FBI hesitates to disclose details of iPhone software vulnerability
The FBI recently gained access to the iPhone of one of the San Bernardino terrorists, spending at least $1.3 million on the services of an undisclosed third-party vendor. This led the Justice Department to drop court orders mandating Apple's cooperation to unlock the encrypted phone.
- How the FBI may have hacked into San Bernardino shooter's iPhone
- Source: Nothing significant found on San Bernardino iPhone so far
Now, one of the remaining questions is about how that third-party vendor penetrated the encrypted data. But the details about the software vulnerability may never be disclosed, according to FBI Director James Comey.
"We are in the midst of trying to sort that out, and that involves answering a key question which is, what we know about the vulnerability, and, given that, is the process implicated?" he said, at a conference on cyber engagement at Georgetown University. "That's something we've been sorting out the past couple of weeks. We're close to a resolution that I'm not ready to make news with yet."
Officials close to the matter, however, tell CBS News that this resolution is unlikely to include a disclosure by the FBI of the details of the hardware or software used to hack into the iPhone, given the proprietary concerns of the agency. Apple would be able to use the information to "fix" the security glitch in its system.
Though the methodology used to retrieve encrypted information may not be made public, Comey said this form of hacking shouldn't be perceived as a long-term solution anyway, citing a lack of resources and personnel. He also disagreed with statements made in a House hearing last week that suggested the FBI's technological capabilities could be bolstered to detect software vulnerabilities and access encrypted data on its own.
"I don't see us becoming a prolific hacker being the answer to our public safety problem," he said.
While hacking might work in certain instances, like the San Bernardino case, Comey said it lacks a fundamental component: scalability.
"San Bernardino is a great example where we paid a ton of dough for a tool because it mattered so much for that investigation, but it works on a 5C running iOS9, so it's not scalable to other devices, and it's hard for us to figure out how it's of use to people in important murder cases around the country, for example."
Comey was likely referring to the case of Brittney Mills, a pregnant woman in her third trimester, who was murdered at her home in Louisiana. In the aftermath of her mysterious death, her mother--Barbara Mills--called on Apple to help unlock her daughter's iPhone, which she thought could shed light on her daughter's untimely death.
Unlike the San Bernardino case, though, Brittney Mills' iPhone ran on a different operating system -- iOS8, which explains why the same methodologies cannot be used to unlock her phone. To this day, Apple still has not turned over the information that Barbara Mills and investigators seek.
The director's comments were an implicit acknowledgement that the government and private sector have some work to do on developing a working relationship that limits both compromises to the privacy of companies and individuals and the obstruction of government investigations.
"Ninety-nine percent of the infrastructure is in private hands in this country," Comey said. "So if we're going to be effective, they have to tell us things, and we have to tell them things in a good way." He continued, "We have to get to a place where it becomes routine for them to be in exchange and an appropriate lawful exchange of information between those victims and the government."