Go Back   Hardware Canucks > Mac, iPhone & iPod > iPhone & iPods

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old June 10, 2010, 09:53 AM
El_Fiendo's Avatar
Allstar
 
Join Date: Feb 2009
Location: Edmonton
Posts: 579
Default Apple's Worst Security Breach: 114,000 iPad Owners Exposed

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

AT&T Fights Spreading iPad Fear

It appears to be AT&T's fault, but its hard to say how this will make an impact on the device's sales figures considering how early into its run it is. It's already creating a pretty big storm and backlash, though mostly directed at AT&T. As far as I know, Apple has yet to respond.
Reply With Quote
  #2 (permalink)  
Old June 10, 2010, 10:05 AM
Digikid's Avatar
Banned
 
Join Date: Jan 2009
Location: Ontario
Posts: 1,731
Default

Oy. Here we go again....

I think the worst that can happen is they get spammed.
Reply With Quote
  #3 (permalink)  
Old June 10, 2010, 10:15 AM
Lpfan4ever's Avatar
Hall Of Fame
F@H
 
Join Date: Sep 2008
Location: Calgary
Posts: 2,755

My System Specs

Default

The article mentions something about the ICC IDs potentially being able to be used to find out the iPad's location. I'd say that's a bit more worrisome than spam, especially with the names that are on that list. It's probably highly unlikely, but the fact that it could be done should scare some of the iPad owners.
__________________
Quote:
Originally Posted by encorp
I don't know, maybe if you get a big enough compacticator you can put it in your butt and name yourself "sexbuttplug"...
Code:
<martin_metal_88> I think I am gonna sell my server
...
<firebane> i will offer pereniums mom
<firebane> slightly used
<Keltron> slightly is an understatement
<LPfan4ever> Who're you kidding...slightly?
<martin_metal_88> peri's mom, slightly used? lol...

Reply With Quote
  #4 (permalink)  
Old June 10, 2010, 10:17 AM
El_Fiendo's Avatar
Allstar
 
Join Date: Feb 2009
Location: Edmonton
Posts: 579
Default

Quote:
Originally Posted by Digikid View Post
Oy. Here we go again....

I think the worst that can happen is they get spammed.

I'm not looking to start drama, so nobody bring any.

The article says that the ICC-ID could be used for alot more than that, for instance the second article states they could be used to locate where that unit is currently. In the first article, they say it could be possible to spoof the device in question to intercept data going to it. Considering that some of the iPads in the list are registered to DARPA, and some to high ranking US officials of various armed forces, that could be very bad.

The only reason why some people say its not much of a threat is because the ICC-ID hasn't been used prior to this to do any wrong doing. The thing to ask is do Canadian tele-com providers have the same security hole with their network and the iPad?

Last edited by El_Fiendo; June 10, 2010 at 10:22 AM.
Reply With Quote
  #5 (permalink)  
Old June 10, 2010, 10:26 AM
chrisk's Avatar
Folding Captain
 
Join Date: Jul 2008
Location: GTA, Ontario
Posts: 7,401

My System Specs

Default

This will happen more and more as these devices become popular.
__________________
Fold for team #54196
Reply With Quote
  #6 (permalink)  
Old June 10, 2010, 11:41 AM
Rookie
 
Join Date: Jun 2010
Location: Montreal, QC
Posts: 10

My System Specs

Default

tl;dr : I blame shitty telecom account pages.

More to the point, I blame all the web-facing services @ AT&T. There's an exploit that was used to get access to all the AT&T registration data, which is shared between Apple and AT&T for their common customers. Nothing to see here, just a normal AT&T breach. Still sad, though, especially since it affects iPad customers (and not only them, actually) I don't even see what this actually has to do with Apple.

The thing is, AT&T wanted to help it's customers with viewing their account details; all they really had to do was enter the number behind their SIM card, and (because of some executive's decision) it showed you the email address of the person who registered the card. What way, all you had to do was enter your password.

