Five researchers hacked Apple Computer’s networks—not their products—and found fifty-five vulnerabilities. So far, they have received $289K.
One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.
Lots of details in this blog post by one of the hackers.
MikeA • October 12, 2020 11:10 AM
And yet Apple spends an apparently large amount of effort to make it harder and harder to opt-out of sending everything to iCloud. “Every Upgrade is a Downgrade”
http://itre.cis.upenn.edu/~myl/languagelog/archives/000606.html
Stephen Jawbs • October 12, 2020 11:16 AM
Perhaps Apple should do the right thing and spend more money on their quality assurance teams.
Stories like this demonstrate that the company is NOT doing enough. They can afford it, no excuses other than greed.
echo • October 12, 2020 1:06 PM
Monopolistic tech companies hacking human rights in the pursuit of profit and why I refuse to contribute to this blog because of its obsession with boys toys to the exclusion of examiningg the legal and scientific case for human rights being part of security and the consequences for its exclusion.
Ismar • October 12, 2020 6:20 PM
Having external parties do security testing is very important. To pay them a fair amount for their efforts is equally so if one wants to attract and retain the best of them.
Chad Elliott • October 13, 2020 3:08 AM
I like William’s idea of finding 56 and disclosing 55 until they pay up. It reminds of ransomware, except you’re not encrypting files. You’re just not revealing/sharing them all.
But in all fairness, if Apple wants the BEST bug hunters, they should pay top dollar, or else some other company will.
aretelabs • October 13, 2020 5:26 AM
US Math Competition | Online Math Contest | Virtual Math Games – Aretelabs.com | AreteLabs: Whether it’s for elementary (grade school), middle school, or high school, Math Madness is the best website on the internet for a team to participate in a full-fledged math tournament. In addition, AreteLabs can customize math leagues and tournaments to the preferences of an educational network like a school district.
Source: Online math league
Ergo Sum • October 13, 2020 6:59 AM
@echo…
Surveillance capitalism, that transferred the digital infrastructure from we have to a thing that has us, knows no boundaries and cares less for human rights. I dislike this world just as much as anyone else.
On the other hand, it does not mean that we can selectively publish identities of government employees based on an allegation. Quote from your referenced article:
Apple is requesting that Telegram shut down three channels used in Belarus to expose the identities of individuals belonging to the Belarusian authoritarian regime that may be oppressing civilians.* Apple’s concern is that revealing the identities of law enforcement individuals may give rise to further violence.
*-Emphasis mine
I find it ironic, that you seem to suggest, that publishing the identities of government employees in this this case should be permissible.
Yes, we live in a binary world, where there are only two sides of any of the stories. There’s no more of fifty shades of gray, just yes or no. This is almost more of an issue for societies, than surveillance capitalism.
Steve • October 13, 2020 11:28 PM
Another example of why the cloud is the way to not go.
Even when done correctly, you are putting your “property” on their hands.
A clear example of this could be a video game. If you purchase it in digital form, and it is tied to an account, if that account is stolen or deleted, your “property” is gone. Now, if you purchase the game in DVD format, then someone has to physically find you, punch you in the face and take it.
Jordan • May 7, 2021 11:21 AM
Every Apples Upgrade seems to be Downgrade
Especially Iphone’s https://casinoshunter.com/online-casinos/mobile/iphone/
Harriet • March 23, 2022 5:14 AM
Hello. First, thank you very much for sharing this with us. In this world, good and Bad are equally avail. Ethical Hacking is a very important thing. Ethical hacking can protect against that type of harmful hacking. If anyone can know something phishing attacks, then please share it to me. I must read it again. You can also get help from https://www.hackerslist.co/
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
William Entriken • October 12, 2020 7:19 AM
This brief note is missing a critical adjective:
s/received $289K/received a paltry $289K/
I would be much more interested to hear the researchers found fifty-SIX vulnerabilities, disclosed fifty-five to Apple and then asked them how much they wanted to pay for the last one.