Wednesday, June 9, 2010

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

I just saw the Apple's Worst Security Breach: 114,000 iPad Owners Exposed post on Valleywag. It sounds like this is an AT&T SNAFU, but, even if it is, it won't bode well for Apple.

Key points from the article

AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise. This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple.

Then there's the question of whether any damage can be done using the ICC IDs. The Goatse Security member who contacted us was concerned that recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID. Two other security experts we contacted were less confident in that assessment. Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been "vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID... as far as I know, there are no vulnerability or exploit methods involving the ICC ID."

No comments: