Hacking tool used to unlock San Bernardino shooter's iPhone to remain a mystery
Following weeks of deliberation by law enforcement officials and technological experts, the FBI released a statement Wednesday saying it will not disclose the details about the methodology used to gain access to the encrypted iPhone of Syed Farook, one of the San Bernardino shooters.
- How the FBI may have hacked into San Bernardino shooter's iPhone
- Source: Nothing significant found on San Bernardino iPhone so far
According to Amy S. Hess, the FBI's executive assistant director for science and technology, the agency cannot reveal the software vulnerabilities because of its limited scope of ownership.
She said in a statement, "We did not...purchase the rights to technical details about how the method functions, or the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate."
This statement brings to an end a highly-publicized and resource-intensive case that placed the security-privacy threshold at the forefront of public debate. A day ago FBI Director James Comey stood before a crowd at a cybersecurity event at Georgetown University saying the agency was still in the process of assessing whether the hacking methodology would be revealed through what is called the "Vulnerabilities Equities Process," known as VEP. That process is used by the government to determine whether to disclose software flaws that create security vulnerabilities to companies. The FBI spent more than $1 million on the services of an undisclosed third-party vendor to access the information through such a vulnerability on Farook's phone.
This decision may come as a surprise to some, given that the White House said last spring there is now a government bias toward sharing software vulnerabilities with manufacturers so that security glitches can be resolved.
Hess went on to explain that the agency currently does not "have enough technical information about any vulnerability that would permit any meaningful review" under the Vulnerability Equities Process.
The very fact that the FBI released a statement about a process that is usually kept confidential was also mentioned by Hess, who noted, "[We] generally do not comment on whether a particular vulnerability was brought before the interagency and the results of any such deliberation. We recognize, however, the extraordinary nature of this particular case, the intense public interest in it, and the fact that the FBI already has disclosed publicly the existence of the method."