San Bernardino phone hack 'cost FBI more than $1m'

  • Published
FBI director James ComeyImage source, Getty Images
Image caption,
FBI director James Comey is expected to earn $1.3m over the next seven years and four months

The FBI paid at least $1.3m (£900,000) to hack into the iPhone used by one of the San Bernardino killers, it has been estimated.

The figure was calculated based on comments by FBI director James Comey, who said that the agency had paid more to get into the phone than he "will make in the remaining seven years" in his post.

That would make it the largest publicised fee for a hacking job.

Mr Comey added that it was "worth it".

The calculation was based on a projection of Mr Comey's annual salary which, in January 2015, was $183,300. This has been multiplied over the next seven years and four months that he remains in his job. The figure does not factor in pay rises or bonuses.

The FBI has never named the security firm or group of hackers that helped unlock the phone, but whoever it was provided either software or hardware that helped crack the four-digit identification number without triggering a security feature that would have erased all data after 10 incorrect guesses.

Mr Comey said that the same method could be used on other 5C iPhones running IOS 9 software.

Privacy debate

According to research firm IHS Technology, there are about 16 million such phones in use in the US and more than 80% of them run iOS 9 software, according to Apple.

The case has been hugely controversial, largely because of the spat with Apple, which had been resisting a court order requiring it to write new software to allow officials to access Syed Rizwan Farook's phone.

Farook and his wife killed 14 in San Bernardino, California, in December. Both were shot dead by police.

The FBI argued that it needed access to the phone's data to determine if the attackers worked with or were supported by other people and were planning other targets.

It is unclear how much information has been gleaned since the phone was opened. Some US news outlets have reported that, so far, the FBI has not found anything of interest on the device.

The case has raised the debate over whether technology firms' use of encryption is a good thing for consumer privacy or damaging to public safety.

There is big money to be made from helping the authorities to find bugs in software.

Last year, Zerodium - a firm that negotiates bug bounties - offered $1m for a web-based exploit against iOS 9 and that bounty was subsequently claimed.

Related Internet Links

The BBC is not responsible for the content of external sites.