AT&T iPad Security Breach: Big Deal?
AT&T was hacked, leaking out 114,000 ICC IDS (SIM card identifiers) with attached e-mail addresses. Everyone is up in arms about privacy and wondering how in the world this happened. And some media folks are attacking AT&T for downplaying the security break, which involved Apple’s iPad. But what’s the big deal, really? Here’s a reality check.
- Hacker group Goatse Security ran scrips on AT&T’s Servers and extracted ICC IDS and associated e-mail addresses
- Turns out there’s a lot of important people in those 114,000 ranging form Michael Bloomberg, the NY Times’ CEO and other elites to military personnel in DARPA.
- AT&T has fixed the hole, apologized, and pointed the blame at the AT&T sign in page on the iPad while seriously downplaying it.
So why is everyone freaking out? In this blogger’s opinion, there’s really nothing you can do with an ICC IDS number. One anonymous member of Goatse Security alluded that it could be used to spoof ICC IDS numbers, but the general consensus on the ‘net with experts on GSM is a big ‘not really.’
The NY Times, however, brought some experts on to say that it was possible to use the ICC IDS number to figure out a location of an iPad — but realistically, that’s a number that would invariably be changing. A careless tweeter on an iPad 3G could give up the precise location of his house, which has much bigger implications than a lone hacker trying to reverse-look-up and ICC IDS to an iPad’s position.
But then of course, there’s the issue of e-mail addresses. There’s no doubt that this is a serious privacy concern. The e-mail address is personal.
But at what extent is there to worry about this e-mail exposure? If you’re a VIP, no doubt, you’d rather not have a flood of spam in your inbox, but that’s something you can fix with filters. If you’re the average Joe, I’d say you’d have nothing to worry about, even a little. I can say personally, that if my e-mail address was on that list, I wouldn’t give a care in the world. Our of 114,000 e-mails, there’s far more important names for malicious hackers to play with.
The point remains, however, that security is a serious issue, and any breach of security in a company that contains sensitive and private information is inexcusable. In that respect, shame on AT&T. At least they confessed and fixed it. But should we all be up in arms? Take this situation as a cautionary tale and relax in the fact that far more personal data wasn’t exposed. That doesn’t mean AT&T gets a free pass, but everyone (especially the media) needs to calm down. More people have your e-mail address than you think. Why do you think you get spam in the first place?