A report from Reuters on Thursday claims the Federal Bureau of Investigations shelled out less than $1 million for the exploit used to access the information on an iPhone 5c used by San Bernardino shooter Syed Farook. Previous reports had indicated the crack cost the bureau upwards of $1.3 million.
Citing government sources familiar with the matter, Reuters reports the one-time payment came in exchange for a zero-day vulnerability capable of bypassing the passcode lock on a target iPhone 5c running iOS 9. The device was used by San Bernardino terror suspect Syed Rizwan Farook, and sat centerstage in a contentious court battle between the FBI and Apple.
The previous $1.3 million estimate was based solely on a comment from FBI Director James Comey, who said the bureau had paid an outside group “more than I will make in the remainder of this job.” That led the media to calculate Comey’s salary, and his remaining time on the job, arriving at the much reported $1.3 million figure.
The group that supplied the FBI with the crack is either Israeli security firm Cellebrite, or a group of gray-hat hackers, depending on which report you read. Reuters’ sources indicated even Comey doesn’t know who the bureau made the deal with.
The FBI announced earlier this week that it will not submit the vulnerability used to allow review under the Vulnerabilities Equities Process, a system in place to determine whether or not discovered digital vulnerabilities should be disclosed to private manufacturers. The agency claims it cannot do so, as the rights to the techniques are still owned by the group they were obtained from.
Reuters noted that their sources indicated the FBI will be able to use the technique to unlock other iPhone 5C models running iOS 9 without any additional payments to the contractor who provided it.
Apple has already said that it will not file a suit to gain access to information about the hack.