Security Breach Could Potentially Locate iPad Owners

AT&T bug that made subscriber information public could be more serious

View Comments (
)
|
Email
|
Print

    NEWSLETTERS

    TK
    It turns out that the security breach affecting iPad 3G owners could be potentially more serious then at first believed.

    While AT&T has downplayed the breach of a security loophole that exposed the email addresses of thousands of Apple iPad 3G owners, it turns out that the associated SIM card IDs could be more vulnerable than once believed.

    The ICC-ID, which was randomly generated and plugged into an AT&T website for service subscribers to reveal the associated emails, could potentially be used to locate a user.

    If a hacker knew the proper code, or "hash," they could use the ICC-ID to determine the much more sensitive IMSI number, which is what service providers use to bill customers and law enforcement uses to tap transmissions and locate users.

    Even if armed with an IMSI number, a hacker would have to also have some access to the underlying cellular network, companies with such access include text message marketers, through which they might be able to connect to subscriber databases and transmission logs.

    Of course, this is all theoretical, and it's assumed none of the email accounts of ICC-IDs have actually been compromised to this degree so far, and AT&T has downplayed the risk and fixed the original vulnerability.

    But it's a much more frightening scenario than the simply the initial email revelations, which included emails that were likely private accounts maintained by everyone from the New York City Mayor Michael Bloomberg and White House Chief of Staff Rahm Emmanuel.

    AT&T has agreed to provide a new SIM card -- and associated ICC-ID -- to any existing iPad 3G customers who demand one.

    Jackson West recently checked in on Foursquare, just in case any hit squads were looking for him.