iPad / AT&T vulnerability leaks email addresses... who is to blame?
Hackers have exploited a vulnerability on AT&T's US network when iPad users authenticated themselves online that has allowed them to gain access to a list of 114,067 email addresses belonging to owners, it has been reported by gawker.
The group, calling themselves Goatse Security harvested the data using nothing more than a PHP script and are now in possession of some very high profile people's contact details which include celebrities, white house officials and high ranking military officers.
So who is responsible for this, Apple or AT&T? To be honest it's going to be a bit of both and questions need to be asked why the hashing technique, common for exchanging passwords online, hasn't been implemented here.
Hashing runs your password through a cipher that scrambles it. It's a one-way cipher so that the password can never be unscrambled. A similar cipher scrambles the password on the authenticating computer and then both of these 'hash codes' are compared. The reason for doing this is so that no password is ever put in the open where it can be intercepted.
This is clearly what happened with the iPad hack and it will come as a blow to Apple's reputation for developing secure operating systems, the iPad OS is based on the same Unix code as their OS X desktop and server operating systems after all.
It remains to be seen if and how quickly a firmware update will be rolled out by Apple to encrypt sensitive data as it's broadcast over 3G and other wireless networks to authenticate users. AT&T also have questions to answer on whether this technique can be used to gather sensitive data from any other devices on their network.
Fortunately the hackers notified AT&T of the breach so they could close the hole and came clean about the hack. The next group of hackers might not feel so benevolent.
Advertisement