Apple’s iPhone activation servers experiencing extended outage

“While Apple is still working to bring its developer site back up a week after taken offline due to a security breach, the company appears to be experiencing another problem with its systems today, as a number of MacRumors have reported they are unable to activate their new iPhones,” Eric Slivka reports for MacRumors.

“Other reports are showing up on Twitter as the problems continue,” Slivka reports. “According to one tipster who called Apple about the problem, the company’s activation servers are currently down.”

Full article here.

[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]

16 Comments

    1. not negligence, as I I believe

      1) apple responded and is doing the appropriate things to solve this issue,

      2) highly doubt it is Apples failure to proper maintain as hackers love to keep at it until they succeed.

    2. See my post below for current details.

      This was NOT a malicious attack. Negligence by Apple WAS involved. The Java hack involved was public knowledge. Part of the problem would have been averted if Apple had kept up-to-date with Java on their Developer server.

      Part of the problem was the hacker’s ‘look what I can do!’ YouTube video (which is now blocked) that revealed some of the data he had collected, NOT a good move on his part.

      I and a Mac security expert net friend expect Apple are currently cleaning up a lot more than just an out-of-date Java implementation. I expect they are security-proofing their entire database system in order to prevent any future security hole surprises.

      We won’t know more about the hack until the site rebuild is completed.

  1. Whatever method was found to breach the servers must have been pretty serious. Apple is obviously having to address some major security re-programming and is staying locked down until completed.

    1. No. This was a classic white hat hacker attack, a testing of Apple’s website for security holes. He found at least one, exploited it, grabbed data, and informed Apple of everything he had discovered and accomplished. Sadly the guy also revealed some of his harvested data in his video on YouTube, which created some minor additional problems.

      Everything indicates that Apple are security-proofing a lot more than just the Java exploit used by the hacker. See my post below for current details.

  2. Or maybe it was planned as they’re upgrading them for new services such as Activation Lock etc and getting them ready for the massive surges I’m activations with the new iPhone release(s).

    1. No. Apple were caught off guard and guilty of not keeping there WebObjects Java implementation up-to-date. There is a lot more involved with their site rebuild, but we know that was at least one hack involved in the situation. I posted more details below.

  3. Here’s the scoop so far:

    The hacker, who is from Israel, went public with his hacking of Apple’s Developer site via YouTube early last week. The video has since been blocked at YouTube as ‘private’. Initially it was available here:

    I watched it on the day he released it. It was a ‘look what I can do!’ video clearly to show off his skills. He thankfully pointed out that he had informed Apple of everything he was doing along the way and that nothing about his hack was made public…

    Well, except that he showed off some of his collected data within the video, which is not good. Thus Google’s blocking of the video and Apple’s emailing out password update requests to the victims of this revealing.

    We know at this point that at least part of the exploit was a publicly known Java security hole. Therefore, it appears that Apple was using an OUT-DATED version of Java on their WebObjects server for the Developer site. That’s very bad.

    One of the colleagues at my Mac malware discussion group believes Apple is also updating bad Java code used in their WebObjects programming. Also, I personally expect they are raking through their SQL database code for security holes. (SQL is one of the worst banes of the Internet as it is inherently insecure. Ideally SQL should be stricken from the Internet forever. But bad popular code dies hard).

    We also know that Apple are adding encryption to ALL their data so that any future security holes in Java will NOT catch them off guard again. And yes, we know there are going to be A LOT of future Java security holes, all thanks to ‘sandbox’ crapcode infliction by Oracle after they bought Sun Microsystems. I hate Oracle.

    IOW: Just Turn Java Off. If only Apple had that option. They don’t as ALL WebObjects programming these days must be written in Java. –Also, not good. (o_0)

    After Apple clean up the security mess, no doubt the entire exploit will be made public.

    1. BTW: If this guy (Ibrahim Halic) wants to say “I’m not a hacker…”, fine. Have fun with semantics.

      Except he’s a classic White Hat hacker, despite his ‘security research’ credentials. A professional security researcher doesn’t publish his hack on YouTube for all the world to see. They remains entirely silent in public, working with and reporting to ONLY the company and location they hacked. And yes, professional security researchers STILL use the term ‘hack’ because that is what they are doing: hacking.

    2. UPDATE:
      ZDNet managed to grab the source video created by the hacker and have a copy embedded as part of their article on the subject:

      Is this the video that brought down the Apple Developer Center?
      Summary: Security researcher Ibrahim Balic discovered 13 flaws in Apple servers and reported them. Here’s the video he made of his exploits then promptly removed.
      http://www.zdnet.com/is-this-the-video-that-brought-down-the-apple-developer-center-7000018512/

      Although his motives are unclear, Balic presumably removed the video because it shows actual user names and email addresses. For his part, Balic claims his efforts weren’t malicious and that he told Apple about the flaws via official channels. According to TechCrunch:

      “Balic swears up and down that he’s not a malicious hacker. Rather, he claims to be just a security buff who stumbled upon a way to access gobs of Apple user data, tried to warn the company about it, and made a (now private) video highlighting the security flaw in question when Apple wouldn’t respond.”

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.