Remember the big controversy a few weeks ago in which the FBI tried to force Apple to crack a terrorist’s iPhone? The FBI turned out not to need Apple’s help after all—and thanks to a leak, we finally know why.
According to the Washington Post’s anonymous sources, the FBI paid security researchers for information on a zero-day exploit—a security hole that Apple didn’t know about. The exploit enabled the FBI to bypass the security measures that would only allow ten attempts at entering the correct PIN before the iPhone erased its contents.
This particular exploit only affects iPhone 5c models running iOS 9, so has a fairly narrow applicability in the field. The FBI is still deciding whether to share the information with Apple, though I expect now that the loophole is known to exist, it won’t be too long before someone else finds it independently in any event.
The biggest thing to take away from this is that smartphones and other digital devices are really complicated systems. The more complicated a system is, the more room there is for parts of it to have security flaws—as was demonstrated here. If you really have confidential information on your digital device, relying on its built-in security measures to keep your information safe is a bad idea.
In this particular case, the terrorists already paid the ultimate price—they were gunned down within a few hours of their shooting spree, which is why the FBI needed external help to break into their iPhone in the first place. They’re beyond caring whether the FBI can crack their phone, or what it might do with the information it finds there. But if you’re alive to read this, you’re not in their shoes, and it might be a more valuable and useful lesson for you to take to heart.