The Federal Bureau of Investigation reportedly paid a group of professional hackers for a previously unknown security bug that allows to gain entry to iPhone 5C from the San Bernardino case. Some media reports suggest that hackers supplied a zero-day flaw in the security of the device, which allowed the federals to circumvent the lock screen and automatic wipe feature that is activated after 10 wrong passcode entries. As a result, the law enforcement authorities dropped their attempt to force the iPhone manufacturer to create software to unlock the phone. Apple refused to help, saying that such move would put all iPhones at risk.
The agency has already clarified that the hack purchased for a one-time fee cannot be used to break into the iPhone 5S or later. However, the bug in question affects all iPhones without a fingerprint sensor, including the iPhone 5C, 5 and 4S.
According to media reports, the hackers are professional security experts involved in probing software, devices and services with the purpose of finding vulnerabilities that can be exploited. The hackers then sell the found bugs to governments and other parties, including manufacturers of surveillance tools similar to the software exposed during a data breach of Italian company Hacking Team.
It should be said that the security vulnerabilities are not disclosed to the developers of the software or hardware, because those will quickly make them non-functional. The American government has not decided yet whether it will disclose the bug to Apple. At the same time, the government may be forced to do so if it has to disclose the data in a criminal case under the rules of discovery.
It is unknown how exactly the bug was used to break into the device, but if it is not disclosed so that Apple could fix it, anyone with an iPhone 5C or older can be at risk of having their phone hacked.