| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the San Bernardino iPhone hack involved the FBI purchasing a zero-day flaw from hackers to bypass security features on the iPhone 5C [42931, 42985]. This incident was specific to the FBI's case involving the San Bernardino iPhone.
(b) The articles mention that the hackers who sold the zero-day flaw to the FBI also sell such vulnerabilities to governments and third-parties, including those who make surveillance tools similar to the software exposed during a data breach of Italian firm Hacking Team [42985]. This indicates that similar incidents of selling security bugs to governments and third-parties have occurred with other organizations or entities beyond just the FBI. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the articles is related to the design phase. The incident involved the discovery of zero-day flaws in the iOS 9 software running on the San Bernardino iPhone 5C, which were then sold to the government for a one-time fee to bypass security features on the phone [42931, 42985].
(b) The software failure incident is also related to the operation phase. The FBI reportedly bought a previously unknown security bug from professional hackers to gain entry to the San Bernardino iPhone 5C, allowing them to circumvent the lockscreen and automatic wipe feature after 10 wrong passcode entries [42985]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system:
- The software failure incident involving the San Bernardino iPhone was due to a zero-day flaw in the iOS 9 software running on the iPhone 5C [42931].
- Professional hackers found and exploited security vulnerabilities within the iPhone 5C's security features, allowing the FBI to bypass the lockscreen and automatic wipe feature [42985].
(b) outside_system:
- The hackers who provided the zero-day flaw to the FBI were external entities, not part of the system where the software failure occurred [42931, 42985].
- The hackers sold the security bug to the government, indicating that the contributing factors originated from outside the system [42931, 42985]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles was primarily due to non-human actions, specifically the presence of zero-day flaws in the iOS 9 software running on the San Bernardino iPhone 5C. These zero-day vulnerabilities were discovered by hackers and sold to the government, allowing them to bypass security features on the phone and crack its password [42931, 42985].
(b) Human actions also played a significant role in the software failure incident. Professional hackers, who are human actors, actively probed software, devices, and services to find vulnerabilities that they could exploit. They then sold these vulnerabilities to governments and third parties, contributing to the incident [42985]. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident reported in the articles is related to a hardware issue. The incident involved a zero-day flaw in the iOS 9 software running on the San Bernardino iPhone 5C, which allowed the FBI to bypass security features on the phone to crack its password [42931]. The FBI reportedly bought a previously unknown security bug from a group of professional hackers to gain entry to the iPhone 5C, indicating that the flaw was in the hardware of the device [42985]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious. Both articles [42931, 42985] report on how professional hackers, referred to as gray hat hackers, found and sold zero-day vulnerabilities in the iOS software running on the San Bernardino iPhone to the FBI. These hackers intentionally exploited security flaws in the software to bypass security features on the phone and crack its password. The FBI purchased these vulnerabilities with the intent to gain unauthorized access to the iPhone, demonstrating a malicious objective in the software failure incident. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident:
- The software failure incident involving the San Bernardino iPhone was not due to poor decisions but rather intentional actions by hackers who found and exploited zero-day vulnerabilities in the iOS 9 software running on the iPhone 5C [42931, 42985].
- The hackers intentionally sold the zero-day flaws to the government, allowing them to bypass security features on the phone to crack its password [42931, 42985].
- The hackers were described as professional security experts who probe software, devices, and services to find vulnerabilities that they can exploit and then sell to governments and third parties [42985].
- The FBI purchased the security bug from the hackers to gain entry to the iPhone 5C, indicating an intentional act to circumvent the lockscreen and automatic wipe feature [42985]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident reported in the articles is not related to development incompetence. Instead, it is related to professional hackers finding and exploiting zero-day vulnerabilities in the iOS software running on the San Bernardino iPhone to bypass security features and gain access to the device [42931, 42985].
(b) The software failure incident reported in the articles is accidental in nature. Professional hackers discovered and sold previously unknown security bugs to the FBI, allowing them to gain entry to the San Bernardino iPhone 5C. The FBI clarified that the hack could affect older iPhones like the iPhone 5C, 5, and 4S, but not newer models like the iPhone 5S or later. The security bugs were not disclosed to Apple, and there is uncertainty about whether the US government will disclose the vulnerability to Apple [42985]. |
| Duration |
temporary |
(a) The software failure incident described in the articles is more likely to be temporary rather than permanent. The incident involved the discovery and exploitation of zero-day vulnerabilities in the iOS 9 software running on the San Bernardino iPhone 5C. These vulnerabilities were used by hackers to bypass security features on the phone and crack its password. The FBI purchased these security bugs from professional hackers, allowing them to gain entry to the iPhone 5C without needing Apple's assistance to create unlocking software. The FBI clarified that the hack could affect older iPhones like the iPhone 5C, 5, and 4S, but not newer models like the iPhone 5S or later. The vulnerabilities exploited in this incident were not disclosed to Apple, indicating that the software failure was temporary and could potentially be fixed if the information is shared with the company [42931, 42985]. |
| Behaviour |
crash, omission |
(a) crash:
- Article 42931 mentions a zero-day flaw in the iOS 9 software running on the San Bernardino iPhone 5C, which allowed the FBI to bypass security features on the phone to crack its password. This indicates a system crash where the software lost its state and failed to perform its intended functions [42931].
(b) omission:
- Article 42985 reports that the hackers supplied at least one zero-day flaw in the iPhone 5C’s security that allowed the FBI to circumvent the lockscreen and automatic wipe feature. This suggests an omission failure where the system omitted to perform its intended functions at that instance [42985].
(c) timing:
- There is no specific mention of a timing-related failure in the provided articles.
(d) value:
- The articles do not provide information about a failure due to the system performing its intended functions incorrectly.
(e) byzantine:
- There is no indication of a byzantine failure in the articles.
(f) other:
- The behavior of the software failure incident described in the articles does not fit into the other categories mentioned. |