parsonsisconsulting

Parsons Software Security Consulting Blog

Apple hacked!! Ethical hackers personal information hacked at Apple

leave a comment »

My fiancé was trying to download a movie today from iTunes when the security certificate was marked as invalid.  My first thought was did Apple get hacked?   She was trying to download the Jackie Robinson movie, 42.   I didn’t think anything of it and went back to my normal Sunday evening routine.   I was outside playing with our dogs in the yard when my iPhone alerted me of a new message.  

The message I received was the following.  
Image

I then did a little research and found out that Apple was indeed hacked and they were doing major over runs for maintenance.   Part of the problem is that first and foremost I am a an application security engineer and apple developer second.  I have been programming for 15 years and doing application security for 11 of those years.  I have been an apple developer for two years learning cocoa daily to one day strike it rich on an apple development idea. 

I was then thinking.   Apple has all of my sensitive information.   They have my social security number, my credit card, my name and address and my bank account number to deposit my application sales at least 60 percent of it to my bank account while apple profits 40 percent.  

I was thinking that man;  I am an ethical hacker and I got hacked.   It was not a good feeling.  It was a similar feeling when I found out my veteran’s information was hacked and they enrolled me in credit monitoring.  

I felt like a victim.   My career goal in life is to make more applications more secure.   I actually interviewed a few times with the apple development team and they told me I was not smart enough.   I do know this; if I was working with Apple, I would have been smart enough to encrypt all sensitive information.   I would have ensured that the confidentiality, integrity and availability of the application was met.  

I am not sure how this attacked happened but I am guessing from a web application vulnerability.   I believe if Apple hired a competent 3rd party unbiased application security engineer this would not have happened.   Attackers use the same tools and techniques that application security professionals do.   A thorough penetration test and a secure application review could have prevented this.  I pray for other consumers sake and companies that more companies take application security more seriously and reach out to non profit organizations like the open web application security project by training developers and hiring ethical third party security engineers to do software reviews to ensure the confidentiality, integrity and availability of data in systems and putting the proper security controls in place to prevent this from happening in the future.  

 

 

I hope that the most successful company getting hacked is a wake up call.   We need to train developers to program applications more securely and value the competent ethical third party application security engineers that review these applications.  

 

Matt Parsons, CISSP, MSM, CWASE

mparsons@parsonsisconsulting.com

 

 

http://allthingsd.com/20130721/apple-developer-center-was-hacked-site-remains-down-while-company-overhauls-security/

http://www.businessinsider.com/apple-developers-site-hacked-2013-7

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: