Fontys ICT student Sem Voigtländer
Shortcuts is an app with which the user can automate various tasks. This app is fairly new and, according to Sem, interesting for, for instance, easily sharing files for people from the business world. But due to the leak, malicious parties could find out much more information of the users. "For instance, which keys the users hit or the content of their WhatsApp messages."
According to Stefan Roijers of FHICT it is quite unique that a student discovers such a leak, but he’s not surprised. “Sem works on this day and night. He is also in a group with other ICT students, Kernel Space that hacks outside of school time.”
Students also have to frequently try to discover leaks in systems for their course. But this is usually for companies and there is a duty of confidentiality. In other cases students are taught to report bugs on the Responsible Disclosure website.
Sem immediately emailed the leak to Apple. The company reacted at once that they were going to investigate it. "I got a reply in a few days, which is fast; as they get a lot of these types of emails."
Hacking is educational and exciting for many students and often money can be earned. This can run up to thousands of dollars. Unfortunately, Apple usually does not give a 'bug bounty', the student explains. But it’s enough for him to get 'cve', 'common vulnerability exposure'. "You’ve then discovered a bug of worldwide importance."
To his great surprise, Sem found it remarkably quickly. "I looked for it for an hour. In new programs you often know what you find. But I was surprised about this error. I couldn’t believe they had made such a programming error, which is so obvious."
Author: Petra Merkx