Azimuth, founded by former IBM X-Force member Mark Dowd, was sold to US-based defence contractor L3 Intelligence in 2018.
Until the Washington Post claimed on Wednesday that Azimuth had been involved in breaking into the phone, many reports had attributed the hack to the Israeli firm Cellebrite.
The phone in question was used by Syed Rizwan Farook, one of two terrorists involved in shootings in San Bernardino, California, in December 2015. The FBI demanded that Apple unlock the phone and, when the company refused, it attempted to get the courts to force Apple to do so.
That third party was speculated to be Cellebrite and US Government records showed that the FBI had made payments of US$15,278.02 to the firm on 21 March 2016. However, in May 2017, Democrat senator Dianne Feinstein cited a figure of US$900,000 as having been paid to the company that carried out the crack.
Hackers don’t need to exclusively give their bugs away for free or sell via lower priced defensive market bug bounties & hacking contests to be contributing to the broader protection for all.— Katie Moussouris (she/her) is 1/2 vaccinated (@k8em0) April 14, 2021
Offensive exploit sales are an essential part of keeping us safe from mandated backdoors pic.twitter.com/8rN0caxC7y
The FBI announced in March 2016 that it had gained access to data on the phone. Six months later, the Associated Press, Vice Media and USA Today sued the agency, to find out how much had been paid and who had done the job.
In response, the FBI released a number of documents in January 2017, but redacted the name of the company which carried out the hack and the amount that was paid.
One additional detail available in the documents released in January was the fact that the FBI had signed a nondisclosure agreement with the company.
A court granted an FBI request not to disclose the name of company that had been hired for the job.
The Post report claims Dowd contacted Portland-based David Wang, who was well-versed in iOS exploits, after hearing of the case through the media. Dowd had earlier found a vulnerability in code from Mozilla that Apple had used, one that allowed the plugging in of accessories to an iPhone's lightning port.
Wang chained Dowd's exploit to two others and gained access to the phone's main processor. He was then able to write code that tried all possible passcode combinations, bypassing all security measures that had been put in place. iPhones allow a set number of passcode guessing attempts, before locking up and requiring intervention from the user and Apple to use the device.
However. the fallout from the case appears to be continuing. In 2017, Wang set up a security company in South Florida known as Corellium which makes tools allowing for testing iOS using virtual iPhones.
Apple sued Corellium in 2019, alleging copyright violation, and, having hauled Azimuth into court on a subpoena, attempted to find out whether Wang or his employees had contributed to any iPhone hack, including the San Bernardino case.
While Apple claimed that its case was to stop Corellium infringing on its copyright, the latter has claimed that Apple is trying to put it out of business, having failed to buy the firm in 2018.
In December, Apple's copyright claims against Corellium were thrown out by a judge. But the company now claims that Corellium creates tools that illegally bypass its [Apple's] own security measures. The case will come up for hearing in the Western summer.