A group calling itself Goatse Security was able to get information on over 100,000 AT&T iPad subscribers by exploiting a major bug on a script at an AT&T website. The group simply needed to insert an ICC-ID as part of a HTTP request to the vulnerable script which then returned the e-mail address associated with the specific iPad device.
AT&T has stressed that only e-mail address data was actually retrieved by the group and nothing more sensitive was at risk. Still, a collection of 114,000 active e-mail addresses has value by itself without even including the personal e-mail addresses of celebrities or government officials that were revealed.
"The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat," FBI spokesman Jason Pack said. Apple's iPad, which launched in April this year, has already sold over 2 million units.
Security experts, for the most part, maintain that the hype surrounding this hack has more to do with the fact that it involves an Apple device and some well-known names than with iPad or even AT&T security. "The hype around Apple products -- like the new iPhone and iPad -- is amazing. However, the reality is this type of vulnerability isn't really news and happens all day long," George Kurtz, chief technology officer for security software company McAfee, said.
Apple customers who have had to enter into contracts with AT&T might not be as understanding however, having already voiced disapproval at the quality of service gotten from AT&T in the past.
Written by: James Delahunty @ 12 Jun 2010 0:14