The Mystery Behind the San Bernardino iPhone Hack Finally Solved

In December 2015, a terrorist attack in San Bernardino, California, left the FBI in a standoff with Apple over access to the shooter’s iPhone. Apple refused to help law enforcement unlock the device, citing the privacy of its users. The company argued that if it unlocked one iPhone at the government’s request, it would set a precedent, forcing them to do so repeatedly and undermining their stance on user data protection.

Eventually, the FBI received help from a third-party company, but for five years, the identity of this company remained a secret-even Apple didn’t know who had assisted the FBI. Now, according to The Washington Post, it has been revealed that a small Australian firm called Azimuth Security was behind the hack. Azimuth Security keeps a low profile and claims to sell its hacking tools only to governments of democratic countries.

How Azimuth Security Cracked the iPhone

Two security researchers from Azimuth Security took on the challenge of unlocking the San Bernardino shooter’s iPhone. The first was Mark Dowd, the company’s founder, a former IBM X-Force researcher, and a renowned Australian hacker and marathon runner. Colleagues say Dowd can find vulnerabilities just by looking at a computer, earning him the nickname “the Mozart of exploit development.” The second researcher was David Wang, a former Yale student who, at 27, won the Pwnie Award (the “Oscars” of the hacking world) for developing an iPhone jailbreak.

Before the San Bernardino attack, Dowd had discovered a vulnerability in Mozilla’s open-source code, which Apple used to allow accessories to connect to the iPhone via the Lightning port. At the time, Azimuth Security was focused on other projects, so developing an exploit wasn’t a priority.

Two months after the attack, FBI Director James Comey told Congress that the bureau still couldn’t unlock the phone, which might contain crucial evidence. Dowd then considered offering his help to the authorities. Around the same time, an FBI representative reached out to him, and Dowd contacted Wang to collaborate.

Using the vulnerability Dowd had found, Wang developed an exploit to gain initial access to the iPhone. He then chained it with another exploit for greater flexibility, and finally added a third exploit previously created by another Azimuth Security researcher. This allowed them to gain full control over the phone’s central processor. Wang wrote software that could quickly try all possible passcode combinations, bypassing the phone’s security features.

Wang and Dowd tested their exploit, which Wang named “Condor,” on dozens of iPhone 5C devices, and it worked flawlessly. In mid-March 2016, they demonstrated their solution at FBI headquarters, showing Director Comey and other officials how Condor could unlock the iPhone 5C. The FBI’s lab ran a series of successful tests to confirm the exploit’s effectiveness.

The Aftermath and Impact on Apple

Some experts believe that by unlocking the terrorist’s iPhone for the FBI, Azimuth Security actually did Apple a huge favor. Otherwise, the courts might have forced Apple to build backdoors into its products, setting a dangerous legal precedent.

According to sources cited by The Washington Post, FBI officials felt relieved after obtaining the exploit, but also somewhat disappointed. They realized that, without the exploit, a court ruling could have finally settled the ongoing debate over whether the government can compel a company to break its own encryption for law enforcement purposes.