[ The New York Times ] Katie Benner and Eric Lichtblau:
A second law enforcement official who spoke on the condition of anonymity to reporters in a conference call said that a company outside the government provided the F.B.I. with the means to get into the phone used by Mr. Farook, which is an iPhone 5C running Apple’s iOS 9 mobile operating system. The official would not name the company or discuss how it was accomplished, nor would officials say whether the process would ultimately be shared with Apple.
The third-party hack the FBI employed bypassed the iPhone’s security feature that auto-deletes everything when someone enters the wrong passcode 10 times. The iPhone 5c doesn’t have Touch ID, Apple’s fingerprint security technology where you put your finger on the iPhone’s home button to unlock it. But even with Touch ID you have the option of flipping the lock screen to the right and entering a passcode.
At that point the third-party hack should presumably work.
There’s a lot of valuable data in someone’s iPhone: keychain data (usernames and passwords), financial apps, iCloud access, health information, etc. I think a while back there were reports pointing to added security features like Touch ID and auto-deletion of data after 10 failed passcode attempts for iPhone theft going down. I think that’s going to reverse course if/when this new hack method gets to the black market, and especially if Apple isn’t able to patch the security hole.
This cat-and-mouse back-and-forth game of securing and hacking used to be between the good guys and the bad guys. It was clear before, but now it’s murky.