iPad / AT&T vulnerability leaks email addresses... who is to blame?

Mike Halsey MVP
Jun 10, 2010
Updated • Dec 7, 2012
Mobile Computing
|
0

Hackers have exploited a vulnerability on AT&T's US network when iPad users authenticated themselves online that has allowed them to gain access to a list of 114,067 email addresses belonging to owners, it has been reported by gawker.

The group, calling themselves Goatse Security harvested the data using nothing more than a PHP script and are now in possession of some very high profile people's contact details which include celebrities, white house officials and high ranking military officers.

So who is responsible for this, Apple or AT&T?  To be honest it's going to be a bit of both and questions need to be asked why the hashing technique, common for exchanging passwords online, hasn't been implemented here.

Hashing runs your password through a cipher that scrambles it.  It's a one-way cipher so that the password can never be unscrambled.  A similar cipher scrambles the password on the authenticating computer and then both of these 'hash codes' are compared.  The reason for doing this is so that no password is ever put in the open where it can be intercepted.

This is clearly what happened with the iPad hack and it will come as a blow to Apple's reputation for developing secure operating systems, the iPad OS is based on the same Unix code as their OS X desktop and server operating systems after all.

It remains to be seen if and how quickly a firmware update will be rolled out by Apple to encrypt sensitive data as it's broadcast over 3G and other wireless networks to authenticate users.  AT&T also have questions to answer on whether this technique can be used to gather sensitive data from any other devices on their network.

Fortunately the hackers notified AT&T of the breach so they could close the hole and came clean about the hack.  The next group of hackers might not feel so benevolent.

Advertisement

Related content

Android PC emulator

Android on Windows: the best emulators for gaming

Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones
Android 14 QPR beta

Google may delete (purchased) apps from your Android devices
Streaming

Adblocker for TV - AdGuard is available for Android TV: here is how it works
Authy authenticator apps for desktop are being discontinued in August 2024

Authy authenticator apps for desktop are being discontinued in March 2024
Passport

Important files will be gone in February 2024 when Google removes them from Files for Android

Tutorials & Tips

iMessage signed out error: How to fix it

Can you use Threads without Instagram?

TikTok not working? Don't panic, here's what to do

How to check someone's Threads following list


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved