London-based Security Researcher Claims Responsibility for Apple Developer Site Breach
An independent security researcher has claimed responsibility for a breach of Apple's developer website, saying he hoped to expose potential weak spots in the company's cyber defences.
Ibrahim Balic, a London-based software developer who, according to his blog, also owns a cyber-security consultancy in Turkey, claims to have discovered 13 bugs relating to Apple, one of which gave him access to information stored on Apple's developer website.
Balic claims that the bug gave him access to personal information of more than 100,000 Apple developers. Though Apple has confirmed no financial data was obtained during the breach, the company has shut down its developer website.
In a comment left on technology news site Tech Crunch, Balic said that his invasion of the developer site was not malicious and that he has reported all of the security flaws to Apple:
"In total I have found 13 bugs and have reported them. I gave details to Apple as much as I could and also provided screenshots. One of those bugs provided me access to users' details. I immediately reported this to Apple, giving details of 73 users (all Apple workers only) as an example."
Balic said he was frustrated by Apple's lack of response to his findings and is concerned that he will be added to a "blacklist":
"I have emailed [Apple] and asked if I am causing them any difficulty. I have not gotten any response to this. I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some media reports I read that legal authorities were involved and were investigating it as a hack. I'm not feeling very happy with what I read as this was done as research, not to harm or damage."
Not commenting yet
IBTimes UK asked Apple to confirm or deny Balic's claims, but the company simply replied: "We're not commenting yet on who hacked the website."
Balic posted his findings in a
"To my mind, that was highly irresponsible of him," wrote cyber-security blogger Graham Cluley. "Even though you can't see 100,000 personal details in the video you can determine some, and no-one deserves to have their personal information spread across the web like that without their permission."
Cluley also warned that Balic could face legal action:
"Ibrahim Balic may not have been motivated by malice if he did, as appears to be the case, exploit a security hole in Apple's Developer Center. But he clearly was operating without Apple's permission.
"As such, the extracting of developers' personal data from the site could be argued to be unauthorised access, and Apple could - if it wanted - pursue legal action against the researcher."
IBTimes UK has contacted Ibrahim Balic for a comment and will update this story with any further information.
© Copyright IBTimes 2024. All rights reserved.