RSS Alerts

Share

More services

Related Links

Related Stories

  • Details exposed for more than 100 000 Apple iPad owners
    A security breach has exposed the personal details of more than 100 000 US iPad owners, including senior company executives, military officials and top politicians.
  • iPad gets secure remote access for free
    Unlike the iPhone, there is every sign that the Apple iPad will be adopted by companies looking for alternatives to laptops and netbooks, but when it comes to remote authentication, iPad support is a bit thin on the ground. Until now, however, as Astaro has developed a secure remote access solution for iPad users.
  • Israel lifts Apple iPad ban
    Israel has lifted a ban on imports of Apple's iPad, which was imposed because authorities said the device's Wi-Fi system was incompatible with Israel's wireless standard.
  • Security community reacts to iPad
    Apple shipped its much-anticipated iPad over the weekend, and the security community has responded quickly. Not only have antivirus companies targeted it with product, but hackers have already jailbroken the iPad device.
  • AT&T hit by another data breach
    Within days of researchers from Goatse Security finding a flaw in AT&T's website that exposed the e-mail addresses of over 100 000 iPad users, AT&T account information is being leaked.

Top 5 Stories

News

FBI investigates Goatse's harvesting of iPad user e-mail addresses

11 June 2010

The FBI is looking into whether security researchers broke the law in conducting tests that exposed an iPad security flaw.

The researchers from Goatse Security were able to access the e-mail addresses of 114,000 users of the 3G iPad because of a flaw in the website of iPad US carrier AT&T.

Goatse Security found a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries.

The group wrote an automated script to repeatedly query the site and harvest the addresses of iPad users in the US, including top company executives, government officials and military officers.

The FBI is investigating how private information about iPad users was compromised and whether the actions of the researchers constitute a crime, according to US reports.

US law prohibits the unauthorized access of computers, but it is unclear whether the script used by Goatse Security qualifies.

Goatse Security maintains there was no illegal activity or unauthorized access involved and said in a blog post that although it did not contact AT&T directly, it made sure the company was tipped off.

The security vulnerability was fixed before it was publicized, all the private user information gathered was destroyed, and no remuneration was received, the group said.

"This disclosure needed to be made. iPad 3G users had the right to know that their e-mail addresses were potentially public knowledge so they could take steps to mitigate the issue (like changing their e-mail address). This was done in service of the American public," the group said.

According to Goatse Security, there was no breach, intrusion or penetration because all data was gathered from a public webserver with no password, accessible by anyone on the Internet.

“The FBI is aware of these possible computer intrusions and have opened an investigation to address the potential cyber threat,” FBI spokesman Jason Pack told Reuters.

AT&T, which launches the iPhone 4 on June 24, said only e-mail addresses were exposed to hackers who identified a security weakness. It said it has corrected the flaw, but declined to comment on the FBI probe.

This story was first published by Computer Weekly

This article is featured in:
Compliance and Policy  • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012