Remember the case in 2015 of the San Bernardino shooting, and how the FBI needed to unlock that iPhone for evidence? Now we know how they did it. The Washington Post gave us the method.
Quoting the Next Web.
Luckily for the FBI, a small Australian firm called Azimuth Security stepped up with a solution. The challenge was that the agency only had a certain number of chances to guess the phone’s passcode; after the limit of failed passcode attempts was reached, the device would automatically erase its data.
Azimuth essentially found a vulnerability in a piece of software written by Mozilla, to gain access to the system. It subsequently chained two more exploits together to take over the phone’s processor and run their own programs on it.
At this point, Azimuth’s employees devised a piece of software to test every possible passcode combination without causing the phone to erase its own data — and eventually unlocked the device.
The end result – they didn’t find anything useful for the investigation, at a cost of $900,000 in fees.
Why do we care?
It was understanding the how they did it that was interesting to me initially. And then it was about the cost benefit analysis of doing it. That was a lot of fuss about .. nothing. But let’s ask the other question – was it worth $900,000 to learn something? If the investigation had come back with information, was THAT worth it? I’m not sure I have an answer, but that’s the question we care about asking.
Source: The Next Web