AT&T Explains iPad Security Breach
On Sunday evening, AT&T sent an e-mail message to owners of the Apple 3G iPad notifying them of a security breach that was publicized early last week. The message, sent by Dorothy Attwood, a senior vice president and chief privacy officer at AT&T, explained that a number of iPad 3G owners e-mail addresses, along with a private identification number known as an ICC-ID, were made public through a breach in AT&Ts Web site. The company also apologized for the security error.
On June 7 we learned that unauthorized computer hackers maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad called the integrated circuit card identification (ICC-ID) and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.
The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.
Comments are closed.