FBI director James Comey has given us our first hint at how much money the FBI paid to unlock the infamous iPhone at the center of its high-profile encryption fight with Apple.
The short answer: “A lot.”
“More than I will make in the remainder of this job, which is seven years and four months, for sure,” Comey said on Thursday when asked how much the FBI sank into the mysterious hacking technique, which was provided by a still-unnamed “outside party” mere hours before a major courtroom showdown with Apple.
That would mean the FBI spent more than $1.2 million for a technique to unlock an iPhone 5c used by Syed Farook, one of the deceased perpetrators of a gun massacre in San Bernardino, California last December. The FBI responded to Motherboard’s request for comment on Comey’s statement by confirming Comey’s salary but not the hacking payment estimate.
Acquiring that exploit led the government to withdraw an unprecedented court order, which would have compelled Apple to build software capable disabling the phone’s security features—effectively creating a backdoor for the iPhone. Vulnerabilities affecting Apple’s iOS are by far the most coveted on the market, and are known to sell on the open market for upwards of $1 million.
“It was in my view worth it, because it’s a tool that will help us with a 5c with iOS9, which is a bit of a corner case,” Comey told an audience at the Aspen Global Security Forum in London.
But so far, despite the FBI’s attempts to put a positive spin on it, cracking into the phone hasn’t really given investigators any real new information.
Comey also said that the FBI isn’t soliciting companies to come up with ways to break into the iPhone 6 and 6S, dismissing the popular suggestion of having law enforcement hack into devices instead of mandating backdoors as “backwards” and “not scalable.”
“This problem is overwhelmingly affecting law enforcement, and so us buying a tool for a 5c iOS 9 is not scalable, nor could all of those departments afford to pay what we had to invest in this investigation,” he said. “I’m hoping we can somehow get to a place where we have a sensible solution or set of solutions that doesn’t involve hacking, and doesn’t involve spending tons of money.”
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.