(In)security: Apple developers site hacked; SIM card flaw discovered

In this, the umpteenth episode of Security Scares: Apple was hacked. And a flaw in SIM cards could reportedly affect up to 750 million cell phones.

• Apple admitted Sunday that its developers site was hacked last week, providing an explanation about why the site had been down since Thursday.

As the company said it was “overhauling” its system, adding that it couldn’t rule out that some information about developers of third-party apps may have been compromised, a security researcher from Turkey has claimed responsibility for the hack.

Ibrahim Balic told the Guardian: “My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away.” He said he wanted to show that Apple was “leaking” user information, and that he did not hear back from the Cupertino company.

While Apple said the hacked site did not have associated customer information, the Guardian noted that those with malicious intent and possibly, developer IDs, could use those to compromise the apps themselves.

• Meanwhile, we already know our cell phones can give away plenty of information about us. Now, according to a well-known security researcher, they can also help give away control.

Karsten Nohl, founder of Security Research Labs in Berlin, says he has exploited a flaw in encryption used in some SIM cards that can allow others to remotely take control of an estimated 750 million phones. He says that “with over 7 billion cards in active use, SIMs may well be the most widely used security token in the world.”

Among the dangers: Those who take control of the phones can read text messages, steal other data and rack up charges under the phone owners’ mobile identities.

Nohl will present his findings at the Black Hat hacking conference in Las Vegas, which begins at the end of the week.

 

Photo: An Apple logo is seen at the Apple Worldwide Developers Conference in San Francisco last month. (Stephen Lam/Reuters)

 

Levi Sumagaysay Levi Sumagaysay (3590 Posts)

Levi Sumagaysay is editor of the combined SiliconBeat and Good Morning Silicon Valley. She also blogs and is the online producer for SiliconValley.com, the Mercury News tech website. Email: lsumagaysay (at) bayareanewsgroup (dot-com).