FBI says it won't disclose how it accessed locked iPhone

The FBI said today that it will not publicly disclose the method that allowed it to break into a locked iPhone used by one of the San Bernardino attackers, noting the agency lacks enough "technical information" about the software vulnerability that was exploited.
The decision resolves one of the thorniest questions that had confronted the federal government since it revealed last month that an unidentified third party had provided the FBI with a successful method for opening the phone.
It shields from public release any details about how the outside entity and the FBI managed to bypass the digital locks on the phone without help from manufacturer Apple Inc., and it likely complicates efforts by the software company to figure out how to fix whatever vulnerability was detected.

In a statement today, FBI official Amy Hess said that although the FBI had purchased the method FBI Director James Comey suggested last week that the fee was more than USD 1 million the agency did not "purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate."
She said the FBI did not have enough technical details about the vulnerability to submit it to an interagency White House process that weighs whether such defects should be disclosed.
She said that process, known as the vulnerabilities exploit process, "cannot perform its function without significant details about the nature and extent of a vulnerability."

The revelation last month that the FBI had managed to get into the work phone of Syed Farook, who along with his wife killed 14 people in the December attacks in San Bernardino, halted an extraordinary court fight that flared a month earlier when a federal magistrate in California directed Apple to help the FBI hack into the device.
The government has for years recommended that security researchers work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.