Some wiseguy (read : pretty much anyone) realized that the SIM cards were given sequentially (ie. if your number ends with 901234, there probably is a card with 901233 and another with 901235. (Sequential numbers are a huge problem. They should be unique and random, much like UUIDs.)) which brings us to that other email thing. Apple didn't get a security breach here. Apple has it's problems, but the AT&T website is not one of them. :3

EDIT : Note the guys didn't hack anything. They just searched around without breaking any locks. They'd have to do some cracking to get anywhere where you could intercept data or do anything with those numbers. The problem with the numbers is mostly that it was publicly linkable to personal stuff. As soon as you go into intercepting, it means quite something else.
Reply With Quote
  #7 (permalink)  
Old June 10, 2010, 12:09 PM
Banned
F@H
 
Join Date: Aug 2007
Location: mtl
Posts: 12,694
Default

meh, itll be over soon. money talks. rich ppl with ipads may fear this more than the regular folks
Reply With Quote
  #8 (permalink)  
Old June 10, 2010, 12:26 PM
El_Fiendo's Avatar
Allstar
 
Join Date: Feb 2009
Location: Edmonton
Posts: 579
Default

Just noticed I placed this in the Mac general forum, not the iPhone / iPod one. Eh, oh well. I've had my coffee now, and if anyone cares enough about it they can mark it to have it moved. Edit: Thanks anonymous super mod man!

This does affect Apple though, because even if the fault is entirely AT&T's (which no one has said otherwise) this can and very likely will have an impact on the sales of these. As dangtx mentioned, it'll likely be the people with more to lose who reconsider it.

Last edited by El_Fiendo; June 10, 2010 at 12:40 PM.
Reply With Quote
  #9 (permalink)  
Old June 10, 2010, 12:42 PM
Thund3rball's Avatar
Hall Of Fame
 
Join Date: Nov 2007
Location: Vancouver
Posts: 3,526

My System Specs

Default

When Apple says you must use X provider to use our device and customers have zero choice... than it damn will does matter to Apple. But ya, pretty lame on AT&T's part really. I actually read an article on Ars the other day talking about how insecure websites really are that hold our personal info. Nevermind the techno loopholes exploited by hackers... the fact that most people can't remember a password more complicated than "password", and "secure" websites aren't even using simple dictionary lookups to warn users about their lame password, is pretty scary. It often boggles my mind when a login system won't even let me use a special character in my password or converts everything to lowercase etc...
__________________
"this is not troll. this is real deal!" - hohohee

Desktop:
See the drop down!

Laptop: Dell XPS M1530 \\ T7500 2.2GHz \\ 3GB 667 \\ 6 Cell \\ 8600M GT \\ 200GB 7.2K \\ WSXGA+ \\ Bluetooth/Wireless \\ MS Blue Track Mini \\ Vista Ult. (RED)


HEATWARE
Reply With Quote
  #10 (permalink)  
Old June 10, 2010, 06:51 PM
belgolas's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: St. Thomas Ontario close to london
Posts: 3,922

My System Specs

Default

This wont affect the sale much. EVERY device is venerable to all kinds of attacks. So if someone cares enough they wouldn't be using computers or any electronic in the first place.

And this isn't Apples fault. I don't blame the plastic manufacturer of my credit card when someone steals computers from the credit card's headquarters. So why would I blame Apple for something they have no control over. Same with people blaming Obama for the oil spill.
__________________

Sponsor a child!
Fight poverty.

Qoute by Perineum
"ID10T. I just BETCHA he's got 9 toolbars on his web browser right now."
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Asus, MSI Showcase Apple iPad Rivals Arinoth Reviews & Articles from the Web 58 June 4, 2010 06:29 PM
XFX Security Breach Results in Loss of Limited Edition Video Card FiXT Video Cards 18 April 25, 2010 07:52 PM
Apple Announces iPad Tablet FiXT Press Releases & Tech News 133 February 8, 2010 05:17 PM
Apple Ipad Killer The U1 Hybrid iPad from Lenovo Death_Adder Press Releases & Tech News 6 February 5, 2010 05:25 AM