Welcome to iPadForums.net Guest - Click Here to Register

iPad 3G security breach!

This is a discussion on iPad 3G security breach! within the iPad General Discussions forums, part of the Apple iPad Discussions category; Link: gawker.com/5559346/ Apple's Worst Security Breach: 114,000 iPad Owners Exposed Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of ...

iPadForums.net is the original Apple iPad Forum! Registered Users do not see these ads. Please Register - It's Free!
+ Reply to Thread
Results 1 to 8 of 8
  1. #1
    iPad Junkie!
    Member #
    4680
    Liked
    1 times
    Join Date
    May 2010
    Location
    Danville, ca
    Posts
    109

    iPad 3G security breach!

    Link: gawker.com/5559346/

    Apple's Worst Security Breach: 114,000 iPad Owners Exposed


    Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking. The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.


    (...)



    The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.
    AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its wireless configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple. But it will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network.
    It will also do so at a pivotal moment, with the iPad 3G early in its sales cycle. Brisk sales for the original wi-fi iPad had promised to turn the 3G model into a similar profit machine. But further questions about AT&T, already widely ridiculed for its bad service, are going to make people think twice about spending up to $830 and $25 per month on the iPad 3G.
    Breach details: Who did it, and how

    The subscriber data was obtained by a group calling itself Goatse Security. Though the group is steeped in off-the-wall, 4chan-style internet culture—its name is a reference to a famous gross-out Web picture—it has previously highlighted real security vulnerabilities in the Firefox and Safari Web browsers, and attracted media attention for finding what it said were flaws in Amazon's community ratings system.
    Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.
    To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such header identify users' browser types to websites.
    The group wrote a PHP script to automate the harvesting of data. Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it's not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it's likely many accounts beyond the 114,000 have been compromised.
    Goatse Security notified AT&T of the breach and the security hole was closed.
    We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. We sent these people the ICC ID contained in the document—and associated with the person's iPad 3G account—and asked them to verify in an iPad control panel that this was the correct ICC ID. It was.
    Victims: Some big names

    Then we began poring through the 114,067 entries and were stunned at the names we found. The iPad 3G, released less than two months ago, has clearly been snapped up by an elite array of early adopters.
    Within the military, we saw several devices registered to the domain of DARPA, the advanced research division of the Department of Defense, along with the major service branches. To wit: One affected individual was William Eldredge, who "commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force."

    In the media and entertainment industries, affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.

    Within the tech industry, accounts were compromised at Google, Amazon, Microsoft and AOL, among others. In finance, accounts belonged to companies from Goldman Sachs to JP Morgan to Citigroup to Morgan Stanley, along with dozens of venture capital and private equity firms.
    In government, affected accounts included a GMail user who appears to be Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others. Dozens of employees of the federal court system also appeared on the list.
    Uh, oh.



    Maybe we should blame AT&T more? However, Apple did choose AT&T, so...
    Last edited by Ripplinghurst; 06-09-2010 at 04:50 PM.

  2. Ads


  3. #2
    iPad Enthusiast!
    Member #
    2326
    Join Date
    Apr 2010
    Location
    London - NY
    Posts
    48
    Wonder what AT&T says about this...

  4. #3
    iPad Master!
    Member #
    2592
    Liked
    3 times
    Join Date
    Apr 2010
    Location
    NH
    Posts
    517
    It's embarrassing but that's about it. Bigshots.name@bigshot'sdomain.net isn't that hard to figure..

  5. #4
    iPad Junkie!
    Member #
    4680
    Liked
    1 times
    Join Date
    May 2010
    Location
    Danville, ca
    Posts
    109
    That's about it? I don't think so. At the very least, it is known that

    a) those big shots do use those emails;
    b) they have an iPad 3G.
    c) hack their iPad, you access those guys files, contacts, mails and calendars.

    That makes the iPad that more of a target than before. To know that the White House and big shot military and big decision makers do use that device is big, IMHO.

    Remember when Hilary, others, went to China and the NSA couldn't believe how much trouble they had with Chinese hackers trying to hack phones and laptops? If they got this in two months, what else they won't get in the next several years? Guess the iPad is going to be a big target for hackers worldwide now.

    I'm sure Gates is happy seeing resources dedicated to hack Office and IExplorer are going to be devoted now to iPad and Safari.

    Finally, we don't know if there is more to it that what was disclosed, maybe for fear of a full blown FBI/NSA investigation. Who knows? Rahm Emmanuel, Obama's chief advisor, has one. That can't be good.

    Hope Jobs is furious and leave AT&T for good. Surely there must be an escape clause for rank amateurism when dealing with confidential customer's info?

  6. #5
    iPad Master!
    Member #
    2592
    Liked
    3 times
    Join Date
    Apr 2010
    Location
    NH
    Posts
    517
    POTUS has a BlackBerry. hope he doesn't keep the launch codes on it.

  7. #6
    Super Moderator
    Member #
    1583
    Liked
    52 times
    Join Date
    Mar 2010
    Location
    Oklahoma
    Posts
    2,522
    The only thing the hackers got access to is their e-mail addresses. An annoyance to be sure, but many of these people have throwaway e-mail addresses.

  8. #7
    iPad Master!
    Member #
    2592
    Liked
    3 times
    Join Date
    Apr 2010
    Location
    NH
    Posts
    517
    Well there's a silver lining to this cloud! As a result of the email account associated with my iPad being discovered, a certain Rev. Ezekial Mbutu was able to identify me as the rightful recipient of some $23,000,000.00 that he's holding for me in the National Bank of Nairobi.

  9. #8
    iPad Junkie!
    Member #
    5975
    Join Date
    Jun 2010
    Location
    Northern CA
    Posts
    116
    lol figmo10. Still, as a 3G iPad account holder, this sucks.
    64 GB iPad 3G * 16 GB iPhone 3Gs * iTunes Windows x64


Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Similar Threads

  1. Four Security Tips for your iPad
    By iDan in forum Apple iPad News
    Replies: 33
    Last Post: 07-18-2011, 10:40 AM
  2. Security APP ?s
    By JYogi in forum iPad Apps
    Replies: 12
    Last Post: 06-24-2010, 10:02 AM
  3. security on the ipad
    By dany592 in forum iPad Help
    Replies: 12
    Last Post: 04-15-2010, 09:24 PM
  4. iPad Security
    By rudeman in forum iPad General Discussions
    Replies: 3
    Last Post: 02-26-2010, 10:10 AM

Search tags for this page

diane sawyer i pad 2 stand
,

diane sawyer ipad stand

,
diane sawyer's ipad stand
,
diane sawyers ipad stand
,
ipad stand diane sawyer
,
ipad stand used by diane sawyer
,
landscape ipad stand diane sawyer
,
what ipad stand is diane sawyer
Click on a term to search for related topics.