Hacking Apple for Profit

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K.

One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

Lots of details in this blog post by one of the hackers.

Posted on October 12, 2020 at 5:58 AM9 Comments

Comments

William Entriken October 12, 2020 7:19 AM

This brief note is missing a critical adjective:

s/received $289K/received a paltry $289K/

I would be much more interested to hear the researchers found fifty-SIX vulnerabilities, disclosed fifty-five to Apple and then asked them how much they wanted to pay for the last one.

Stephen Jawbs October 12, 2020 11:16 AM

Perhaps Apple should do the right thing and spend more money on their quality assurance teams.

Stories like this demonstrate that the company is NOT doing enough. They can afford it, no excuses other than greed.

Ismar October 12, 2020 6:20 PM

Having external parties do security testing is very important. To pay them a fair amount for their efforts is equally so if one wants to attract and retain the best of them.

Chad Elliott October 13, 2020 3:08 AM

I like William’s idea of finding 56 and disclosing 55 until they pay up. It reminds of ransomware, except you’re not encrypting files. You’re just not revealing/sharing them all.

But in all fairness, if Apple wants the BEST bug hunters, they should pay top dollar, or else some other company will.

aretelabs October 13, 2020 5:26 AM

US Math Competition | Online Math Contest | Virtual Math Games – Aretelabs.com | AreteLabs: Whether it’s for elementary (grade school), middle school, or high school, Math Madness is the best website on the internet for a team to participate in a full-fledged math tournament. In addition, AreteLabs can customize math leagues and tournaments to the preferences of an educational network like a school district.

Source: Online math league

Ergo Sum October 13, 2020 6:59 AM

@echo…

Surveillance capitalism, that transferred the digital infrastructure from we have to a thing that has us, knows no boundaries and cares less for human rights. I dislike this world just as much as anyone else.

On the other hand, it does not mean that we can selectively publish identities of government employees based on an allegation. Quote from your referenced article:

Apple is requesting that Telegram shut down three channels used in Belarus to expose the identities of individuals belonging to the Belarusian authoritarian regime that may be oppressing civilians.* Apple’s concern is that revealing the identities of law enforcement individuals may give rise to further violence.

*-Emphasis mine

I find it ironic, that you seem to suggest, that publishing the identities of government employees in this this case should be permissible.

Yes, we live in a binary world, where there are only two sides of any of the stories. There’s no more of fifty shades of gray, just yes or no. This is almost more of an issue for societies, than surveillance capitalism.

Steve October 13, 2020 11:28 PM

Another example of why the cloud is the way to not go.

Even when done correctly, you are putting your “property” on their hands.

A clear example of this could be a video game. If you purchase it in digital form, and it is tied to an account, if that account is stolen or deleted, your “property” is gone. Now, if you purchase the game in DVD format, then someone has to physically find you, punch you in the face and take it.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.