Major iPad Security Breach Exposes 114,000 Users’ Personal Data

Even as the spotlight is firmly focused on Apple’s shiny new iPhone 4, the iPad 3G is making headlines of its own, but for all the wrong reasons. A new security breach has been found that could leave the iPad 3G vulnerable to spam, malicious hacking, and it could also lead to exposing user’s personal data thanks to a gap in AT&T’s security.

The breach was discovered by the hacker group Goatsee Security, an online group that finds exploitable holes in technology and passes the information on to media outlets to get the word out. In this case, they sent Gawker the details of 114,067 users, all among the earliest of iPad 3G users.

The list includes celebrities like Diane Sawyer, business moguls like film producer Harvey Weinstein and CEO Janet Robinson, as well as political figures Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel. It also included several high ranking government officials from various branches of the military and the government.

Goatsee discovered the vulnerability through a script on AT&T’s website that would return an email address associated with a numerical iPad 3G ID. The script was accessible to anyone that knew what to look for. Goatsee then sent an iPad style “user agent” header into AT&T as a web request. The group then wrote a program to harvest data.

AT&T eventually closed the hole, but not before 114,067 users’ information had been harvested, and the script was shared to other third-party groups, so it is unknown who else took information or what they took.

The information that was accessible is in itself not harmful, but it does show gaps in AT&T’s security that can give hackers an open door to further attack users. Imagine if Rahm Emanuel’s personal email address reached a hacker with a grudge. In itself, it wouldn’t be enough to cause any damage, but it would be an opening. Plus whether or not the information hacked was vital is almost secondary to the lax security at AT&T that allowed hackers substantial access with relative ease.

The issue was with AT&T’s security, not Apple’s, but it can only further add to the growing chorus of people that are unhappy with AT&T’s service, which iPad is exclusively tied to. It also must raise concerns at Apple, who regularly boast about security. If AT&T proves to be vulnerable and the iPad- and perhaps all iDevices that use AT&Tis effected- it could cause serious issues between the two companies.

Editors' Recommendations