by Michael Rose (RSS feed) on Jun 9th 2010 at 7:30PM
Unfortunately for AT&T’s security infrastructure — and equally unfortunately for customers who bought and activated iPad 3G units on the company’s network — a freelance security research team has reportedly scraped two key tidbits of information from thousands of iPad registrations. As Gawker reports, the hackers exploited a script on AT&T’s site by feeding it ICC-IDs (the GSM SIM card’s identifier code) harvested from iPad user screenshots and interpolated to cover a wider range. The AT&T site obligingly gave back the email address associated with each of the ICC-IDs.
While there’s no specific security risk associated with the pairing of ICC-ID and the email address of a subscriber — other than the likelihood of spam or the possibility of phishing — it’s still a bad, bad thing to be giving away customer data out the front door. How many pairs of IDs and emails did the gang at Goatse Security (yes, that’s their name) manage to collect before AT&T became aware of their activities? About 114 thousand….
READ THE FULL ARTICLE BY CLICKING HERE!!!
found your site on del.icio.us today and really liked it.. i bookmarked it and will be back to check it out some more later
Terrific work! This is the type of information that should be shared around the web. Shame on the search engines for not positioning this post higher!