So how, exactly, did the FBI unlock the iPhone 5C used by the 2016 San Bernardino shooter? According to The Washington Post, it turned to a little-known Australian security firm named Azimuth, which had developed a tool to bypass Apple’s tough security measures. The iPhone in question was at the heart of a massive legal fight between Apple and the FBI.
Authorities were previously able to brute force their way into iPhones by quickly trying multiple passcodes. But the enhanced security measures in iOS 9, which offered encryption and the ability to wipe the phone’s data during hacking attempts, required a new strategy. The FBI believed there could be important information relating to the terrorist attack, and subsequently it tried to compel Apple to help unlock the phone. But Apple refused CEO Tim Cook said that creating a backdoor could be “chilling” and “dangerous” when it comes to security and legal precedent.
That epic battle ended abruptly in April 2016, when the FBI announced that it bought a “tool” to get into the San Bernardino shooter’s iPhone. Sources tell The Washington Post that Azimuth founder Mark Dowd discovered a flaw in Mozilla’s open source code, which was used by Apple to handle accessories connecting to iPhone Lightning ports. Azimuth researcher David Wang used that exploit to get into iOS 9 devices, and then stringed together other exploits to get access to their core processor. From there, he was able to try multiple PIN combinations without risking any data deletion.
Wang later founded Corellium, a security company that’s developed virtual iPhones for researchers to test. Apple, likely aware of Wang’s background, previously tried to hire him for its own security work. Now, Apple is in the midst of legal battles with Corellium. In December, a judge rejected the company’s claims that Corellium violated its copyright. And in an upcoming summer trial, Apple will try to argue that Corellium’s tools illegally breach its security.