A little-known Australian firm was identified in a report by the Washington Post this week as the company responsible for breaking into a terrorist’s iPhone on behalf of the FBI when Apple refused in order to protect the security of its users. It has been a mystery for five years that few people could’ve anticipated would lead to the other side of the world and a particularly gifted duo of hackers. Now that the information is public, tech industry watchers and criminal justice experts are once again at odds asking when it is in the interest of the greater good to compromise one’s digital privacy.
A dispute between Apple and the Federal Government dates back to the days and months after two terrorists opened fire on a group of 80 people at a 2015 Christmas party in San Bernardino, California, which resulted in 14 people being killed and 22 being seriously injured. The two assailants were killed in a standoff with police and the FBI recovered the iPhone of one of the perpetrators. Conscious that there might be information about the attack (and any potential others) on the shooter’s iPhone 5C, it asked Apple to create a back door so that it could easily bypass security and access data. Apple refused citing privacy concerns and the precedent that this would set. The U.S. Department of Justice then sued Apple but revoked that lawsuit after it announced that it was able to break into the phone without Apple’s help.
The help it did receive came from Australia and a company called Azimuth Security, the Washington Post reports. The founder of Azimuth, who a peer called “the Mozart of exploit design,” and one of the company’s researchers teamed up to design a hack that would give them access to the San Bernardino phone. The duo was able to essentially craft three exploits, each one building on the prior, until they had taken over the device.
Apple & DOJ Still At Odds Over Data Access
So what has changed since Apple and the DOJ went to court after the San Bernardino shooting? Apple continues to stand with its heels dug in, saying bypassing its own security measures undermines them and what they’re intended to do for the hundreds of millions of iPhone users around the world. It views the issue as one of data security and user privacy, with a longstanding policy that researchers should disclose vulnerabilities to Apple. On the other hand, the U.S. government sees those concerns as taking a backseat to issues of national security.
While the two sides seem no closer to bridging this very wide gap, one thing has become clear. Azimuth has done Apple a huge favor. While the whole affair confirms for Apple that its devices aren't impenetrable, Apple never had to hack its own security under court order. That's preserved a certain level of security for Apple customers that otherwise might not be there. Thanks to Azimuth the DOJ was able to call off the lawsuit, and Apple could kick the can down the road until the next such threat.
Source: Washington Post