Skip to content

Apple

I'm Yuyang Wang, but you can call me Frank. I'm glad to have the opportunity to have this interview with Apple and I am really appreciate your time on conducting this interview with me. I'm currently based in New York and am pursuing my Master of Engineering in Computer Science at Cornell Tech. I will be graduate from here in May 2024.

A fun fact about myself, I've always passionate about programming and hacking. When I was in high school, I found one SQL injection vulnerability in the student card top-up system and reported this vulnerability to the head master of my school, If you want to lean more about this interesting story, I can provide your more details on this.

I focus a lot on security when I write my own software projects. For example, I'll include CSRF Token when submitting forms, avoid using Raw SQL for queries, control the expiration time of JWT, restrict Cross-Origin Resource Sharing, Setup HTTPS certificate when building a website, configure Domain Name System Security Extensions (DNSSEC) on my domain (btw my domain is yuyangwang.org) and use the single point authentication instead of write login functions on each projects, I actually have my own OAuth 2.0-based authentication center based on Django, and I currently use this authentication center for many of my personal projects (It is acting as the authentication infrastructure for my projects). You can visit this project using this link oauth.yuyangwang.org.

and used HackRF to reproduce a man-in-the-middle attack on the GSM system so as to receive SMS messages from all cell phones under the same cellular station.

I'm sure many developers used to have a dream of becoming a hacker when they were kids, when I was in high school I used to be very passionate about breaking some systems such as attacking the school's official website using DDoS. But one day, I realized that it seemed more meaningful if I could find some vulnerabilities in the system and fix them.

The other day my school launched a student card top-up system, our high school had a few cafeterias where everyone tap their student cards to make purchases. The process of using that top-up system was as follows:

  1. enter the card number and name
  2. use POST to submit this information
  3. The system queries the database and returns the current balance.
  4. top up the card

So I thought, since there is a POST process, could there be a SQL injection vulnerability? So I captured network communications of the system and used some common methods and Sqlmap tools to test the system. As a result, a SQL injection vulnerability was detected and the whole database was successfully exported.

After that, I took the logs and the exported database to the president, he didn't take thisseriously at first, because he thought I was a high school student after all, and maybe his findings were just some "vulnerability " that he thought were not real vulnerability . But when I showed him a table of the entire database, he got serious. He told me that he would get the development team to fix the vulnerability right away, and that he would keep me informed and welcome further security testing.

A few days later the president ecame to see me in class and told me that they had fixed the vulnerability and that I should retest. Sure enough, they did fix the vulnerability.

There was also a vulnerability regarding the hardware that I didn't tell them about, but I tried to exploit it myself and managed to make myself the principal.

Our school's student card is based on an RFID system, or IC card, which has 16 sectors, each of which can store data. In the first block of sector 0, the UID is stored as the unique identification number of the card. Theoretically, this information cannot be changed after the card leaves the factory. The factory usually uses a fuse to write the UID first and then blow the fuse to prevent the UID from being changed.

However, there are some factories that produce "Magic Cards" which do not use a fuse, which means that the UID can be changed.

Our school's access control and cafeteria verify the identity of students by reading the UID of the card and then using it to search the database. In other words, if I know a person's UID, I can write it into the Magic Card to make myself into that person.

So, the key question at this point is how to know someone else's UID.

Recalling the previous SQL injection exploit, I exported the entire database, so I was actually able to know everyone's UID, including the principal. So I used the Proxmark3 device and wrote this data to the Magic Card. After testing, I was indeed able to open the door to the principal's office.

Just now I skipped some parts, such as reading the IC card's sectors actually requires the use of the sector's corresponding key, and the Proxmark3 device was able to detect the value of the key by exploiting the existence of a pseudo-random number generator vulnerability in the IC card. The existence of this vulnerability is crucial for IC card vulnerability analysis. Of course, this vulnerability is not a problem of the school system, but it is a real problem.

