Unnamed sources cited by the Washington Post contradict the widely-held belief that it was Israel-based mobile forensics company Cellebrite which helped the FBI hack into the locked San Bernardino iPhone. The report say that the agency was instead approached by a group of freelance hackers who revealed an iPhone passcode vulnerability to the FBI in return for a one-time fee.

The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter […]

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution … 

A $15,000 invoice from Cellebrite to the FBI at the time that the agency announced a third-party had enabled it to access the phone appeared to be the smoking gun corroborating an initial report from an Israeli news source, but the latest report suggests that the two are unrelated. The FBI is known to have been a long-term client of Cellebrite, further corroborating initial reports.

The WaPo report explains that while ‘white hat’ hackers report the vulnerabilities to the companies concerned so that they can be patched, and ‘black hat’ hackers exploit the vulnerabilities to create malware, the group here falls into a third category.

Often considered ethically murky: researchers who sell flaws — for instance, to governments or to companies that make surveillance tools.

This last group, dubbed “gray hats,” can be controversial. Critics say they might be helping governments spy on their own citizens. Their tools, however, might also be used to track terrorists or hack an adversary spying on the United States.

USA Today separately reports that FBI director James Comey recently told law students at the Columbus School of Law that he didn’t view Apple as ‘a demon’ for standing up for user privacy, saying that trying to balance the conflicting demands of privacy and security was ‘the hardest problem I’ve encountered in my entire government career.’ This echoed an earlier comment he made during the Congressional hearing.

“I’m glad the litigation is gone,” Comey told students at Catholic University’s Columbus School of Law, adding that the “emotion around that issue was not productive.”

“Apple is not a demon; I hope people don’t perceive the FBI as a demon.”

The government’s withdraw from San Bernardino case, the director said, has allowed both sides to “take the temperature down” while allowing a broader public debate to continue.

Comey said that he now supports Apple’s view that it should be the legislature, not the courts, who decide the issue.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear