Around 90GB of data was taken from Apple’s servers by a teenaged hacker from Melbourne, Australia who repeatedly hacked into Apple’s mainframe for over a year but the smartphone giant is reassuring customers that no personal data was compromised by the breach.
The hack took place last year when the 16-year-old, who recently pleaded guilty before The Children’s Court, used a software to gain access to Apple’s mainframe repeatedly and was able to get his hands on “authorised keys” that granted log-in access to user accounts.
Teenager used specialised software to access servers
The teenager ultimately managed to steal 90GB of data from Apple’s internal systems before Apple got wind of the hack and blocked his access. The hacker was caught after authorities carried out a raid on his home and found, among other things, a software that enabled the hacking and two Apple laptops which were used to access Apple’s servers.
“Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal system. A mobile phone and hard drive were also seized and the IP address … matched the intrusions into the organisation. The purpose was to connect remotely to the company’s internal systems,” the Crown Prosecutor told the Court.
According to Apple, the hacker’s access to internal servers was shut down as soon as it was discovered and that no personal information was compromised as a result.
“Our teams discovered the unauthorised access, contained it, and reported the incident to law enforcement. We regard the data security of our users as one of our greatest responsibilities and want to assure our customers that at no point during this incident was their personal data compromised,” it said.
Apple’s servers are as vulnerable as others
Even though many traditional Apple device users consider iOS to be more secure than rival operating systems, it is also true that there is no such thing that can be called as ‘perfect’ and Apple’s server infrastructure and operating system are as vulnerable to external access as others unless vulnerabilities are discovered and addressed in a timely manner.
Last year, Apple announced that its WebKit browser engine for iOS and Safari contained as many as 23 security flaws which rendered it vulnerable to remote code execution. The company introduced a new software patch to prevent hackers from spoofing address bars to get users to click on malicious links.
Apple also fixed other security issues such as the disclosure of user information through a maliciously crafted XML document, arbitrary code execution using a maliciously crafted archive, unexpected termination of the Messages app by a remote attacker, notifications appearing on the lock screen even when disabled, and exfiltration of data cross-origin by malicious websites.