  • Why Apple
    • I've been using Apple devices for many years, and I know that Apple takes the security and privacy of its users very seriously, which is basically the main reason why I've always chosen to use Apple devices instead of Android devices. Other than a general user of Apple devices, I also have practical experience as an Apple developer, creating apps for the App Store utilizing Swift and Swift UI. Every year, I attend WWDC to keep the same pace with Apple's technological innovations. I think it's very meaningful to see a lot of the cutting-edge technology that exists in papers actually being delivered as a feature of Apple's system for the general public. I think Apple's values/culture are aligned to me, I like to embrace challenges, be creative in my projects and think out of the box. e.g., Every day, I visit the Treading projects page on GitHub so that I will not be limited by my own ideas. e.g. So, when someone ask me like “how to design a system with requirements blabla…..”, I will be like “Oh, I saw one solution before, they utilized (e.g. Docker compose with RabbitMQ) given your context, we can change their approach a little bit (e.g. we use Kubernetes with Kafka). Let’s implemented a demo and see wether it works or not”.
  • Why this team
    • I'm sure many developers used to have a dream of becoming a cool hacker when they were kids, So I actually did quite a lot attempts on be coming a hacker e.g. when I was in high school I used to be very passionate about breaking some systems such as attacking the school's official website with DDoS. Use HackRF (Software Defined Radio hardware) to reproduce a man-in-the-middle attack on the GSM system so as to receive SMS messages from all cell phones under the same cellular station. Another attempt is to exploit wifi router vulnerability to crack WIFI password of my neighborhood. But one day, I realized that it seemed more meaningful if I could find some vulnerabilities in the system and fix them instead of breaking the system.
    • This role focus on secure software development, vulnerability exploitation, or vulnerability mitigation, which is exactly what I am passionate about. So that I am really looking forward to join this team.
  • What's your most challenging project / project you are most proud of ?
    • I would say the Offer Master project, which is a recommendation system based on Collaborative Filtering for students to plan for graduate school applications. The reason why I started this project is because when I was applying for a master's program, there was no website on the market that could assist me in completing my application plan and recommending universities based on my grades and preferences, so I built this website with my team (a group of students who also applied for masters programs in US). As the team leader, I designed the overall architecture of the project, we utilized Git as the version control tool, utilized Github CI/CD and DockerHub to automate the build process of container images, and then use Docker-compose to deploy the back-end application, front-end application and the database. In addition to this, use Nginx to balance the load on different nodes, so as to improve the performance of the site . In addition, in order to continuously monitor the running status of the website, we introduced ElasticSearch to collect and analyze the logs of the application layer, and Grafana to visualize the running status of the nodes.
    • During the development process of this project, due to the rapid iteration of the product we don’t have very comprehensive documentations (our practice is quite similar to concept of Extreme programming in agile process), but this didn't affect my efficiency of development. Normally I read the code to understand what a function does, and in special cases I'll look through the Git commit history to find out who contributed to the code, and send an email or ask a question face-to-face.
    • This project was challenging because we utilized a lot of techniques that we never used before and this project had a very fast iteration rate with almost no documentations.
  • Describe a teamwork experience, your role, team result
    • During my undergraduate study, we completed many assignments as a group. In almost all of them, I was the team leader. This was because I had a broader understanding of the technologies and knew which technology to choose in a given requirement to balance the cost between development and the performance of the final deliverable.
    • The reason why I have a broader understanding of the technologies is because I often look for the latest Trending projects on Github and try to deploy them on my own servers to learn about the features, strengths, and weaknesses of the project. This allows me to choose the most appropriate technology path for each task.
    • In addition, as the project leader, I am also responsible for the main communication tasks. For example, if some students are not able to complete the development tasks well, I will try to assign some other tasks to them and try to find out what they are best at in order to maximize the efficiency of the whole team.
    • In terms of the result, nearly all of the group project I lead obtained the A grade.
  • Project at Lenovo
    • At Lenovo, we made a model to recognize the faults of car engine by sound. The process is basically when a car has an engine failure, automotive engineers use their cell phones to record the sound of the engine running, upload it to our servers, we return which parts of the engine caused the failure, thus helping the engineers to locate the problem more quickly. In this project, our model has some limitations, the model can only accept 1 second of sound as input, but the upload may be a very long audio. To solve this problem, by considering the sliding window algorithm in TCP, I fixed 1 second as the size of the window and let the window slide over the audio, thus generating multiple 1-second-long audios that can be input to the model, Finally I designed a vote method to determine which part of the engine is causing the problem. This process significantly improved the accuracy of the model to production level.
  • Where Do You See Yourself in 5 Years?
    • Personally, I love programming and all kinds of technologies, so I'm looking forward to continuing to learn new technologies at Apple or say gain hands on experience. After I have enough experience, I want to be able to lead teams on projects just like what I did during my undergraduate studies.
  • Describe a situation... / Tell me about a time, conflict with co-worker/manager
    • When designing the Offer Master architecture, I had a disagreement with one of the team members about the database query method. My idea was to use the ORM framework, and his idea was to use Mybatis. In order to reach an agreement, I decided to work with him on a simple project, using both ORM and Mybatis. After completing the project, we compared the pros and cons of the two approaches and finalized our choice. In the end, after a comprehensive analysis, my solution is better, so we chose the ORM.
    • I believe that the most important thing in solving a conflict is not to make it worse, but to find out why the other party disagrees with you, and then solve the problem accordingly.
  • What's your biggest failure? What's your most regretful decision in your work?
    • I remember when I was an undergraduate student, I applied for an internship at ByteDance, but I was really confident in myself so I didn't prepare for anything before the interview. As a result, I failed to answer many simple questions during the interview. Moreover, I could tell that the interviewer wants me to pass the interview because he gave me a lot of hints, but I didn't pass the interview because of my overconfidence. I feel that I was wasting the interviewer's time and I feel really regretful. Therefore, now I do a lots of preparation for every interview, and I value the interviewer's time try my best to perform well.

Questions

  • Can you tell me more about the boarding process?
  • What does a typical day in this role look like?
  • What do you enjoy most about working here?
  • What's the biggest challenges I will face if I am hired?

Chinese