A hacker claims to be selling access to Apple internal tools

A screenshot of the internal tool. (Image: supplied)

A hacker is claiming to have access to internal Apple tools that can return account information on Apple customers.

The unnamed hacker is flouting access to the tools on his Twitter profile, where he tweeted several photos of what appears to be access to Apple’s Global Service Exchange (GSX) system. The internet-facing systems are used by authorized staff and workers to handle repair requests and after-sales support.

We contacted the hacker and asked for verification of his claims.

We gave the hacker a valid Apple Watch serial number, and he returned a few minutes later with a screenshot containing correct information about the model, series, and type.

But the screenshot contained no other information — except that the device was “out of warranty,” which is not accurate.

When pressed, the hacker refused to provide this reporter with the device’s associated account information as he had claimed.

“I can’t tell you my work,” the hacker said.

In broken English, the hacker said he sells access to Apple’s systems to at least 20 people each day by using a “private exploit” to obtain usernames and passwords for the system.

But when pressed, the hacker provided no additional information, and wouldn’t speak to his other claims or other screenshots that purport other access to Apple systems.

A source familiar with Apple’s systems downplayed the hacker’s access, telling ZDNet that the web address of the purported internal Apple tool was a “test version” of the GSX tool, and used only for development.

“It contains mainly dummy data,” the source said, and likely why the system returned a valid device information but otherwise incorrect or missing account data. The system no longer returns real account or warranty data, the source said.

The hacker did not respond when we challenged his claims.

It remains unclear how the hacker gained access to Apple’s tools — even a system that doesn’t contain user or account data.

When reached, an Apple spokesperson did not comment.

Apple has been the target of hackers — and purported hackers — over the past few years, largely in an effort to extort the company or scam unwitting customers.

Last year, scammers claimed to have millions of Apple ID records and threatened to remotely wipe accounts unless a ransom was paid, but their claims were overblown and the hackers never followed through with their demands.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

ZDNET INVESTIGATIONS

READ MORE HERE