Summary created by Smart Answers AI
In summary:
- Macworld reports that RansomHub hackers breached Apple supplier Luxshare in December, stealing sensitive CAD drawings and engineering designs for unreleased products.
- The ransomware attack threatens to expose exact details and dimensions of future iPhones, Apple Watches, AirPods, and Vision Pro prototypes unless ransom demands are met.
- This breach poses significant risks to Apple’s product secrecy, as Luxshare assembles critical devices and holds confidential project information.
This is set to be a big year for Apple product launches, but the announcements may appear rather sooner than the company would like. Following a data breach affecting one of Apple’s manufacturing suppliers, hackers are boasting on the dark web that they have obtained confidential data about Apple products, projects, and personnel.
According to Cybernews, Luxshare was successfully attacked last month by a ransomware cartel named RansomHub, which is now threatening to leak data from Luxshare clients Apple, nVidia, and LG unless it pays a ransom.
“We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company,” the attackers write. (They claim the data breach took place on December 15, and Luxshare has not reported anything of that nature.) “We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked.”
RansomHub claims to have a raft of confidential information, including 2D CAD drawings, 3D CAD models, engineering drawings, printed circuit board designs, and layout architecture data. It includes a data sample with the forum post, and Cybernews reports that this contains “what appear to be confidential projects regarding device repair and shipping between Apple and Luxshare, including timelines, detailed processes, and information about other Luxshare clients.” It also contains names, roles, and email addresses for staff working on specific projects.
The leak looks genuine, in other words.
Luxshare is a huge company and a critical part of Apple’s supply chain. It has assembled iPhones since 2020, and also builds Apple Watches, AirPods, MacBook accessories, and the Vision Pro. The company therefore has access to data which would be of enormous interest to Apple’s rivals.
AppleInsider‘s sources say the 3D CAD files (.prt files) are the most significant part of the cache. “In essence,” the site writes, “if the RansomHub attackers really obtained .prt files, that means they have the exact details and dimensions of every screw, bracket, spacer, and everything else in between needed for a prototype iPhone.”
Neither Apple nor Luxshare has yet commented on the alleged incident.
