Apple depot repair vendor CSAT Solutions has been hit with a ransomware attack that calls its overall security into question — and is causing extended mail-in repair times and in some cases lost customer hardware.
The attackers provided screenshots of internal tools used by CSAT and posted screenshots of computer directories online. The attack appears to be directly on CSAT and not on the computers being repaired at the facility.
In order to rectify the situation and ensure consumer hardware was not impacted by the attack, repair times have been be extended to perform additional checks. Anyone who has shipped their Mac to Apple within the last two weeks could be affected by the delay.
Only thing you can do is be very patient with the situation, deal with more CRU's and pretty much deal with the customer backlash.
— Fudge (@choco_bit) December 8, 2020
Personal opinion but it's highly likely this will continue (to some extent) into January 2021
Known Apple leaker Fudge shared the details of the leak and shared concerns on Twitter. The leaker's connection with Apple Authorized Service Providers made them concerned over the security implications for Apple users. Fudge urges anyone receiving their computers from Apple repair to do a full DFU restart, though that may not be warranted. AppleInsider does concur with the leaker's advice to perform a clean install of the operating system for any returned device for the foreseeable future.
A report from iTWire details the attack, stating it was conducted using "NetWalker," an attack that only works on Windows. This means the attack should have only affected the CSAT systems and likely not the Macs they were working on.
Apple does use a variety of other depot-level repair facilities and does do some repairs in-house at Apple Stores, so not every repair will be affected. Apple is able to divert repairs to other facilities while those currently at CSAT are evaluated or replaced.
AppleInsider has reached out to Apple for comment.
10 Comments
And this is where quality control falls apart. Perhaps politicians should have their Apple products repaired by one of these chop shops first, then take a vote.
But, this may be hard to avoid: At least in my own Apple Store repair technicians were moved out of the stores to work from home on the online support system. The result is that it takes a week just to get an appointment for your equipment to be looked at in the store. I have no idea what the repair times may be -- they might be shipping them out anyway.
Well... as someone who has gone through a really bad ransomware attack somewhat recently, I can only say good luck to those working on it. It suuuucks.
But, at least for us, it totally changed our perspective on security. If they're anything like us (and they very well may NOT be) they'll be a much more secure company (IT-wise) in, say, a year.
And if they're not, they'll get hit again. (I know of one company that got hit 3x in 8 weeks. It eventually sunk in...)
I have friends at two companies that got hit by ransomware. One shop was down for three weeks and had minimal (if any) real IT support. It was disastrous. They did everything and anything to keep it from going public. It's actually quite sad the lengths that some companies will go to hide the fact that they have little to no security of their data.
I don't think many companies do ever learn from this mistake. Security is never a one-time solution. It's a whack-a-mole game and one always has to be ready and plan for a never-ending barrage of attacks.
I guess I lucked out. I had my MacBook Pro serviced (for the "stagelight" defect that finally hit me) and the turnaround was amazing. I live in the DC area. I had an appointment at a Virginia Apple Store for 5:45pm on Black Friday. They shipped it to a repair depot in Memphis (called "Flex" apparently?) and I had it back in my hands (shipped to my home) Tuesday morning. That's less than 2 business days.