a company based in South Florida whose tools help security researchers. The tools allow researchers to run tests on Apple’s mobile operating system using “virtual” iPhones. The virtual phones run on a server and display on a desktop computer.

In 2019, Apple sued Corellium for copyright violation. As part of the lawsuit, Apple pressed Corellium and Wang to divulge information about hacking techniques that may have aided governments and agencies such as the FBI.

Monday, 19 April 2021