Hole Discovered in AT&T Security, 3G iPad Owners’ Email Addresses Harvested

A group known as Goatse Security reportedly discovered a hole in AT&T’s privacy measures, allowing them access to the email addresses of at least 114,000 iPad 3G users. They group informed AT&T, but that was after they shared a PHP script with third parties that would gain them access to the same sensitive material.

The 2,000 page long list of the 114,000 compromised email addresses that was sent to Gawker

Though AT&T closed this hole, it looks as though everyone who purchased the iPad 3G may have had their email address harvested. But, the only real drawback for most users is the possibility of some extra spam. No passwords or other information was leaked besides the email addresses. However, many top government officials, CEOs, and military officials had their email addresses compromised, which means they may need to change their email addresses to avoid unwanted email.

Big Name Victims

Top military and government officials

CEOs and other important executives

This mistake seems to fall mostly on AT&T, which may hurt the already tense relationship with Apple. It also is proving to be bad PR on AT&T’s part. Security issues and data caps do not tend to make users very happy. Along with that, AT&T reportedly knew about the hole for a few days without notifying its customers. However, Apple must bear some responsibility as well, due to the fact that they provide AT&T with email addresses so that those users may activate their iPadĀ 3G.

In an interview with Matt Buchanan at Gizmodo, AT&T’s Chief Security Officer, ED Amoroso, provided an explanation for the breach, highlighting the fact that it was due to AT&T’s efforts to make life easier for its customers.

Though AT&T claims that all is well, and that only email addresses and their related ICC-ID numbers (numbers used to identify specific iPads) were exposed, security experts told the New York Times that all is not well.

“Experts said that ICC-ID numbers could, in the right hands, be used to get other information, like an iPad’s location.

The breach “should be worrying people a lot,” said Nick DePetrillo, an independent security consultant.

Michael Kleeman, a communications network expert at the University of California, San Diego, said… “you could in theory find out where the device is,” Mr. Kleeman said. “But to do that, you would have to gain access to very secure databases that are not generally connected to the public Internet.”

The good news for all of you iPad without 3G owners is that you are safe.

iPad with WiFi + 3G start at $649. The iPad with WiFi starts at $499 at the Apple Store .

Via Gawker, Gizmodo, LaptopMag

Photos via Gawker

Related Posts