Lots of interesting details in this article, including:<p>- Apple unwittingly tried to hire David Wang, the creator of the exploit<p>- Wang instead went on in 2017 to co-found Corellium, a company specializing in providing "virtual" iPhones for security testing.<p>- Apple sued Corellium in 2019 for copyright violation. The discovery process turned up Wang and his work on the San Bernadino exploit.<p>This is how the article describes the exploit:<p>> <i>Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person...</i><p>> <i>Using the flaw Dowd found, Wang, based in Portland, created an exploit that enabled initial access to the phone — a foot in the door. Then he hitched it to another exploit that permitted greater maneuverability, according to the people. And then he linked that to a final exploit that another Azimuth researcher had already created for iPhones, giving him full control over the phone’s core processor — the brains of the device. From there, he wrote software that rapidly tried all combinations of the passcode, bypassing other features, such as the one that erased data after 10 incorrect tries.</i>
Good!<p>Things I'm for: targeted, investigative police work, for a specific crime, where it's highly likely the warrant issued will find specific evidence, and the crime is of violent nature.<p>Things I'm against: Warrantless surveillance by the FBI, CIA, NSA, Google, Facebook, your cell carrier, and friends
Apple is suing Corellium, a maker of iPhone virtualization and pentesting software, because their tool can be used to develop exploits that bypass Apple’s security?<p>It's incredibly worrying that Apple is using the legal system to ban virtualization and pentesting software.<p>I am surprised and saddened that Apple is going down that route.
That's interesting, because I recall a hoard of articles at that time reporting that the Israeli-based Cellebrite was the one to unlock San Bernadino shooter's iPhone for the FBI: <a href="https://www.reuters.com/article/us-apple-encryption-cellebrite-idUSKCN0WP17J" rel="nofollow">https://www.reuters.com/article/us-apple-encryption-cellebri...</a>
Note that the promotion of this FBI-vs-Apple narrative benefits Apple.<p>The FBI didn't need to unlock the phone, most likely. All iPhones in their default configuration back up the ~entire contents of the phone to Apple each night, with Apple keys. Apple can decrypt this without the phone, the user, or the passcode at any time, invisible to the user.<p>Apple preserves this vulnerability for the FBI, at the FBI's request:<p><a href="https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT" rel="nofollow">https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...</a><p>Apple turns over this data without a warrant frequently (over 30,000 users in 2019) according to Apple's own transparency reports. They also turn it over in response to warrants, as they have plainly stated that they did in this case.<p>You don't need access via the front door if you have it via the back door.
> open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port<p>Anyone know what software (library?) that is referring to?
Many people and groups offered to unlock the phone, even for free as a PR stunt. Even Mcafee:<p><a href="https://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2" rel="nofollow">https://www.businessinsider.com/john-mcafee-ill-decrypt-san-...</a>
Pretty interesting how apple patched many of these exploits recently.<p><a href="https://twitter.com/pandrewhk/status/1381260920635027459?s=21" rel="nofollow">https://twitter.com/pandrewhk/status/1381260920635027459?s=2...</a>
Reminds me the intro of <a href="https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html" rel="nofollow">https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-c...</a>
and <a href="https://www.vice.com/en/article/8xdayg/iphone-zero-days-inside-azimuth-security" rel="nofollow">https://www.vice.com/en/article/8xdayg/iphone-zero-days-insi...</a>