How we found that hidden Apple job listing

0
135

0

apple-jpg-2.jpg

(Image: Zack Whittaker/Twitter)

“Hey there! You found us,” read the first five words of a secret Apple job listing.

The job listing was posted on one of the company’s publicly accessible but hidden servers, hosting data on millions of Apple customers across the US east coast.

According to the job listing, Apple was “looking for a talented engineer to develop a critical infrastructure component that is to be a key part of the Apple ecosystem.”

In fairness, Apple is not looking for me, but someone who’s far smarter and qualified, and who has better office etiquette.

I tweeted out a screenshot that quickly got picked up by several Apple-focused blogs, none of whom were able to spell my name correctly, nor asked how the page was found in the first place.

But several people on Twitter did ask, so I’ll explain.

I was using Burp Suite, a traffic analyzer, to intercept data between several iPhone apps to see what kind of personal data was sent along to advertisers. Among the stream of connections to analytics sites and advertisers used to track a user’s app consumption, there were several outbound connections to one of Apple’s “blobstore” servers, which the company uses to host iCloud data, such as customer photos and videos.

I entered the web address into a browser, and there you have it.

Trust me, there was little proficiency needed to find the page which, since it was widely reported, has been taken down.

But it was still nice to have been asked to “get in touch” with my resume.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

ZDNET INVESTIGATIONS

Leaked TSA documents reveal New York airport’s wave of security lapses

US government pushed tech firms to hand over source code

At the US border: Discriminated, detained, searched, interrogated

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

FCC chairman voted to sell your browsing history — so we asked to see his

With a single wiretap order, US authorities listened in on 3.3 million phone calls

198 million Americans hit by ‘largest ever’ voter records leak

Britain has passed the ‘most extreme surveillance law ever passed in a democracy’

Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

0