Le Monde | • Updated | By
on March 21, the FBI announced that it would perhaps not need to unlock Apple iPhone terrorist San Bernardino presumed killed by the police on 2 December 2015, as a “third party” had proposed a method to achieve this feat. The identity of this mysterious supplier remained secret, but it could be a company specializing in the discovery and sale of “zero days” – original vulnerabilities yet known which allow one hit hack software because there is no parade.
When a hacker discovered a flaw zero day in software, he has several options. It can operate itself, transfer it to another hacker, the sale to a specialized pharmacy or an intelligence agency … If he is honest, he can also contact the software manufacturer, will pay for the his find and will be able to develop a patch
Read also:. The business of “zero day”, these unknown vulnerabilities software manufacturers
for some years, major publishers and online services to distribute important awards such “ethical hackers” directly or through subcontractors specialized in this type of transaction.
on its own, Google in 2015 spent more than $ 2 million to buy flaws discovered in its software. In March 2016, it has increased its reward of up to 50 000 to 100 000, and prompted hackers to work on new types of vulnerabilities.
A simple thank you
in the US, one large company refuses to participate in this system: Apple. When a hacker sends a fault zero day , it simply send him a thank you, and display its name on the honor roll, somewhere on his site …
Officially, Apple considers this reward system as immoral because it triggers a vicious circle, much like the payment of a ransom. Moreover, its corporate culture highly values the privacy and discretion – the firm hate seeing people outside seize its software for shell
Under these conditions, few owners. zero days are for Apple – apart from academic researchers, who have already paid for their work. Commercial companies will seek more lucrative opportunities in the private sector or in government.
There are known precedents. In September 2015, the Zerodium company created by French businessman and Chaouki Bekrar based near Washington, launched a contest she had promised to pay one million dollars to anyone who succeed in distance to bypass security systems the new operating system OS 9 Apple.
on November 2, Chaouki Bekrar announced on Twitter that a team of anonymous hackers had managed the feat. Since he refuses to say what he did in – if, for example, managed to break even by finding a wealthy buyer
zero day . November does not fit the needs of the FBI in the case of San Bernardino, but Zerodium remains very active in this area. She has just published jobs three specialists operating loopholes on smartphones: one for Google’s Android, a Windows Phone from Microsoft and Apple iOS
Some hope. that, following the case of San Bernardino, Apple will change in procurement policy zero days .
Several possible scenarios
with regard to the process cited by the FBI to stay its proceedings against Apple, the computer expert community has already produced several possible scenarios. Sean Sullivan, an American researcher working for the European security company F-Secure, summarizes the theory that seems most plausible:
“ Someone, somewhere, had a flaw “zero day” able to unlock the iPhone as one of San Bernardino, and kept him waiting to find a buyer at full price. Normally, no emergency, time is working for the seller. The price increases alone, as every day, the world’s police seize new iPhone they can not unlock. “
But legal action to force Apple to work with the FBI suddenly changed the situation:” the owner of the vulnerability zero day probably got scared: if the FBI wins the case and that Apple created software capable of breaking his own safety, his method will lose its market value. Subject to this unexpected commercial pressure, it may be agreed to sell the FBI quickly, for a price lower than what he expected. “
There is also another theory, less likely: learning that Apple refused to help the FBI, gifted and enterprising hacker reportedly launched an emergency their own research, and successful to create a tool in record time.
The FBI does not say with whom it does business, but we know that regularly deals with such companies. In August 2013, he signed an exclusive supply agreement with Cellebrite, an Israeli company now controlled by a Japanese group.
Cellebrite, which is also present in France, produced a device called UFED Touch, capable automatically extract all data in many types of unlocked smartphones, but not the iPhone with the iOS9. – at least not officially
According to the Israeli press, the process provided the FBI to unlock iPhone San Bernardino come from Cellebrite, but this information has not been confirmed.
Before 5 April, the FBI will tell the California court if he did manage to unlock the famous iPhone. Otherwise, the procedure could take against Apple
Read also:. Personal data encrypted: Apple supports and the FBI
No comments:
Post a Comment