[ISN] Apple's Worst Security Breach: 114,000 iPad Owners Exposed

From: InfoSec News <alerts_at_private>
Date: Thu, 10 Jun 2010 01:27:04 -0500 (CDT)
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

By Ryan Tate
Gawker.com
June 9, 2010

Apple has suffered another embarrassment. A security breach has exposed 
iPad owners including dozens of CEOs, military officials, and top 
politicians. They.and every other buyer of the cellular-enabled 
tablet.could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an 
iPhone prototype in a bar, exposed the most exclusive email list on the 
planet, a collection of early-adopter iPad 3G subscribers that includes 
thousands of A-listers in finance, politics and media, from New York 
Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul 
Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White 
House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web 
security group that exploited vulnerabilities on the AT&T network, we 
believe 114,000 user accounts have been compromised, although it's 
possible that confidential information about every iPad 3G owner in the 
U.S. has been exposed. We contacted Apple for comment but have yet to 
hear back. We also reached out to AT&T for comment. [Update: AT&T has 
confirmed the breach; an update appears below.] A call to Rahm Emanuel's 
office at the White House has not been returned.

The specific information exposed in the breach included subscribers' 
email addresses, coupled with an associated ID used to authenticate the 
subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for 
integrated circuit card identifier and is used to identify the SIM cards 
that associate a mobile device with a particular subscriber.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Wed Jun 09 2010 - 23:27:04 PDT

This archive was generated by hypermail 2.2.0 : Wed Jun 09 2010 - 23:31:06 PDT