wraggster
July 22nd, 2013, 23:20
http://www.blogcdn.com/www.engadget.com/media/2013/07/devprotal38.jpg (http://www.engadget.com/2013/07/22/turkish-researcher-apple-hack/)When Apple's developer (http://www.engadget.com/2012/06/11/app-store-hits-650-000-apps-30-billion-downloads-5-billion-do/) portal went down Thursday (http://www.engadget.com/2013/07/21/apple-developer-portal-hacked/), there were a lot of questions left unanswered. One of the more notable was, just who was responsible for this attack onthe premiere destinations for iOS and OS X developers? Turkish security researcher Ibrahim Balic is claiming he was behind the hack, but it wasn't his intention to cause any harm. Balic says that he reported the vulnerability to the proper Cupertino authorities but, for whatever reason, his efforts didn't end there. He actually exploited the security flaw he had discovered, which gave him access to the names, email and mailing addresses associated with developer accounts. In total he discovered 13 bugs, at least one of which he demonstrated in a YouTube video, that appeared to show him accessing a list of developer names and user IDs. That clip has since been pulled, as Balic was concerned about some of the information displayed on the screen. However, in a tweet he asserted that sharing the confidential data was essential to prove his point about the severity of the vulnerability.
The researcher does insist that his actions were legal and ethical. He told the Guardianthat he only accessed developer account data in an effort to discover just how deep (http://www.engadget.com/2012/07/05/spam-happy-ios-trojan-slips-into-app-store-gets-pulled/) the rabbit hole went as part of a penetration test and will delete all of the data he collected. He claims that immediately after reporting his findings to Cupertino the dev center was shutdown, but that he never received a follow up from someone at the company. Instead there was simply an announcement of an attack, without any correspondance between Balic and Apple. So far Apple has not responded to our request for comment, and has neither confirmed nor denied Balic's account of events.
http://www.engadget.com/2013/07/22/turkish-researcher-apple-hack/
The researcher does insist that his actions were legal and ethical. He told the Guardianthat he only accessed developer account data in an effort to discover just how deep (http://www.engadget.com/2012/07/05/spam-happy-ios-trojan-slips-into-app-store-gets-pulled/) the rabbit hole went as part of a penetration test and will delete all of the data he collected. He claims that immediately after reporting his findings to Cupertino the dev center was shutdown, but that he never received a follow up from someone at the company. Instead there was simply an announcement of an attack, without any correspondance between Balic and Apple. So far Apple has not responded to our request for comment, and has neither confirmed nor denied Balic's account of events.
http://www.engadget.com/2013/07/22/turkish-researcher-apple-hack/