Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Hackers Target AT&T iPad Users, Obtain 114,000 High Profile E-mail Addresses

by Amar Toor on June 10, 2010 at 09:01 AM

ipad breach in security
The iPad has only been in circulation for a couple of months, but the device has already fallen prey to a major cyber attack, thanks to a gap in AT&T's security system. According to Gawker, a group of hackers recently succeeded in exploiting a security hole in AT&T's website, and walked away with the e-mails and ID numbers of over 114,000 iPad users. The list of those targeted by the attack includes U.S. military personnel, CEOs and politicians, including Rahm Emanuel.

The scam was apparently pulled off by a group unfortunately named Goatse Security [Ed. Note: Google it. On second thought, save yourself the NSFW results.] , which obtained the addresses by using a script to enter random iPad ID numbers, or ICC-IDs, into AT&T's site. Whenever a valid ID number is entered into a program on the site, the company discloses the e-mail account associated with that number. Goatse itself eventually informed AT&T of the breach, and the leak was plugged on Tuesday.

In a statement, AT&T apologized to users, and assured them that the "only information that can be derived from the ICC IDS is the e-mail address attached to that device." Apple, meanwhile, has not yet issued a statement. Some security experts remain unconvinced that the leaked e-mail addresses won't lead to further privacy breaches. As UCSD communication networks expert Michael Kleeman told the New York Times, "You could in theory find out where the device is." He admits, though, that doing so would require "access to very secure databases that are not generally connected to the public Internet."

In an interview with Gizmodo, AT&T chief security officer Ed Amoroso explains that the whole snafu is the direct result of a feature designed to make customers' lives easier. When a customer signs up for 3G, AT&T assigns them an ICC-ID number, and asks the user to provide an e-mail address to link to that ID. That way, when users log on to the site to access their account information, the network automatically recognizes them, meaning they don't have to enter their e-mail information each time -- only their password.

It remains to be seen how AT&T handles this crisis, at a time when its relations with Apple and its customer base are already strained. But perhaps the company would be well served to heed the ironic words of CEO Randall Stephenson, who, according to Gawker, declared at an IBM security conference yesterday, "If you lose the customers' confidence once on a [matter of] privacy... it would be a hard issue to recover from." [From: Gawker, New York Times and Gizmodo]

Tags: 3G, Apple, ATT, ceo, cyberattack, e-mail, goatse, goatse security, GoatseSecurity, hack, IdentityTheft, ipad, military, politicians, privacy, security, top

Comments

1

HuffPost AOL Social News Most Popular