Turkish security researcher Ibrahim Balic now claims he was behind the attack Apple admitted to in a statement to its developer network last Thursday, July 18, saying that sensitive personal information of some 275,000 members may have been compromised.
Contrary to widespread assumption and belief, Balic says his intention was not to cause any harm to Apple developers.
Balic claims he discovered and reported the vulnerability to Apple but he went on to exploit flaw, granting him access to developers’ personal information including names, mailing addresses, and/or email addresses. Thirteen vulnerabilities were found total, and he demonstrated one of them in a YouTube video that has since been pulled. The clip might have exposed some users’ names and IDs. Balic tweeted his justification of the video, claiming it was paramount in proving the seriousness of the security flaw.
Balic, who will delete the collection of data, stands by his actions and maintains they were completely legal and ethically sound. He says that following his report to Cupertino, the dev center was shut down but he never received any sort of confirmation from Apple.
The developer.apple.com portal has displayed the “We’ll be back soon” greeting since Friday, July 17. The report to developers left out any notion that it might have been a white hat or ethical hack, which was confusing and misconstrued by the public. Developers speculated that it had faced a critical crash.
Marc Fischer, an iPhone app developer with the digital agency DogTown Media said, “The hacking incident, while well intentioned has created a huge inconvenience for the iOS developer community. Apple hasn’t done the best job communicating the extent of the hack and as a result we’ve been cast off into the doldrums, waiting on word when we can resume business as usual.”
Arment suggested massive data loss could be the explanation as to why the site is still down: “the longer it goes, especially with no statements to the contrary, the more this [theory] becomes the most likely explanation.”
Apple has not made further comment on the topic. The breach is the first reported against any of Apple’s web services. The iTunes and App Store do not appear to have been affected by the incident.
Apple is a company known for its integrity, innovation and cutting edge technology. This occurrence demonstrates no company is 100 percent safe from attacks. Whether your business needs a vulnerability assessment or a full time professional in-house, come to Tiro security, a leading provider of information security jobs Los Angeles.