Credit: Gawker.com

On June 9, 2010, Gawker broke an exclusive story that an indivdual at Goatse Security was able to trick an AT&T Web site into disclosing thousands of e-mail addresses of iPad owners. Of the 114,000 users some of these addresses included dozens of CEOS, Military and politicians as well as high powered indivduals in various areas of business including politics, finanace and media. This is lax in user security by AT&T is a little disturbing. If this information had been used rather than brought to the attention of AT&T what would have been the outcome?

“In an interview with CBS News, Goatse analyst Jim Jeffers said “There is this identifier, it’s called an ICC-ID (Integrated Circuit Card Identifier) and it’s present on every SIM card on every cellular phone and it’s used as an authentication token. That means it would be sent to AT&T Web site and that’s how AT&T recognized you as who you were and it would spit out your personal information in the form of your email address. One of the members of our organization figured out, well why not just step through these and with the help of some additional data that was recovered they were able to successfully predict these identifiers form the iPad 3G and retrieve a very large chunk of personal information.” – Taken from CNET.com see the rest of the article here

In an interview with CBS and CNET Larry Magid, Goatse Security’s Jim Jeffers disclosed that typically when you harvest information you don’t get anyone of interest but this was a list of high-profile indivduals. With this information, hackers would be able to target iPad users to “sniff traffic and even act like the iPad user”. This vulnerablity was identified by an employee at Goatse that is an iPad 3G user and Jeffers went on to say that the vulnerability could be noticed by “anyone with a mind for security”. Although AT&T said that only e-mail addresses were compromised, Jeffers sais that the breech “was almost discovered by accident. One of our employees is an iPad 3G subscriber and he noticed it in the process of the normal user experience of this device. It was something he just noticed as he was using it.”

Currently, personal data and internet security is a large concern due to the fact that so much personal information can be found about a person on the internet. Starting from Facebook pages, online bank accounts, large amounts of confidential correspondence in e-mail accounts, online credit card statements, etc. keeping your indentity safe is extremely important.

After the iPhone 4G Leak I was a little irked at Apple but this is pretty ridiculous. I know it is not technically Apple since AT&T allowed the information to be leaked but Apple trusted AT&T to keep their iPad users’ information safe and they failed. Epic Fail AT&T.