“Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking,” Ryan Tate reports for Gawker.
MacDailyNews Take: Gawker owns Gizmodo, which may or may not explain why Tate tries to claim that Apple has suffered an embarrassment when it was AT&T’s security that was breached.
Tate continues, “The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.”
MacDailyNews Take: Again, Gawker owns Gizmodo, which may or may not explain why Tate maladroitly drops in the non-sequitur about how an “Apple employee lost an iPhone prototype in a bar.” It may also explain his use of the word “lost” as opposed to “stolen and fenced.”
Tate continues, “It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.”
“Goatse Security obtained its data through a script on AT&T’s website, accessible to anyone on the internet,” Tate reports. “When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application.”
Tate reports, “Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It’s unclear of AT&T has notified Apple of the breach… Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been “vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID… as far as I know, there are no vulnerability or exploit methods involving the ICC ID. Another expert, white hat GSM hacker and University of Virginia computer science PhD Karsten Nohl, told us that while text-message and voice security in mobile phones is weak “data connections are typically well encrypted… the disclosure of the ICC-ID has no direct security consequences.”
Full article here.
MacDailyNews Take: Yet another screw up by AT&T used by Gawker to smear Apple. Wholly unsurprising.
[Thanks to MacDailyNews Readers “Fred Mertz” and “Steve” for the heads up.]
What happened to the security at the Los Angeles Airport?
Just Curious:
How about market manipulation by dissemination of deliberate FUD aka. :
Distort and Short.
Gawker’s sour grapes for Gizmodo’s WWDC snub by Apple.
Insecurity via obscurity. Niiiicccccce.
From now on bing and decide. http://www.bing.com
It is my understanding that whenever a company has had compromised security that releases customer data – they are required to let customers know about the potential breach. If it is “just” email addresses the breach might be too narrow.
Gawk..gawk..gok..gawk..gaaawk
Blame it on the Internet that has brought us all these “journalist” that take time out and one hand out of their pants, to bring us this.
Shameless jerks!
You have to read down to the 5th paragraph to before there is a sentence stating, “AT&T;closed the security hole in recent days” indicating this is AT&T;’s security problem, not Apple’s.
I read this as a deliberate smear on Gawker’s part, and another lesson on why bloggers are the not the same as journalists.
Wait a minute, wait a minute…
Goatse Security?!?!
That’s got to be some kind of a joke, right?
Hey MDN,
Have you considered adding an “Edit” button so we can fix typos? I’m still getting used to a new keyboard. ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Islandgirl:
I second that.
Wireless Test Man
Do you actually know what you’re talking about????
iPad is sold UNLOCKED. You can put ANY SIM card from ANY carrier (US or other) and use it on whatever data plan you choose.
Apple had made one of many carrier agreements with AT&T to make cheap data-only (i.e. voiceless) plans available to US customers. By no means are they locked in or tied to AT&T. T-Mobile will likely be more than happy to sell you a micro SIM card and a data plan for the iPad.
Islandgirl:
…Second both your posts.
How did Gawker get this information?
Who gave them details?
How did they get the info so quickly?
Something is fishy.
Just read the article.
Gawker people know the Goatse hackers.
Sounds like someone is in a heap of legal problems to come.
@singidunum,
You’re right; the iPad is sold unlocked. In the US, you can use any carrier you’d like, as long as it’s AT&T;. This was a hardware design decision of the iPad by Apple.
With MAXroam’s New SIM, You Can Kiss AT&T;Goodbye And Head To Europe With Your iPad:
http://techcrunch.com/2010/05/14/maxroam-micro-sim-ipad/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Techcrunch+(TechCrunch)
@wireless test user: Jump already, and do us a favor, stay off the wagon for good…
I wonder if my info was included?… I feel so violated…
I’m not a politician or a famous actor. I’m not some military type in charge of State secrets, nor am I super rich. I’m just a ‘FaceTime’ in a crowd…
If I was included amongst that group whose accounts were leaked, attention all hackers evil intent… you will be greatly disappointed with what you find. It will be reminiscent of Geraldo Rivera making a big stink about opening up Al Capone’s vault and with film crew in tow finding only a couple of old, dusty, empty glass bottles and some trash paper. Sorry to burst your bubble.
Every compromised account gets their money back (free iPad). Apple pays the money up front and then collects from AT&T;- if they bitch they’re screwed.
Macslut:
What part of T-Mobile do you not understand? While US is not exactly world famous for its GSM carriers, it DOES have two national ones, so you do have a real practical choice.
Big deal, if you use your email address for any amount of time, it will make it to a list that’s sold and the spiral continues.
I tried to post a response to the Gawker article but received a message to the effect that
“my response may appear within a day if approved”.
Nice, they get to sham Apple for their own ulterior motives, and filter reader responses.
Perhaps Gawker should have a lawsuit of his own!
@singidunum,
What part of 1700/2100 MHz do you not understand?
If you consider it a “practical option” to use 1900 MHz Edge connectivity-only on a relatively small national network that’s being phased out, well then, ok have at it. However for actual 3G connectivity on the iPad 3G, you have no choice in the US but to go with AT&T;.
Here is a question.
If the recommendation is to turn off 3G for now to protect yourself.
What happens when you reactivate it? Do you lose your unlimited data plan? WIll you be put on a metered plan?
Gawker wrote their own death. Just wait and see Apple Legal response to this defamation.
The iPhone 4 screen claim is another one.
THey will be shut down in a year.
Freedom of speach , freedom of information is one thing.
Lying and spreading false information, buying stolen property so that you make money off of it is another.
Gawker will be shut down son. Good Riddance!