Apple’s Hacky Hack Hack
We’ve already seen recently how young hackers can expose the insecurity of US voting machines in very little time. Now, it looks like in a few years, those same kids can graduate to targeting slightly more complex cyber defenses: Apple’s.
When you want to apply for your dream job, most of us probably wouldn’t think to break into the company’s network. And yet, apparently this 16 year old hacker from Australia, who has plans to one day work for the tech giant, did just that. It will be an interesting note to put on his resume. “Skills: Remember when I hacked you as a kid?” Actually, I’d strongly consider hiring him if I worked at Apple. Someone who has the ability to compromise your famously high-end defenses can also improve them and shore up their weaknesses. And these days, the industry could all the extra hands in can get.
Anyway, back to the event itself. This young hacker was able to infiltrate Apple’s systems and download 90 GB of internal files, while also gaining access to customer accounts. On multiple occasions, at that.
Apple, however, seems to have caught, contained and responded to the breach in real time. According to a company spokesperson, no users need worry that their information was actually compromised. They alerted the FBI, which then contacted Australian authorities. Raiding the boy’s home, the police seized his phone, hard drive and two Apple laptops, and discovered a hacking folder labeled “hacky hack hack.”
Further details of the case can be found here, but overall this speaks to a larger issue. Cyber threats can come from any angle imaginable, and even have some affect on those at the top of the food chain. That’s why new rules and regulations like GDPR are so important. Same goes for its imitators, like California’s recent Consumer Privacy Act. Any “head-in-the-sand strategies,” as Infosecurity attributes to those US businesses who are simply trying to ignore or work around GDPR restrictions on European users, will no longer be valid.
If any tech-savvy teenager can break through the most secure systems, then organizations need to take every opportunity to ensure the personally identifiable information (PII) stored within is untouchable or unusable. Whether that involves monitoring, centralized storage and management, encryption, or all of the above (ideally all of the above), organizations will have to craft policy and strategy with respect to the user and their increasing data rights.