Email Addresses and SIM Identifiers of 114,000 AT&T iPad 3G Users Exposed
- Thread starter Compile 'em all
- Start date
- Sort by reaction score
"Journalism" at its bestAssociated Press has picked up the story...
Gawker's Headline: Apple's Worst Security Breach: 114,000 iPad Owners Exposed
AP's Headline: AT&T security hole exposes iPad users' e-mails
You tell me if there is any axe-grinding going on over at Gawker.
BTW, the AP story also said: "An Apple representative deferred requests for comment to AT&T."
Its not really that the ICCID is useful, but the fact that a ton of carriers have IMSIs are assigned in step with the ICCID sequence, making them easy to guess by obtaining one SIM IMSI (which is extremely easy).
Without knowing the KI, it would be still difficult to clone any of these users, but it puts you a step closer.
however...i think the biggest risk...nothing would stop you from easily identifying specific users in range with an IMSI catcher, interrogating the location based services, or performing man-in-the-middle attacks on those high profile subscribers using what is becoming more and more of low cost commodity equipment.
Without knowing the KI, it would be still difficult to clone any of these users, but it puts you a step closer.
however...i think the biggest risk...nothing would stop you from easily identifying specific users in range with an IMSI catcher, interrogating the location based services, or performing man-in-the-middle attacks on those high profile subscribers using what is becoming more and more of low cost commodity equipment.
res1233
macrumors 65816
BUT, the problems will be mitigated if it ever happens again, because it obviously won't happen with every carrier at the same time.
I'm going to assume that if apple were to end exclusivity with AT&T, had Verizon and Sprint as carriers, and the same thing happened, the worse that would happen in most cases from Apple's standpoint is people would switch carriers, the way it stands now, if people don't want to risk AT&T's security, they have to stop using Apple products in the process.
Such is the problem with exclusivity.
EDIT:
Also, it's interesting to note that a quick www.gizmodo.com visit turns up tons of links referring more to AT&T than Apple, in fact, one of the headlines says that the leaks isn't something most people have to worry about... Makes you wonder about the macrumors guy who posted the link to that specific story.
EDIT2:
oh, and here's the link http://gizmodo.com/5559586/should-i-worry-about-the-apple-ipad-%252B-att-security-breach-probably-not
spydr
macrumors 6502
It is a security breach alright — would you please care to explain how it is Apple's and not AT&T's?
You mean AT&T was not even supposed to have access to these information on their servers for someone to walk in and steal?
PS: Nevermind! I see the title was from Gawker! What else to expect from scumbags?!
Hal Itosis
macrumors 6502a
chrisandersen
macrumors 6502
I noticed almost immediately after getting my 3G Ipad that my spam increased 10 fold. Thought it was something else I did.
macswitcha2
macrumors 65816
Do you still have something to be concerned about if you have not set up email?
Full of Win
macrumors 68030
Sadly, this will be the only time in my life when I can say that I am in pretty elite company.
Best comment of this thread so far.
Mark Booth
macrumors 68000
Why pay in full? Unsubsidized 32GB iPhone 4 = $699. Subsidized 32GB iPhone 4 @ $299 + $325 early termination fee = $624.
Mark
Old Smuggler
macrumors 6502a
I'm Lovin it!
Aldaris
macrumors 68000
And deal with AT&T customer service, no thank you.
I have a lengthy email conversation from their reps from last June discussing tethering and MMS, the fact being that RIM devices already had the services, etc. Point being that $76 is worth not having to deal with them more than I have to.
Gawker go to Jail
Anyone else notice that Gawker isn't properly redacting the info on its site. Anyone with half a brain could rebuild the info to get sensitive emails so gawker is as guilty of a security breach as AT&T.
Funny how these days if a criminal is involved in a story so is Gawker.
Hey Ryan enjoy that visit from the NSA.(shield laws? we don't need no stinking shield laws. We're the Fraking NSA.)
PS you might want to ask your lawyers about libel laws also. It seems you may have forgotten about them.
Anyone else notice that Gawker isn't properly redacting the info on its site. Anyone with half a brain could rebuild the info to get sensitive emails so gawker is as guilty of a security breach as AT&T.
Funny how these days if a criminal is involved in a story so is Gawker.
Hey Ryan enjoy that visit from the NSA.(shield laws? we don't need no stinking shield laws. We're the Fraking NSA.)
PS you might want to ask your lawyers about libel laws also. It seems you may have forgotten about them.
Correction
There not a security group there a Hacker group with security in the name. They did not find a security flaw they exploited it and gave the info to other hackers before telling AT&T. They are criminals and I have no doubt that Gawker has involved improperly also.
There not a security group there a Hacker group with security in the name. They did not find a security flaw they exploited it and gave the info to other hackers before telling AT&T. They are criminals and I have no doubt that Gawker has involved improperly also.
Some common sense
At least some people have some common sense.
http://www.tuaw.com/2010/06/10/dont-blame-apple-for-atandts-security-ineptitude/
TUAW: Dont Blame Apple for AT&T's Security Ineptitude
At least some people have some common sense.
http://www.tuaw.com/2010/06/10/dont-blame-apple-for-atandts-security-ineptitude/
TUAW: Dont Blame Apple for AT&T's Security Ineptitude
aprilfools
macrumors regular
I am an iPad+3G customer and I activated my account with at&t about three weeks ago. This morning I went to an at&t store, brought my iPad with me and told them I wanted a new sim card. They knew nothing about what happened. They were clueless. They would not give me a new card unless I gave them $15. they told me the sim card in my iPad has nothing to do with anything but the ability to connect wirelessly. I left without a new card. I got home and called at& t customer service. at least customer service they was aware of the problem, but they also told me the same thing... the card has nothing to do with any of this and that the sim card is not unique to each device.
Why is most here at mac rumors suggesting to get a new sim card? do any of you know something that at&t isn't telling about the sim card?
Why is most here at mac rumors suggesting to get a new sim card? do any of you know something that at&t isn't telling about the sim card?
GamecockMac
macrumors 6502a
For the most part AT&T is right about the only use for the sim id is to try and exploit the security hole we are talking about now. And truthfully a new card would just have a higher serial number. Sim card ID numbers are not encrypted in any way they list the industry "telecom", country and issuer along with a sequential serial number and a check digit. The only real issue brought up by the leak is someone might have the email address used to register it.
Fact is i bet most of those "sensitive" addresses are actually publicly posted. If I was a CEO I certainly wouldn't use my private email to register anything.
The sim ID itself is useless its the leaked emails that are the problem. A phisher could use them to send an email exploting the fact that he knows the address is of an iPad owner. Say pretending to be apple needing warranty info.
satcomer
Suspended
I went one further when Gawker git banned from CES I blocked them on every DNS server I have control over.
satcomer
Suspended
Associated Press has picked up the story...
Gawker's Headline: Apple's Worst Security Breach: 114,000 iPad Owners Exposed
AP's Headline: AT&T security hole exposes iPad users' e-mails
You tell me if there is any axe-grinding going on over at Gawker.
BTW, the AP story also said: "An Apple representative deferred requests for comment to AT&T."
+1 Good find!