Apple's Worst Security Breach: 114,000 iPad Owners Exposed

[El_Fiendo]

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

AT&T Fights Spreading iPad Fear

It appears to be AT&T's fault, but its hard to say how this will make an impact on the device's sales figures considering how early into its run it is. It's already creating a pretty big storm and backlash, though mostly directed at AT&T. As far as I know, Apple has yet to respond.

[Digikid]

Oy. Here we go again....

I think the worst that can happen is they get spammed.

[Lpfan4ever]

The article mentions something about the ICC IDs potentially being able to be used to find out the iPad's location. I'd say that's a bit more worrisome than spam, especially with the names that are on that list. It's probably highly unlikely, but the fact that it could be done should scare some of the iPad owners.

[El_Fiendo]

Quote:

Originally Posted by Digikid

Oy. Here we go again....

I think the worst that can happen is they get spammed.

I'm not looking to start drama, so nobody bring any.

The article says that the ICC-ID could be used for alot more than that, for instance the second article states they could be used to locate where that unit is currently. In the first article, they say it could be possible to spoof the device in question to intercept data going to it. Considering that some of the iPads in the list are registered to DARPA, and some to high ranking US officials of various armed forces, that could be very bad.

The only reason why some people say its not much of a threat is because the ICC-ID hasn't been used prior to this to do any wrong doing. The thing to ask is do Canadian tele-com providers have the same security hole with their network and the iPad?

[chrisk]

This will happen more and more as these devices become popular.

[neohaven]

tl;dr : I blame shitty telecom account pages.

More to the point, I blame all the web-facing services @ AT&T. There's an exploit that was used to get access to all the AT&T registration data, which is shared between Apple and AT&T for their common customers. Nothing to see here, just a normal AT&T breach. Still sad, though, especially since it affects iPad customers (and not only them, actually) I don't even see what this actually has to do with Apple.

The thing is, AT&T wanted to help it's customers with viewing their account details; all they really had to do was enter the number behind their SIM card, and (because of some executive's decision) it showed you the email address of the person who registered the card. What way, all you had to do was enter your password.

Some wiseguy (read : pretty much anyone) realized that the SIM cards were given sequentially (ie. if your number ends with 901234, there probably is a card with 901233 and another with 901235. (Sequential numbers are a huge problem. They should be unique and random, much like UUIDs.)) which brings us to that other email thing. Apple didn't get a security breach here. Apple has it's problems, but the AT&T website is not one of them. :3

EDIT : Note the guys didn't hack anything. They just searched around without breaking any locks. They'd have to do some cracking to get anywhere where you could intercept data or do anything with those numbers. The problem with the numbers is mostly that it was publicly linkable to personal stuff. As soon as you go into intercepting, it means quite something else.

[_dangtx_]

meh, itll be over soon. money talks. rich ppl with ipads may fear this more than the regular folks

[El_Fiendo]

Just noticed I placed this in the Mac general forum, not the iPhone / iPod one. Eh, oh well. I've had my coffee now, and if anyone cares enough about it they can mark it to have it moved. Edit: Thanks anonymous super mod man!

This does affect Apple though, because even if the fault is entirely AT&T's (which no one has said otherwise) this can and very likely will have an impact on the sales of these. As dangtx mentioned, it'll likely be the people with more to lose who reconsider it.

[Thund3rball]

When Apple says you must use X provider to use our device and customers have zero choice... than it damn will does matter to Apple. But ya, pretty lame on AT&T's part really. I actually read an article on Ars the other day talking about how insecure websites really are that hold our personal info. Nevermind the techno loopholes exploited by hackers... the fact that most people can't remember a password more complicated than "password", and "secure" websites aren't even using simple dictionary lookups to warn users about their lame password, is pretty scary. It often boggles my mind when a login system won't even let me use a special character in my password or converts everything to lowercase etc...

[belgolas]

This wont affect the sale much. EVERY device is venerable to all kinds of attacks. So if someone cares enough they wouldn't be using computers or any electronic in the first place.

And this isn't Apples fault. I don't blame the plastic manufacturer of my credit card when someone steals computers from the credit card's headquarters. So why would I blame Apple for something they have no control over. Same with people blaming Obama for the oil spill.