June 10, 2010 – Gawker.com reported, a vulnerability in AT&T’s web server security enabled hackers to gain access to over 114,000 Apple iPad 3G owners email addresses including CEOs, military officials and top politicians.
The 3G iPads use a SIM chip located inside the device to connect to AT&T’s wireless network. Each SIM chip has a unique identifier know as the ICC ID. The hackers were able to obtain some of these IDs from embedded information in pictures posted on Flickr and other internet sites and through friendly associates who own iPads and were willing to share their ID information.
Based on those IDs the hackers were able to guess a large number of ICC IDs and wrote a PHP script that would send an iPad-style request to AT&Ts servers which automatically returned the email addresses associated with the IDs. The breach was reported to AT&T and they quickly closed the security hole.
A member of the group that exploited the hole told Gawker that they shared the script with third-parties prior to AT&T closing the security hole, so it’s not known exactly whose hands the exploit fell into and what those people did with the names they obtained. It’s likely more than the 114,000 accounts may have been compromised.
AT&T issued the following statement on Wednesday:
“This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained.”
At very least, AT&T exposed a large number of email addresses associated with some very high profile and everyday people. There are some concerns that knowing these ICC IDs may make it possible to spoof the device on the network or exploit them in some other way.
If you own an Apple iPad 3G you may want to contact AT&T to obtain a new SIM card and change the email address associated with your account. If your email was compromised AT&T should be contacting you to discuss the next steps. Unfortunately if your email address is out in the wild you may suddenly be hit with an extra amount of SPAM. Just be careful clicking on any links or responding with any critical information. If you think the message may be legitimate, call the company directly to discuss the issue, don’t respond through email.
Note: This issue only effected Apple iPads with 3G, it does not effect iPads with Wi-Fi only.
–
*The Current Photographer website contains links to our affiliate partners. Purchasing products and services through these links helps support our efforts to bring you the quality information you love and there’s no additional cost to you.
Founder of Current Photographer, co-host of The Digital Photography Cafe Show, Designer, Photographer, and overall tech geek.