Apple's iPad Breach Raises Alarms

A security hole in AT&T's phone system has exposed the e-mail addresses of more than 100,000 Apple iPad users. And not just any users — many on this list are well-known names in government, entertainment and the media. Melissa Block talks to Ryan Tate, who first reported the story on the website Gawker.

Copyright © 2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MELISSA BLOCK, host:

AT&T has apologized for a security breach that exposed the email addresses of 114,000 owners of 3G Apple iPads. Those affected are early iPad adopters and powerful ones, including New York City mayor Michael Bloomberg, ABC's Diane Sawyer, military personnel, business executives and on and on.

The iPad breach was committed by a hacker group called Goatse Security, which says it aims to expose security vulnerabilities. That group in turn contacted Ryan Tate with the website Gawker, which then it broke the story. And Ryan Tate, how did the hackers do it?

Mr. RYAN TATE (Reporter, Gawker): The hackers were able to access a script wide open on AT&T's Web servers that allowed them to submit some IDs and get back some email addresses of some very powerful people.

BLOCK: And once they got those email addresses, what would that allow them to do?

Mr. TATE: At the very least they'd be able to spam and try to trick AT&T users. There's also been some talk that the network ID information they obtained could be used to potentially hijack, impersonate or eavesdrop on data connections. There's disagreement among experts on this issue, but there are several who say that it is possible if you are sophisticated enough.

Given that some of the targets include high-ranking officials in the military and government, it's not inconceivable that someone would go to extreme measures to try and intercept some of this traffic. Hopefully none of these devices are actually being used to trade confidential information.

BLOCK: And just to be clear, though, Goatse, this group that tries to expose vulnerabilities, when they did this, they got the email addresses, they didn't get actual access to what's inside those email accounts, right?

Mr. TATE: That's right. If you have an iPad, the information in the iPad, the emails, the pictures, all of that information should be safe. If they do have your email addresses, maybe they can spam you. The broader question is whether AT&T has other security holes like this that have gone undiscovered or unreported. So it may give some consumers pause, but for now, people who do have these devices should know that the information inside them is protected.

BLOCK: Well, I've been reading conflicting views from folks about how worrisome this security breach is. What do you think?

Mr. TATE: I think it's more worrisome for what it says about how AT&T is handling data. I don't think information exposed in this particular breach is hugely harmful in and of itself. It's more harmful for what it signals about how AT&T is treating this data. And it's also harmful in piercing some of the image Apple has created for itself as a company that can really protect people from the scams and privacy breaches that people encounter on the Internet.

BLOCK: And, also, another complaint, I guess, to add to the list from users, AT&T is the exclusive wireless service provider for the iPad and the iPhone and there are a lot of complaints about the quality of that service.

Mr. TATE: Yeah. There were complaints even before this breach about AT&T's inability to provide reliable Internet access on mobile devices like the iPhone and the iPad. So, this just raises the question of whether Apple will finally ditch AT&T for a different provider, or at least expand the choices for users to companies like maybe Verizon or Sprint or all the other mobile carriers out there. This just gives Apple one more reason to try and find another partner.

BLOCK: Okay, Ryan Tate with the website Gawker. Thanks very much.

Mr. TATE: Thank you.

BLOCK: Ryan Tate with Gawker broke the story about the iPad data leak. And late today, the FBI announced that it is investigating the security breach.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.