Purchased flaw gave FBI access to killer's handset.
The FBI famously got into the iPhone of San Bernardino killer Syed Farook’s iPhone 5c without the help of Apple aapl , but the agency has not revealed much about how it did so, apart from saying it bought a “way to get into that phone” from a “private party.”
Now, according to sources quoted by The Washington Post, it seems the FBI paid a one-off fee to security researchers for a previously undisclosed vulnerability in the device.
These are known in the industry as “zero-day” vulnerabilities because the vendor of the affected device or software, being unaware of them, has no time to patch or mitigate them before others start exploiting them.
Get Data Sheet, Fortune’s technology newsletter.
The Post article claimed that the agency was able to use the flaw to “create a piece of hardware” that allowed investigators to bypass the security features protecting access to the phone. The key feature here was a setting that would “wipe” the data on the device after too many incorrect PIN code guesses.
Interestingly, the piece claims that the Israeli digital forensics firm Cellebrite was not, as widely suspected, involved in the cracking of the phone. Instead, the FBI seems to have turned to what some call “gray-hat” hackers, who find vulnerabilities and sell them for exploitation by the authorities.
The FBI previously went to court to force Apple to help it bypass the security features of the device by creating a special version of the iPhone firmware. The resulting standoff caused an international debate, but the FBI dropped its case after finding another way into the device.
The agency said last week that the technique used in this case was specific to the iPhone 5c running iOS version 9, meaning it cannot be used to access the vast majority of Apple’s smartphones.