Monday, July 22, 2013

Supposed Security Researcher Claims to Have Hacked Apple's Developer Site

10:35 AM    No comments



The hacker who recently accessed encrypted data from Apple’s developer center website claims he found and reported 13 bugs to the company, but that he has no intention of accessing or using the encrypted user data. He claims he obtained the data while trying to see “how deep” he could go. It was Ibrahim Balic, who identified himself as a “security researcher” who attempted to point out serious issues to Apple about its Dev Center website. His comments were made in response to an admission by Apple on Sunday that its developer website was hacked.

In the security breach, sensitive personal information included on the registered developer’s website was encrypted and Apple believed that the information could not be accessed. Balic suggested that he has been able to obtain some user details as evidence to Apple of an apparent security flaw. According to Balic, he found a total of 13 bugs on Apple’s site, one of which gave him access to user information. He claims to have taken 73 user details, all of whom were Apple employees, and given them to the company as an example.

Roughly four hours after Balic gave the user data to Apple, the company shut down its Dev Center website. The outage began last Thursday and has remained in place since then, while Apple has worked “around the clock” in an effort to patch the apparent security issues. The public comments Balic made were apparently made in an effort to clear his name as he said he’s “not feeling very happy” about how the situation has been portrayed and also expresses his concern about potential legal action against him. He wrote the following as part of his comment:

Originally Posted by :
I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise (sic) of seeing how deep I can go within this scope.
Balic claims that he has obtained more than 100,000 encrypted user details by exploiting bugs on Apple’s Dev Center website during his research. In a recently posted YouTube video which has now been made private, Balic revealed a handful of names and emailaddresses found in raw data allegedly taken from the Dev Center as well. In his video, Balic mentioned the following regarding his future plans regarding the situation:

 original

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)