Skip to main content

FBI paid over $1 million to hackers to crack a terrorist's iPhone

Last month, the FBI finally dropped its case against Apple in regard to unlocking an iPhone which belonged to one of the San Bernardino shooters.

The bureau had managed to unlock the device with help from hackers who provided a software vulnerability which was used to build a device to bypass the security features built into the phone.

During an interview at the Aspen Security Forum in London, the Director of the FBI James Comey eluded to how much the government actually paid the hackers for their help.

When directly asked about how much the FBI paid for the information regarding the zero-day vulnerability which led to the creation of a piece of hardware able to crack the iPhone, Comey said that the bureau paid: “A lot. More than I will make in the remainder of this job, which is seven years and four months for sure.”

His annual salary is publicly listed as $183,000 a year so the bureau paid over $1.2 million to hackers for the vulnerability which allowed them to unlock the iPhone without Apple's help. If the information stored on the phone could help prevent future attacks, this would be a worthwhile investment of taxpayer money. However, the FBI uncovered no significant information after cracking the phone.

Since the solution the bureau obtained at such a high price only works on the iPhone 5C, it is worth considerably less since it will not work on the iPhone 5 and 6S. Though Comey believes the price was worth it since Apple had put the bureau in a tight position by not complying with its order to unlock the phone.

There is a large market for zero day vulnerabilities and their prices range from $500 to $1 million. The price hackers charge for them depends on a number of factors, including the nature of the vulnerability and the number of devices affected by it.

This is not the first time - nor will it be the last - that a government agency in the US has paid for a zero day vulnerability. In 2013, the NSA paid a total of $25 million for zero day vulnerabilities which it used to break into the systems of its assailants.

Image Credit: Vacclav / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.