5G Technology World

  • 5G Technology and Engineering
  • FAQs
  • Apps
  • Devices
  • IoT
  • RF
  • Radar
  • Wireless Design
  • Learn
    • 5G Videos
    • Ebooks
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Handbooks
    • 2024
    • 2023
    • 2022
    • 2021
  • Resources
    • Design Guide Library
    • EE World Digital Issues
    • Engineering Diversity & Inclusion
    • Engineering Training Days
    • LEAP Awards
  • Advertise
  • Subscribe

AT & T, Goatse Argue Over iPad E-Mail Leak

By Staff Author | June 14, 2010

AT&T and Goatse Security are exchanging barbs over the public disclosure of a security flaw in AT&T’s Web application for the iPad 3G.

The leak exposed the e-mail addresses and ICC IDs of more than 100,000 customers, including top-ranking government officials, and has prompted an investigation by the FBI.

In a letter to customers sent by the company’s chief privacy officer, Dorothy Attwood, AT&T went on the offensive, slamming the group that disclosed the leak as a group of “computer hackers” who “maliciously” exploited a function on the carrier’s authentication page that made the iPad log-in process faster. 

The carrier also claimed the group that exposed the flaw “went to great efforts” to extract ICC IDs and their associated e-mails.

In a statement, Goatse Security analyst Escher Auernheimer refuted AT&T’s statement, claiming the carrier failed to notify the public about the problem in a timely manner after being notified by “third parties.”

“AT&T had plenty of time to inform the public before our disclosure. It was not done,” Auernheimer said. “Post-patch, disclosure should be immediate – within the hour. Days afterward is not acceptable. It is theoretically possible that in the span of a day (particularly after a hole was closed) that a criminal organization might decide to use an old dataset to exploit users before the users could be enlightened about the vulnerability.”

AT&T said last week it was notified by a “business customer” of the security flaw on Monday, June 7, and fixed the problem by Tuesday, June 8. Attwood’s letter claims AT&T disabled the Web application’s ability to automatically populate e-mail addresses “within hours” of becoming aware of the situation.

Goatse Security said it notified “third parties who subsequently notified” AT&T before leaking the information of the security breach to Gawker.com, which broke the story on June 9. AT&T confirmed to the media that there was a security breach after the story broke and sent customers a letter about the issue on Sunday, June 13.

Auernheimer also took issue with AT&T’s claims that Goatse Security’s hack of the iPad Web application was malicious and that it “went to great efforts” to discover the security flaw.

“…the finder of the AT&T e-mail leak spent just over a single hour of labor total (not counting the time the script ran with no human intervention) to scrape the 114,000 e-mails,” he said. “(There) was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist and destroyed the data afterward. We did the right thing, and I will stand by the actions of my team and protect the finder of this bug no matter what the cost.”

Auernheimer’s claim that it took just an hour to discover the flaw in AT&T’s Web application is in line with the views of mobile security researchers who told Wireless Week that the security hole could have been easily avoided with better testing of AT&T’s Web applications.


Filed Under: Devices

 

Next Article

← Previous Article
Next Article →

Related Articles Read More >

High-directivity couplers optimized for 225 – 750 MHz applications
Integrated into IoT devices, iSIM poised to make inroads
Triple-radio and multiprotocol MCUs add application processors
5G vectors
How RedCap fits into 5G and IoT

Featured Contributions

  • Overcome Open RAN test and certification challenges
  • Wireless engineers need AI to build networks
  • Why AI chips need PCIe 7.0 IP interconnects
  • circuit board timing How timing and synchronization improve 5G spectrum efficiency
  • Wi-Fi 7 and 5G for FWA need testing
More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE LEARNING CENTER

EE Learning Center
“5g
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

Engineering Training Days

engineering
“bills
5G Technology World
  • Enews Signup
  • EE World Online
  • DesignFast
  • EDABoard Forums
  • Electro-Tech-Online Forums
  • Microcontroller Tips
  • Analogic Tips
  • Connector Tips
  • Engineer’s Garage
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • About Us
  • Contact Us
  • Advertise

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy

Search 5G Technology World