Apple iPhones are known to be super secure, enough that it took even the FBI some effort to get in. But, the same can’t be said about it servers. An Australian high school student was not only repeatedly hacking Apple servers, but was also able to download 90GB of internal files and accessed customer accounts as well.
Was hacking Apple servers easily
On Friday, Apple noted that no customer data was compromised. According to the Australian media, the teenager had pleaded guilty of hacking Apple servers, downloading files and accessing customer accounts. The boy will be sentenced next month. According to the boy’s lawyers, the 16-year-old was hacking Apple servers because he is a big fan of Apple and hopes to work there someday. Though the boy has certainly caught Apple’s intention, it is hard to say if he would even get a job at Apple.
The 16-year-old boy from Melbourne, whose identity has been kept secret due to legal reasons, reportedly hacked into Apple’s servers from his home several times over a year, says a report from The Age – citing statements by the teenager’s lawyer in court. The boy was able to download 90GB of secure files and accessed customer accounts without even revealing his identity.
The boy, who is reportedly a popular figure in the hacking community, used VPNs and other tools to hide his identity. He also got hold of the authorized keys, which are considered extremely secure. The boy “worked flawlessly” in hacking Apple servers, until the U.S. company realized what was happening. Apple’s systems were able to trace the serial numbers of the MacBooks that were used to hack Apple servers.
As per the newspaper, Apple contacted the FBI (Federal Bureau of Investigation) after it became aware of the hack. The FBI then involved the Australian Federal Police (AFP) into the matter. AFP then raided the boy’s home and confiscated two laptops, a phone and a hard drive. The serial number of the laptops seized and the IP address matched the devices that hacked Apple servers.
No harm done
The boy stored the secured files in a folder named “hacky hack hack.” Also, the teen even boasted about hacking Apple servers on a mobile messaging app – WhatsApp. As of now, it is not clear what kind of data the teen hacked, but since the FBI was involved, it had to be very confidential. Also, Apple has been “very sensitive about publicity,” as the case was kept out of the media attention until the legal proceedings this week.
In addition, Apple’s spokesman assured the customers their data has not been compromised.
“We … want to assure our customers that at no point during this incident was their personal data compromised,” the spokesman told Reuters.
Rising incidents of hacking by teens
The incident of the Australian teen hacking Apple servers comes months after an anonymous user leaked highly confidential iPhone source code on GitHub. In that case, the original leaker was an intern, who shared the iBoot source code with friends. The iBoot is a core component of the iOS and helps load the OS when the phone is turned on.
One iPhone researcher termed the incident as the “biggest leak” in the iPhone’s history. Though the source code was for the iOS 9, i.e., two-years-old, it could still educate researchers and hackers a lot about the iOS. For instance, it could help hackers easily find flaws and bugs, and then use those to decrypt an iPhone. Further, advanced programmers could even use the source code to mimic iOS on non-Apple devices.
Lately, there has been a rise in hacking incidents involving teens. In 2017, a teen was even sent to jail for two years for developing a hacking business at the age of sixteen. The teen sold software to the cyber criminals, and after that around 1.7 million attacks were reported on websites like Minecraft, Xbox Live and Microsoft.
It is good to see teens having such skills and talents, but the way they are using it is not right. To ensure that such talent and skills are used in a correct way, the UK’s National Crime Agency started a “rehab,” which helps teen hackers in differentiating between legal and illegal use, and also encourages them to use their skills for the betterment of the security industry.