Just wanted to throw in here:
If you think that Apple phones are secure, I've got a bridge to sell you.
Currently, today, you can find exploits on Github to hack even the newest iPhone with a Zero-Click iMessage or by using the Lightning port (which will never be fixed as it's a hardware issue with the protocol). Various security-focused Linux Distro's have iPhone hacking tools including Zero-Click exploits as well as direct hardware hacking via the Lighting port, Pin Bypass, and unlimited-try bruteforce attacks. iMessageExploit, SOAR, enzyme, iPwn, CiLocks and more.
As
@sapphirescales mentioned the "sketchy af" providers (and I agree on the sketch part) - most of those guys are simply implementing free Github or Metasploit exploits into a saleable, easy-to-use form for the average user.
Apple has announced that it has built in a backdoor to its phones (part of the CSAM issue), as well as admitting to secretly giving governments spying powers via push notification data since at least 2021, that persists today.
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM
I have personally performed some of these exploits (for fun and learning) and can confirm I have had varying degrees of success, more so than failure.
I appreciate the sentiment - but a few corrections. It wasn't the NSA, it was the FBI. That matters because the NSA "can't" operate domestically, while the FBI can
only operate domestically, and not internationally - lawfully, that is.
Why that matters is this: The FBI was, on paper (law) and in theory, the only organization that could be tasked with the 2016 San Bernardino shooters phone - and the NSA, legally, is not allowed to perform any tasks related to such in a domestic capacity.
Because the 2016 Shooter's iPhone issue was in the US courts and scrutinized within the framework of US law - and the US Government didn't want to disclose their true abilities to the public, they simply had to
act as if they couldn't unlock the phone, for if they did, they would have to disclose that they were, in fact, hacking phones all over the world and domestically since at least 2010 - illegally... which would have confirmed Edward Snowden's leaks (Which were essentially already confirmed at this point in 2016).
So, to keep that information secret, they had a "tap-and-dance" about the whole issue. It was "fake news" to save face. That's when they were going to Apple "asking" for them to do it and all that BS fuzz.
Well, not really. The shooting attack was on December 2nd, 2015, and the iPhone was unlocked on March 28th, 2016 after the FBI diddled around for 3 months, finally paying for the software.
The delay wasn't because they had a hacker sit down and develop an exploit, it was because they didn't want to pay millions to 3rd parties for their existing software, even after the NSO group demonstrated to the FBI that their software could do it in February (and had been doing it for many years prior)... and they didn't want to disclose that the US Gov't had this capability already.
Apple acknowledged, in court, that they were aware the NSA had the capability - and used that as a defense for not installing a backdoor at the US Gov'ts request (Shame on Apple, they knew): "Apple argued that the FBI had not made use of all of the government's tools, such as employing the resources of the NSA."
We didn't find out until 2019 via the Washington Post's reporting, but the FBI used a company called "Azimuth Security" - an
Australian outfit that is tied directly to Trenchant/L2Harris - a US defense supplier for the NSA, US Military and others, part of the "5-eyes" spying apparatus. The software cost the FBI $900,000, because remember, the NSA has to keep quite and "can't legally interfere or help", especially in a domestic court case where questions get asked and disclosed.
Two Azimuth guys were able to unlock the iPhone "within a matter of hours. The hack was called "Condor".
So here, you can see the real reason they went this direction.
Further, the FBI complained that the issue was that they couldn't get past the pin-code, but exploits already existed at the time to bypass it physically (From ACLU) and was known to data recovery businesses (Further poking holes in the FBI's defense):
Snowden/Wikileaks
Wikileaks and Snowden proved that every iPhone (and pretty much all other phones) has software or hacks since at least 2008, with Zero-Click remote install support as of 2010. See DROPOUTJEEP:
View attachment 16270
NSO Group's Zero-Click, remotely installed Pegasus Spyware was released in 2011 and, as of March 2023, at least, is still in operation.
Check out the ANT NSA documents leak which is telling as to the capabilities available and the timing of such:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)
If you would like to read further on anything above, check out my sources:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)
Wired: How the FBI Finally Got into the San Bernardino Shooter's iPhone
The Verge: Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone
The Verge: The FBI is telling senators how it hacked the San Bernardino iPhone
Wikipedia: Pegasus (spyware)
Mashable: Edward Snowden says FBI's claim that only Apple can unlock an iPhone is 'horsesh*t'
Youtube: Edward Snowden Video Conference (2016)
ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent
Wikipedia: Apple–FBI encryption dispute
WaPo: The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
Wikipedia: Cellebrite
Toms Guide: New Hack Unlocks 'Hundreds of Millions' of iPhones: What You Need to Know
Vice: How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of
9to5Mac: Report reveals how little-known ‘Azimuth Security’ cracked the iPhone in the San Bernardino FBI case
Github: iOS Hacking
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM