Apple's iPad Breach Raises Alarms
MELISSA BLOCK, host:
AT&T has apologized for a security breach that exposed the email addresses of 114,000 owners of 3G Apple iPads. Those affected are early iPad adopters and powerful ones, including New York City mayor Michael Bloomberg, ABC's Diane Sawyer, military personnel, business executives and on and on.
The iPad breach was committed by a hacker group called Goatse Security, which says it aims to expose security vulnerabilities. That group in turn contacted Ryan Tate with the website Gawker, which then it broke the story. And Ryan Tate, how did the hackers do it?
Mr. RYAN TATE (Reporter, Gawker): The hackers were able to access a script wide open on AT&T's Web servers that allowed them to submit some IDs and get back some email addresses of some very powerful people.
BLOCK: And once they got those email addresses, what would that allow them to do?
Mr. TATE: At the very least they'd be able to spam and try to trick AT&T users. There's also been some talk that the network ID information they obtained could be used to potentially hijack, impersonate or eavesdrop on data connections. There's disagreement among experts on this issue, but there are several who say that it is possible if you are sophisticated enough.
Given that some of the targets include high-ranking officials in the military and government, it's not inconceivable that someone would go to extreme measures to try and intercept some of this traffic. Hopefully none of these devices are actually being used to trade confidential information.
BLOCK: And just to be clear, though, Goatse, this group that tries to expose vulnerabilities, when they did this, they got the email addresses, they didn't get actual access to what's inside those email accounts, right?
Mr. TATE: That's right. If you have an iPad, the information in the iPad, the emails, the pictures, all of that information should be safe. If they do have your email addresses, maybe they can spam you. The broader question is whether AT&T has other security holes like this that have gone undiscovered or unreported. So it may give some consumers pause, but for now, people who do have these devices should know that the information inside them is protected.
BLOCK: Well, I've been reading conflicting views from folks about how worrisome this security breach is. What do you think?
Mr. TATE: I think it's more worrisome for what it says about how AT&T is handling data. I don't think information exposed in this particular breach is hugely harmful in and of itself. It's more harmful for what it signals about how AT&T is treating this data. And it's also harmful in piercing some of the image Apple has created for itself as a company that can really protect people from the scams and privacy breaches that people encounter on the Internet.
BLOCK: And, also, another complaint, I guess, to add to the list from users, AT&T is the exclusive wireless service provider for the iPad and the iPhone and there are a lot of complaints about the quality of that service.
Mr. TATE: Yeah. There were complaints even before this breach about AT&T's inability to provide reliable Internet access on mobile devices like the iPhone and the iPad. So, this just raises the question of whether Apple will finally ditch AT&T for a different provider, or at least expand the choices for users to companies like maybe Verizon or Sprint or all the other mobile carriers out there. This just gives Apple one more reason to try and find another partner.
BLOCK: Okay, Ryan Tate with the website Gawker. Thanks very much.
Mr. TATE: Thank you.
BLOCK: Ryan Tate with Gawker broke the story about the iPad data leak. And late today, the FBI announced that it is investigating the security breach.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.