Responsible disclosure involves notifying the vendor (Apple) first.<p><a href="https://en.wikipedia.org/wiki/Responsible_disclosure" rel="nofollow">https://en.wikipedia.org/wiki/Responsible_disclosure</a><p>If the FBI wanted to protect the public, responsible disclosure of the exploit is a first step.<p>Sigh.
Am I the only one who reads the quotes in this article as "see Apple, if you don't give us what we want then we may just have operational reasons to not disclose vulnerabilities to you, wouldn't that be a shame..."?
Missing from TFA: any consideration of whether the "work phone", which was subject at all times to repossession and inspection by San Bernardino County, stored any information about terrorism, particularly information worth overturning fundamental assumptions about the duties of electronic device manufacturers.
How come the FBI isn't afraid these guys are going to sell the same exploit to foreign governments which will use them to break into US government phones?
Philosophical rudderlessness: Fidelitry, Bravery, Integrity.<p>If you want a successful career in public service, don't serve the public. The FBI does not want the public protected from this vulnerability.
Does any suspect that this might all just be PR posturing? They found a zero day exploit but they don't have to say what it was. They don't have to whether or not more interesting data was found. Nothing. Could it be they are just trying to save face? Granted they've looked quite foolish in all of this but still.
Working under the assumption the FBI works for us, the people, I would hope two things:<p>1) They disclose the vulnerability to Apple and make us all safer<p>2) Having now unlocked the phone, disclose if there was additional information that materially helped the case.<p>I'm cynical about them doing either, but I think they're both reasonable requests from the population.
Just had a thought: couldn't you copy the encrypted phone, run it in 10000 emulators and try a different PIN in every emulator? If the problem really is just a 4 digit PIN, that should work?<p>Or is the flash memory and the flash memory controller doing the decryption entangled on a single chip so that they can not be physically separated?
> "The U.S. government now has to weigh whether to disclose the flaws to Apple..."<p>Apple is going to find the flaw. They wrote all the code and have some of the smartest people in the world working there. No reason for Apple to even ask the government to disclose the vulnerability to them.
Did the FBI pay for them to hack or pay for the (exclusive rights to the) exploit? The rest of the article implies the latter- but if the former, what is stopping Apple from paying the "hackers" for the exploit?
Yes, yes that's exactly what happened. Apple had nothing to do with it. And that charade they put up about suing then not suing, etc, was not a charade at all. /s