AT&T’s problems are no longer just network related. June 9, 2010 brought the news that Goatse, Security found a bug in AT&T that allowed the security group to violate the privacy of 114,000 people who have bought an iPad 3G. According to Gawker.com, Goatse personnel exposed the email addresses and network ID numbers of potentially all iPad users, but 3G users especially. This breach in privacy reportedly happened on Monday June 7 2010 and was patched the next day after someone tipped off AT&T to the problem.
How it Happened
Goatse members hacked into AT&T’s system using the ICC-ID (integrated circuit card identifier) bug as a base, then using AT&T’s publically accessible website script and guessing the SIM IDs of people. The people for whom they happened to guess the IDs for allowed them to access various email addresses belonging to some high-ranking officials and other notorious business account holders. Some of these include the United States Military, Google, Amazon and other high profile business customers, including some from the White House, among others. AT&T states they are thinking about emailing their affected customers to let them know there was a possible breach in privacy.
But Steve Jobs Said…
The privacy breach comes just two days after Steve Jobs claimed that Apple took their customer’s privacy seriously while being interviewed at the D8 conference. This statement by Jobs went so far as to say they (Apple) expect all partners, developers and any other company associated with the iPad and Apple itself, to get permission from the users before using or giving away any information. Additionally, he also stated that he and Apple would not make any of the mistakes other companies had made in the past with their users’ privacy.
AT&T’s Current Problem
Now, AT&T has a big mess to clean up. Not only do they have to deal with the privacy mess created by privacy controls and server security that were weak to begin with, but they are also left to deal with the backlash that could arise from this event. For example, because Goatse downloaded 114,000 emails, doing so showed the world the possibility of hackers having access to potentially all emails associated with iPad customers. AT&T still has no idea how many emails were exposed and open to exploit by anyone.
AT&T and Apple customers are left to wonder if the mess has affected them, however AT&T said, when the problem was first reported, that because only email addresses were exposed, the damage is limited. However, customers, as of the time of this writing, have yet to be notified by AT&T or Apple. Currently, the FBI is investigating the matter and looking into exactly how many accounts are affected-meaning AT&T still does not know.
What Does the Future Hold?
Since AT&T is the only carrier of Apple products in the United States, this newest problem does not bode well. AT&T is already fighting an uphill battle with the iPhone 3G and 3GS concerning network problems that AT&T admitted to in December of 2009 and Apple’s iPad Wi-Fi is on its way. This breach breaks the privacy trust customers have with Apple, especially considering the privacy faux pas at D8committed by Mr. Jobs.
While the iPad 3G has sold millions of those units, the need to use AT&T as a carrier might now limit sales of the Wi-Fi version to come. This might just be the motivation that Apple needs to change carriers. If they do so, as they were thinking about allowing Verizon to carry iPhones late last year, it would make life easier for all involved, customers and partners of Apple alike. It would also guarantee the annihilation of AT&T as well.
Gawker: Apple’s Worst Security Breach, 114,000 iPad Owners Exposed
Gawker: AT&T Fight Spreading Fear
Brennon Slattery, “FBI Investigation, A FAQ’s” PC World
Miguel Helft, “AT&T said to expose iPad users email addresses,” New York Times