Apple Prototypes and Corporate Secrets Are for Sale Online–If You Know Where
Matthew Bryant discovered sensitive Apple data in secondhand devices, including a Time Capsule and a prototype iPhone 14, highlighting risks of data security and asset management for companies.
Read original article
Independent security researcher Matthew Bryant discovered sensitive Apple corporate data while purchasing secondhand electronics, including a Time Capsule that contained a backup server's worth of information from European Apple Stores. His findings, which he presented at the Defcon security conference, stemmed from a project where he scraped listings from platforms like eBay and Facebook Marketplace, using computer vision to identify devices that were once part of corporate IT fleets. Bryant's system, which utilized optical character recognition, alerted him to significant items, including a prototype iPhone 14 and a Mac Mini from a Foxconn assembly line. The Mac Mini, despite being listed for parts due to physical damage, contained internal software and credentials that could reveal insights into Apple's manufacturing processes. After notifying Apple about his discoveries, he returned the devices. Bryant's work highlights the risks companies face regarding data security and asset management, as discarded corporate devices can end up on secondhand markets, potentially exposing sensitive information.
- A researcher found sensitive Apple data in secondhand devices purchased online.
- The project involved scraping listings and using computer vision to identify corporate IT equipment.
- Bryant discovered a Time Capsule with extensive internal documentation and a prototype iPhone 14.
- The findings emphasize the importance of data security and proper asset management for companies.
- Discarded corporate devices can pose significant risks if not properly decommissioned.
Related
Ghosts in the (Macintosh) ROM (2012)
A group at NYC Resistor found hidden images in Apple Mac SE ROM from 1986. They decoded distorted data, revealing pictures and assembly code, extracting four images and hinting at audio data.
Apple admits its AirPods had a security problem
Apple addressed security vulnerabilities in AirPods and Beats Fit Pro headphones, preventing hackers from pairing devices with the wrong source. The company released updates to enhance customer protection, emphasizing privacy. Apple prioritizes privacy in its products, like Apple Intelligence, and declined AI collaborations with Meta over privacy concerns.
Apple's Longevity by Design
Apple focuses on product longevity with Macs and iPhones. Macs praised for durability, but concerns on upgrades and support. White paper highlights iPhone features. Repairability and service accessibility emphasized. Warranty and new iPhone features mentioned.
Make Your Electronics Tamper-Evident
AnarSec's article outlines methods to enhance electronic device security against tampering, including tamper-evident screws, transparent storage solutions, and secure operating systems like Qubes OS and Tails.
Apple's 'Find My' service" dubbed super creepy surveillance tech"
Tim Sweeney criticized Apple's 'Find My' service as invasive, sharing a personal incident that led him to disable it. He advocates for legal recovery of stolen devices, sparking privacy concerns.
16 commentsThis is the second time I've read about an iPhone OCR rack https://findthatmeme.com/blog/2023/01/08/image-stacks-and-ip...
Is this still state of the art in terms of local OCR?
ARM Apple Silicon Developer Transition Kit: https://www.youtube.com/watch?v=reQq8fx4D0Q iPod Touch dev board: https://www.youtube.com/watch?v=qLCt6oHPTQM
The PCB repair technique for the DTK is pretty cool on its own.
They can essentially guarantee that the disk encryption key will only be released from the security module if the computer is running a fully-trusted and signed OS. Even if you take the drive out of the machine, the data on that drive is completely useless to you.
Incidentally, this is also what makes short PINs secure; the TPM contents are unreadable, even to a skilled attacker, so if the TPM is guaranteeed to wipe itself after 10 tries, even a 4-digit PIN is secure enough.
> Bryant again reported his findings to Apple and returned the Mac Mini to them.
Why the hell did he do that?! It's, like, the worst thing one can possibly do with these kinds of devices. Just publish stuff that doesn't have anyone's personal data in it. That'll make the world better in the end.
Or, at least, catalogued, scanned, and photographed.
I've seen everything from Amazon's palm-scanners to a tactical LTE base station once used by NIST to all sorts of Zebras full of fun software.
I think the only piece I'd pay to read is how they negotiated with spotify.
Related
Ghosts in the (Macintosh) ROM (2012)
A group at NYC Resistor found hidden images in Apple Mac SE ROM from 1986. They decoded distorted data, revealing pictures and assembly code, extracting four images and hinting at audio data.
Apple admits its AirPods had a security problem
Apple addressed security vulnerabilities in AirPods and Beats Fit Pro headphones, preventing hackers from pairing devices with the wrong source. The company released updates to enhance customer protection, emphasizing privacy. Apple prioritizes privacy in its products, like Apple Intelligence, and declined AI collaborations with Meta over privacy concerns.
Apple's Longevity by Design
Apple focuses on product longevity with Macs and iPhones. Macs praised for durability, but concerns on upgrades and support. White paper highlights iPhone features. Repairability and service accessibility emphasized. Warranty and new iPhone features mentioned.
Make Your Electronics Tamper-Evident
AnarSec's article outlines methods to enhance electronic device security against tampering, including tamper-evident screws, transparent storage solutions, and secure operating systems like Qubes OS and Tails.
Apple's 'Find My' service" dubbed super creepy surveillance tech"
Tim Sweeney criticized Apple's 'Find My' service as invasive, sharing a personal incident that led him to disable it. He advocates for legal recovery of stolen devices, sparking privacy concerns.