What is current GrapheneOS's security strength compared to the iPhone circa 2016? The FBI hacked the iPhone in 2016.
The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.
Two Azimuth hackers teamed up to break into the San Bernardino iPhone, according to the people familiar with the matter, who like others quoted in this article, spoke on the condition of anonymity to discuss sensitive matters. Founder Mark Dowd, 41, is an Australian coder who runs marathons and who, one colleague said, ‘can pretty much look at a computer and break into it.’ One of his researchers was David Wang, who first set hands on a keyboard at age 8, dropped out of Yale, and by 27 had won a prestigious Pwnie Award — an Oscar for hackers — for ‘jailbreaking’ or removing the software restrictions of an iPhone.
Dowd had found a bug in open-source code from Mozilla even before the San Bernardino events. Apple relied on Mozilla’s software to allow accessories to be plugged into the iPhone’s Lightning port.
Wang used the Mozilla bug to create an exploit that allowed access to the phone. A different bug was then used for “greater maneuverability.” A final exploit gave them complete control over the phone’s processor. A piece of brute force software was then used to try all possible password combinations, bypassing the security feature that would erase the device’s storage after 10 failed attempts. The exploit was named Condor.
The researchers tested the tool on a dozen iPhone 5C devices, including phones that were bought on eBay. They then showed Condor to the FBI, and agency experts tested Condor on other devices to ensure it would work. Every test was successful, and that’s how Condor netted Azimuth a $900,000 payout.
The report notes that FBI officials were relieved but disappointed that they could not advance the encryption backdoor fight. Separately, Apple might be unhappy with security experts building tools that could be used to break into its devices. But the Post explains Azimuth’s success helped Apple, as the company never had to face a court order to build a backdoor into that particular iPhone 5C, which would have set a dangerous precedent.
Mozilla never knew a security bug in its software was used to advance the iPhone 5C hack. The company patched the problem about a month after the FBI unlocked the iPhone 5C, rendering the flaw useless. Without that bug, the whole chain of exploits would not have worked.